Lecture9 - IS2150/TEL2810 IntroductiontoSecurity JamesJoshi

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 9 Nov 8, 2011 Hybrid Models Role based  Access Control
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Objective Define/Understand various Integrity models Clark-Wilson Define/Understand  Chinese Wall Model Role-based Access Control model Overview the secure interoperation issue
Background image of page 2
3 Clark-Wilson Integrity Model Transactions as the basic operation Integrity defined by a set of constraints Data in a  consistent  or valid state when it satisfies these Example: Bank D  today’s deposits,  W  withdrawals,  YB  yesterday’s balance,  TB   today’s balance Integrity constraint:  D  +  YB  – W Well-formed transaction   A series of operations that move system from one consistent  state to another State before transaction consistent   state after transaction consistent Issue: who examines, certifies transactions done correctly? Separation of duty is crucial
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Clark/Wilson Model Entities C onstrained  D ata  I tems  (CDI) : data subject to  Integrity Control Eg. Account balances U nconstrained  D ata  I tems  (UDI): data not subject  to IC Eg. Gifts given to the account holders I ntegrity  V erification  P rocedures  (IVP) Test CDIs’ conformance to integrity constraints at the  time IVPs are run (checking that accounts balance) T ransformation  P rocedures  (TP);  Examples?
Background image of page 4
5 Clark/Wilson: Certification/Enforcement Rules C1 : When any IVP is run, it must ensure all  CDIs are in valid state C2 : A TP must transform a set of CDIs from a  valid state to another state TR must not be used  valid  n CDIs it is not  certified for E1:  System must maintain certified relations TP/CDI sets enforced
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Clark-Wilson:  Certification/Enforcement Rules E2:  System must control users ( user , TP, {CDI})  mappings enforced   C3 : Relations between (user, TP, {CDI})  must support separation of duty   E3:  Users must be authenticated to  execute TP Note, unauthenticated users may  manipulate UDIs
Background image of page 6
7 Clark-Wilson:  Certification/Enforcement Rules C4 : All TPs must log undo information to  append-only CDI (to reconstruct an  operation) C5 : A TP taking a UDI as input must either  reject it or transform it to a CDI E4:  Only  certifier  of a TP may change the list  of entities associated with that TP; Certifier  cannot execute Enforces separation of duty (?)
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Clark-Wilson Clark-Wilson introduced new ideas Commercial firms do not classify data using  multilevel scheme  they enforce separation of duty Notion of certification is different from  enforcement; 
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 34

Lecture9 - IS2150/TEL2810 IntroductiontoSecurity JamesJoshi

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online