CS283 - Lecture 5 - Part 2 - Confidentiality Policy

CS283 - Lecture 5 - Part 2 - Confidentiality Policy -...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
Confidentiality Policy GWU CS 172/283 Autumn 2009 Draws extensively from: Memon’s notes, Brooklyn Poly Pfleeger Text, Chapter 5 Bishop’s text, Chapter 4, Bishop’s slides, Chapter 4
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 Types of Security Policies A commercial security policy is a security policy developed primarily to provide a combination of confidentiality and integrity . The focus is on how much the object can be trusted. A military security policy (also called a security policy) is a security policy developed primarily to provide confidentiality . Not concerned about trusting the object as much as not disclosing the object to unauthorized subjects Also it is possible to construct a confidentiality policy and an integrity policy . GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 05 – Part 2- Rev 20091025
Background image of page 2
3 Security Models To formulate a security policy you have to describe the entities that are governed by the policy and what rules constitute the policy – a security model does just that! A security model is a model that represents a particular policy or set of policies. A security model is used to: Describe or document a policy Test a policy for completeness and consistency Help conceptualize and design an implementation Check whether an implementation meets requirements. GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 05 – Part 2- Rev 20091025
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
4 Military Security Policy Hierarchy of sensitivities of information , e.g.: top secret > secret > confidential > restricted > unclassified Compartments of information , e.g: by country, by weapon system, by security technology (e.g Crypto), by military policy (e.g. non-proliferation), etc. The security policy is applied to each component of Information held by the military organization Military information can be organized into classes consisting of : <rank (or sensitivity); compartment> GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 05 – Part 2- Rev 20091025
Background image of page 4
5 Example from Pfleeger’s Text User cleared for: <secret: {dog, cat, pig}> has access to?
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 21

CS283 - Lecture 5 - Part 2 - Confidentiality Policy -...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online