Lecture5 - IS2150/TEL2810 JamesJoshi AssociateProfessor,SIS Lecture5 September20,2011 SecurityPolicies 1 Objectives Understanding/ natureoftrust

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 5 September 20, 2011 Security Policies Confidentiality Policies
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Objectives Understanding/defining security policy and  nature of trust Overview of different policy models Define/Understand existing Bell-LaPadula  model of confidentiality how lattice helps? Understand the Biba integrity model
Background image of page 2
3 Security Policies
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Security Policy Defines what it means for a system to  be secure Formally:  Partitions a system into Set of secure (authorized) states Set of non-secure (unauthorized) states Secure system is one that  Starts in authorized state Cannot enter unauthorized state
Background image of page 4
5 Confidentiality Policy Also known as  information flow Transfer of rights Transfer of information without transfer of rights Temporal context Model often depends on trust Parts of system where information  could  flow Trusted entity must participate to enable flow Highly developed in Military/Government
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Integrity Policy Defines how information can be altered Entities allowed to alter data Conditions under which data can be altered Limits to change of data Examples: Purchase over $1000 requires signature Check over $10,000 must be approved by one  person and cashed by another Separation of duties :  for preventing fraud Highly developed in commercial world
Background image of page 6
7 Trust Theories and mechanisms rest on some trust  assumptions Administrator installs patch 1. Trusts patch came from vendor, not tampered with  in transit 2. Trusts vendor tested patch thoroughly 3. Trusts vendor’s test environment corresponds to  local environment 4. Trusts patch is installed correctly
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Trust in Formal Verification Formal verification provides a formal  mathematical proof that given input  i , program  P  produces output  as specified Suppose a security-related program  S   formally verified to work with operating  system  O What are the assumptions during its  installation?
Background image of page 8
9 Security Model A model that represents a particular  policy or set of policies Abstracts details relevant to analysis Focus on specific characteristics of policies E.g., Multilevel security focuses on information  flow control
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
10 Security policies Military security policy Focuses on confidentiality Commercial security policy Primarily Integrity Transaction-oriented Begin in consistent state “Consistent” defined by specification Perform series of actions ( transaction ) Actions cannot be interrupted If actions complete, system in consistent state If actions do not complete, system reverts to beginning  (consistent) state
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/01/2011 for the course INFSCI 2501 taught by Professor Jjoshi during the Spring '11 term at Pittsburgh.

Page1 / 38

Lecture5 - IS2150/TEL2810 JamesJoshi AssociateProfessor,SIS Lecture5 September20,2011 SecurityPolicies 1 Objectives Understanding/ natureoftrust

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online