{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

LectureNote4-MAC

LectureNote4-MAC - M ANDATORY A CCESS C ONTROL A...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: M ANDATORY A CCESS C ONTROL A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 57 / 124 DAC - Solves the Access Control Problem (?) A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 58 / 124 File B X : w Y : r, w File A X : r, w Y : Subject Y cannot read file A What’s Wrong with DAC? A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 59 / 124 File B X : w Y : r, w File A X : r, w Y : Program Goodies Trojan Horse write read Y can read the contents of file A copied onto file B Mandatory Access Control A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 60 / 124 ● We must have access control at the system level that is more fundamental than anything determined by a subject ● Definition [Bishop p.53] When a system mechanism controls access to an object and an individual user cannot alter that access, the control is a mandatory access control (MAC) [, occasionally called a rule-based access control.] Bell-LaPadula (BLP) Model A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 61 / 124 ● Proposed by Bell and LaPadula of the Mitre corporation in 1976 ● Model based on military requirements where subjects are provided with security clearances and objects are...
View Full Document

{[ snackBarMessage ]}

Page1 / 18

LectureNote4-MAC - M ANDATORY A CCESS C ONTROL A...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online