Lecture5 - IS 2150 / TEL 2810 Introduction to Security...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
2150 / TEL 2810 IS 2150 / TEL 2810 Introduction to Security James Joshi ssociate Professor SIS Associate Professor, SIS Lecture 5 September 20, 2011 ecurity Policies Security Policies Confidentiality Policies 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Objectives Understanding/defining security policy and nature of trust Overview of different policy models efine/Understand existing Bell- aPadula Define/Understand existing Bell LaPadula model of confidentiality how lattice helps? Understand the Biba integrity model 2
Background image of page 2
Security Policies 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security Policy Defines what it means for a system to be secure Formally: Partitions a system into Set of secure (authorized) states Set of non-secure (unauthorized) states Secure system is one that Starts in authorized state Cannot enter unauthorized state 4
Background image of page 4
Confidentiality Policy Also known as information flow Transfer of rights Transfer of information without transfer of rights Temporal context Model often depends on trust Parts of system where information could flow Trusted entity must participate to enable flow Highly developed in Military/Government 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Integrity Policy Defines how information can be altered Entities allowed to alter data Conditions under which data can be altered Limits to change of data Examples: Purchase over $1000 requires signature heck over $10 000 must be approved by one Check over $10,000 must be approved by one person and cashed by another Separation of duties : for preventing fraud 6 Highly developed in commercial world
Background image of page 6
Trust Theories and mechanisms rest on some trust assumptions Administrator installs patch 1. Trusts patch came from vendor, not tampered with in transit 2. Trusts vendor tested patch thoroughly rusts vendor’s test environment corresponds to 3. Trusts vendor’s test environment corresponds to local environment 4. Trusts patch is installed correctly 7
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Trust in Formal Verification Formal verification provides a formal mathematical proof that given input i, program P produces output o as specified Suppose a security-related program S formally verified to work with operating system O What are the assumptions during its installation? 8
Background image of page 8
Security Model A model that represents a particular olicy or set of policies policy or set of policies Abstracts details relevant to analysis ocus on specific characteristics of policies Focus on specific characteristics of policies E.g., Multilevel security focuses on information flow control 9
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security policies Military security policy Focuses on confidentiality Commercial security policy Primarily Integrity Transaction-oriented Begin in consistent state “Consistent” defined by specification Perform series of actions (transaction) Actions cannot be interrupted If actions complete, system in consistent state If actions do not complete, system reverts to beginning (consistent) state 10
Background image of page 10
Access Control Discretionary Access Control (DAC)
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/07/2012 for the course SIS 2150 taught by Professor Joshi during the Fall '11 term at Pittsburgh.

Page1 / 38

Lecture5 - IS 2150 / TEL 2810 Introduction to Security...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online