LectureNote4-MAC

LectureNote4-MAC - M ANDATORY A CCESS C ONTROL A...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: M ANDATORY A CCESS C ONTROL A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 57 / 124 DAC - Solves the Access Control Problem (?) A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 58 / 124 File B X : w Y : r, w File A X : r, w Y : Subject Y cannot read file A Whats Wrong with DAC? A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 59 / 124 File B X : w Y : r, w File A X : r, w Y : Program Goodies Trojan Horse write read Y can read the contents of file A copied onto file B Mandatory Access Control A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 60 / 124 We must have access control at the system level that is more fundamental than anything determined by a subject Definition [Bishop p.53] When a system mechanism controls access to an object and an individual user cannot alter that access, the control is a mandatory access control (MAC) [, occasionally called a rule-based access control.] Bell-LaPadula (BLP) Model A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University 61 / 124 Proposed by Bell and LaPadula of the Mitre corporation in 1976 Model based on military requirements where subjects are provided with security clearances and objects are...
View Full Document

This note was uploaded on 05/29/2010 for the course CS 556 taught by Professor Staff during the Spring '08 term at Colorado State.

Page1 / 18

LectureNote4-MAC - M ANDATORY A CCESS C ONTROL A...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online