CS283 - Lecture 5 - Part 2 - Confidentiality Policy

CS283 - Lecture 5 - Part 2 - Confidentiality Policy -...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
onfidentiality Policy Confidentiality Policy GWU CS 172/283 Autumn 2009 Draws extensively from: Memon’s notes, Brooklyn Poly Pfleeger Text, Chapter 5 Bishop’s text, Chapter 4, Bishop’s slides, Chapter 4
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Types of Security Policies ¾ A commercial security policy is a security policy developed primarily to provide a combination of confidentiality and integrity . he focus is on how much the object can be trusted ¾ The focus is on how much the object can be trusted. ¾ A military security policy (also called a security policy) is a security policy developed primarily to provide confidentiality . ¾ Not concerned about trusting the object as much as not disclosing the object to unauthorized subjects gj j ¾ Also it is possible to construct a confidentiality policy and an integrity policy . 2 GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 05 – Part 2- Rev 20091025
Background image of page 2
Security Models ¾ To formulate a security policy you have to describe the entities that are governed by the policy and what les constitute the policy ecurity model oes rules constitute the policy a security model does just that! ¾ A security model is a model that represents a particular policy or set of policies. A security model is used to: ¾ Describe or document a policy ¾ Test a policy for completeness and consistency ¾ Help conceptualize and design an implementation 3 ¾ Check whether an implementation meets requirements. GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 05 – Part 2- Rev 20091025
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Military Security Policy ¾ Hierarchy of sensitivities of information , e.g.: top secret > secret > confidential > restricted > unclassified ompartments of information e g: by country by weapon ¾ Compartments of information , e.g: by country, by weapon system, by security technology (e.g Crypto), by military policy (e.g. non-proliferation), etc. ¾ The security policy is applied to each component of Information held by the military organization ilitary information can be organized into lasses ¾ Military information can be organized into classes consisting of : <rank (or sensitivity); compartment> 4 GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 05 – Part 2- Rev 20091025
Background image of page 4
Example from Pfleeger’s Text ser cleared for: <secret: {dog cat pig}> has access
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 21

CS283 - Lecture 5 - Part 2 - Confidentiality Policy -...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online