csce522-policies

csce522-policies - Current Trends in Security Policies...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Current Trends in Security Current Trends in Security Policies Policies
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Homework 3-- Software Homework 3-- Software Security Security Read: 1. Pilot Error Likely Played Major Role in Air France 447 Accident -- Frozen Pitot Tubes Are the Likely Trigger 2. Computer Virus Hits U.S. Drone Fleet, keylogger Write: Review of both papers Gather additional materials and analyze 1 of the scenarios CSCE 522 - Farkas 2
Background image of page 2
CSCE 522 - Farkas 3 Today’s Reading Today’s Reading Required: - S. De Capitani di Vimercati, P. Samarati, S. Jajodia: Policies, Models, and Languages for Access Control, http://seclab.dti.unimi.it/Papers/2005-DNIS.pdf Recommended: OASIS eXtensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 4 Policy, Model, Mechanism Policy, Model, Mechanism Policy : High-level requirement (formal, informal) Model : formal representation – proof of properties Mechanism : low-level specifications Separation of policy from the implementation!
Background image of page 4
CSCE 522 - Farkas 5 System Architecture and Policy System Architecture and Policy Simple monolithic system Distributed homogeneous system under centralized control Distributed autonomous systems homogeneous domain Distributed heterogeneous system Complexity Of Policy
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 6 Traditional Access Control Traditional Access Control Protection objects : system resources for which protection is desirable Memory, file, directory, hardware resource, software resources, etc. Subjects : active entities requesting accesses to resources User, owner, program, etc. Access mode : type of access Read, write, execute
Background image of page 6
CSCE 522 - Farkas 7 Access Control Models Access Control Models Been around for a while: Access Control Models: Discretionary, Mandatory, Role-Based Concepts: Negative Authorization, Delegation,
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 522 taught by Professor Farkas during the Fall '11 term at South Carolina.

Page1 / 25

csce522-policies - Current Trends in Security Policies...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online