LectureNote5-LatticeModels

LectureNote5-LatticeModels - L ATTICE B ASED A CCESS C...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: L ATTICE B ASED A CCESS C ONTROL M ODELS A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 75 / 124 Lattice Based Access Control Models A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 76 / 124 ● Dorothy Denning was the first to formalize the notion of information flow policies ✦ Introduced the notion of lattice based access control models ● Briefly the model says that the flow of information from one security class to another can be modeled as a finite lattice under certain circumstances Information Flow Policy A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 77 / 124 ● An information flow policy is a triple < SC, → , ⊕ > , where ✦ SC is a set of security classes ✦ → ⊆ SC × SC is a binary relation on SC called the “can flow” relation ✦ ⊕ : SC × SC = ⇒ SC is a class combining operator or join operator on SC Information Flow Policy A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 78 / 124 ● Security classes cannot be created or destroyed dynamically (objects can be) ● It is more appropriate to call the → relation as the “may flow” relation instead of the “can flow” relation since the connotation is that the information flow is permitted ✦ Infix notation is often used for the “can flow” relation. Thus (A,B) ∈ → means the same as A → B that is information can flow from security class A to security class B Information Flow Policy - Join Operator A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL M ODELS C OMMERCIAL S ECURITY CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 79 / 124 ● Specifies how to label information obtained by combining information from two security classes ● Infix notation is also used for the join operator. That is ⊕ (A,B) = C means the same as A ⊕ B = C Example of Information Flow Policy A UTHORIZATION & A CCESS C ONTROL D ISCRETIONARY A CCESS C ONTROL HRU M ODEL OF A UTHORIZATION S YSTEM M ANDATORY A CCESS C ONTROL L ATTICE B ASED A CCESS C ONTROL...
View Full Document

{[ snackBarMessage ]}

Page1 / 26

LectureNote5-LatticeModels - L ATTICE B ASED A CCESS C...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online