ITTChapter_05_Slides

ITTChapter_05_Slides - 9/6/2010 Chapter 5: Confidentiality...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
9/6/2010 1 Chapter 5: Confidentiality Policies Overview • Overview – What is a confidentiality model • Bell-LaPadula Model – General idea – Informal description of rules Slide #5-1 Overview Goals of Confidentiality Mode • Goals of Confidentiality Model • Bell-LaPadula Model – Informally – Example Instantiation Slide #5-2
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
9/6/2010 2 Confidentiality Policy Goal: prevent the unauthorized disclosure of • Goal: prevent the unauthorized disclosure of information – Deals with information flow – Integrity incidental • Multi-level security models are best-known Slide #5-3 examples – Bell-LaPadula Model basis for many, or most, of these Bell-LaPadula Model, Step 1 Security levels arranged in linear ordering • Security levels arranged in linear ordering – Top Secret: highest – Secret – Confidential – Unclassified: lowest Slide #5-4 • Levels consist of security clearance L ( s ) – Objects have security classification L ( o )
Background image of page 2
9/6/2010 3 Example security leve subjec objec security level subject object Top Secret Tamara Personnel Files Secret Samuel E-Mail Files Confidential Claire Activity Logs Ul i f id Ul l Tl h L it Slide #5-5 Unclassified Ulaley Telephone Lists • Tamara can read all files • Claire cannot read Personnel or E-Mail Files • Ulaley can only read Telephone Lists Reading Information Information flows up not down • Information flows , not – “Reads up” disallowed, “reads down” allowed • Simple Security Condition (Step 1) – Subject s can read object o iff L ( o ) L ( s ) and s has permission to read o Note: combines mandatory control (relationship of Slide #5-6 • Note: combines mandatory control (relationship of security levels) and discretionary control (the required permission) – Sometimes called “no reads up” rule
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
9/6/2010 4 Writing Information Information flows up not down • Information flows up, not down – “Writes up” allowed, “writes down” disallowed • *-Property (Step 1) – Subject s can write object o iff L ( s ) L ( o ) and s has permission to write o Note: combines mandatory control (relationship of Slide #5-7 • Note: combines mandatory control (relationship of security levels) and discretionary control (the required permission) – Sometimes called “no writes down” rule Basic Security Theorem, Step 1 If a system is initially in a secure state and • If a system is initially in a secure state, and every transition of the system satisfies the simple security condition, step 1, and the *- property, step 1, then every state of the system is secure Slide #5-8 – Proof: induct on the number of transitions
Background image of page 4
9/6/2010 5 Bell-LaPadula Model, Step 2 Expand notion of security level to include • Expand notion of security level to include categories • Security level is ( clearance , category set ) •Ex amp l e s – ( Top Secret, { NUC, EUR, ASI } ) Slide #5-9 ( Top Secret, { NUC, EUR, ASI } )
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 16

ITTChapter_05_Slides - 9/6/2010 Chapter 5: Confidentiality...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online