Lecture5 - IS 2150 / TEL 2810 Introduction to Security...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 5 September 29, 2009 Security Policies Confidentiality Policies
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Today’s Objectives Understanding/defining security policy and  nature of trust Overview of different policy models Define/Understand existing Bell-LaPadula  model of confidentiality how lattice helps? Understand the Biba integrity model
Background image of page 2
3 Security Policies
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Security Policy Defines what it means for a system to  be secure Formally:  Partitions a system into Set of secure (authorized) states Set of non-secure (unauthorized) states Secure system is one that  Starts in authorized state Cannot enter unauthorized state
Background image of page 4
5 Secure System - Example Is this Finite State Machine Secure? A  is start state ? B  is start state ? C  is start state ? How can this be made secure if not? Suppose A B , and  C  are authorized states ? A B C D Unauthorized states Authorized states
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Additional Definitions: Security breach: system enters an unauthorized state Let  X  be a set of entities,  I  be information. I  has  confidentiality  with respect to  X  if no member of  X   can obtain information on  I I  has  integrity  with respect to  X  if all members of  X  trust  I Trust  I,  its conveyance and storage (data integrity) I  maybe origin information or an identity (authentication) I  is a resource – its integrity implies it functions as it should  (assurance) I  has  availability  with respect to  X  if all members of  X   can access  I Time limits (quality of service)
Background image of page 6
7 Confidentiality Policy Also known as  information flow Transfer of rights Transfer of information without transfer of rights Temporal context Model often depends on trust Parts of system where information  could  flow Trusted entity must participate to enable flow Highly developed in Military/Government
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Integrity Policy Defines how information can be altered Entities allowed to alter data Conditions under which data can be altered Limits to change of data Examples: Purchase over $1000 requires signature Check over $10,000 must be approved by one  person and cashed by another Separation of duties :  for preventing fraud Highly developed in commercial world
Background image of page 8
9 Trust Theories and mechanisms rest on some trust  assumptions Administrator installs patch 1. Trusts patch came from vendor, not tampered with  in transit 2. Trusts vendor tested patch thoroughly 3. Trusts vendor’s test environment corresponds to  local environment 4. Trusts patch is installed correctly
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 42

Lecture5 - IS 2150 / TEL 2810 Introduction to Security...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online