06 - Chapter 6: Integrity Policies Overview Requirements...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Lipner’s model Clark-Wilson model
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #6-2 Overview Requirements Very different than confidentiality policies Biba’s models Low-Water-Mark policy Ring policy Strict Integrity policy Lipner’s model Combines Bell-LaPadula, Biba Clark-Wilson model
Background image of page 2
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #6-3 Requirements of Policies 1. Users will not write their own programs, but will use existing production programs and databases. 2. Programmers will develop and test programs on a non-production system; if they need access to actual data, they will be given production data via a special process, but will use it on their development system. 3. A special process must be followed to install a program from the development system onto the production system. 4. The special process in requirement 3 must be controlled and audited. 5. The managers and auditors must have access to both the system state and the system logs that are generated.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #6-4 Biba Integrity Model Basis for all 3 models: Set of subjects S , objects O , integrity levels I , relation I × I holding when second dominates first min : I × I I returns lesser of integrity levels i : S O I gives integrity level of entity r : S × O means s S can read o O w , x defined similarly
Background image of page 4
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #6-5 Intuition for Integrity Levels The higher the level, the more confidence That a program will execute correctly That data is accurate and/or reliable Note relationship between integrity and trustworthiness Important point: integrity levels are not security levels
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #6-6 Information Transfer Path An information transfer path is a sequence of objects o 1 , . .., o n +1 and corresponding sequence of subjects s 1 , . .., s n such that s i r o i and s i w o i +1 for all i , 1 i n . • Idea: information can flow from o 1 to o n +1 along this path by successive reads and writes
Background image of page 6
June 1, 2004 Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #6-7 Low-Water-Mark Policy Idea: when s reads o , i ( s ) = min ( i ( s ), i ( o )); s can only write objects at lower levels Rules 1. s S can write to o O if and only if i ( o ) i ( s ). 2.
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 42

06 - Chapter 6: Integrity Policies Overview Requirements...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online