1 / 16

Protection and Security

Protection and Security. Areas of Concern : privacy: legal, social security: external vs. internal protection: mechanisms Topics : authentication: verifying a claim of identity authorization: verifying a claim of permission Models : discretionary vs. non­discretionary

kevyn
Download Presentation

Protection and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protection and Security • Areas of Concern: • privacy: legal, social • security: external vs. internal • protection: mechanisms • Topics: • authentication: verifying a claim of identity • authorization: verifying a claim of permission • Models: • discretionary vs. non­discretionary • access control vs. flow control

  2. Security Goals and Principles • Goals: • integrity - modification only by authorized parties • confidentiality - access only by authorized parties • non-repudiation - inability to disclaim ownership • authenticity - verifiability of identity • availability - continuous access by authorized parties • Principles: • least privelege - minimization of rights • economy of mechanism - simplest means of enforcement • acceptability - adoptable by user community • complete mediation - universal enforcement of control • open design - secrecy of enforcement mechanisms is not important

  3. Protection and Security Access Matrix Model Objects o s Subjects P[s,o]

  4. Access Matrix

  5. Manipulating the Access Matrix

  6. Access Matrix O3 O2 O1 s1 s2 s3 grouped by subject s1 s2 s3 Capability Lists

  7. Access Matrix O1 O2 O3 s1 s2 s3 Grouped by object O1 O2 O3 Access Control Lists

  8. Lock and Key Method subjects possess a set of keys: Key Key (O, k) Lock (k, {r 1 , r 2 ,...}) objects are associated with a set of locks:

  9. Comparison of methods Locks & Keys Access Control links Capability list propagation 3 1 1 review 4 revocation 4 reclamation 2 1. need copy bit/count for control 2. need reference count 3. need user/hierarchical control 4. need to know subject­key mapping

  10. Safety • primitive operation: the atomic actions of the protection model • commands: useful. commonly used collections of primitive operations • mono­operational: all commands are primitive operations • “leaks'': a command leaks a given right if its execution can cause the right to be propagated to a subject not previously possessing that right • safety: an initial state/configuration is safe for a given right if there does not exist a reachable state within which a command leaks that right • decidability: • safety is decidable for a mono­operational system. • safety is not decidable for an arbitrary configuration of an arbitrary protection system • however, safety may be decidable for specific protection systems

  11. t Y X X {r,w} Z t Y {r,w} {r} Z Take-Grant Model Taking a Right

  12. Y Y Z Z Take-Grant Model Granting a Right g X {r,w} g X {r} {r,w}

  13. Bell­LaPadula Model classification clearance level n w i level i r,w objects r subject level 1 *-property

  14. Lattice Models • Lattice Model • subjects • objects • security classes (SC) • (object x is in security class x) • Flow Policy: • (SC, ­­>) • ­­> is a reflexive, antisymmetric, transitive relation­ • over SC • information is allowed to flow from object x to object y • iff x­­>y. • Lattice Flow Policy: • A flow policy is a lattice if there exists least upper bound • and greatest lower bounds on SC

  15. (011) (001) (101) (010) (000) (100) An Example Lattice (111) (110)  (010) (110) (100) = (000) (010) = (100) 

  16. Certification of Information Flow For: b := f(a1,...,an) verify that: a1 + ... + an­­> b For: if e then S1 else S2 verify that: e ­­> S1 x S2 where: S1 = x { b | b is a target of an assignment in S1 } S2 = x { b | b is a target of an assignment in S2 }

More Related