ITTChapter_04_Slides

ITTChapter_04_Slides - 1 Chapter 4 Security Policies...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 9/6/2010 1 Chapter 4: Security Policies Overview • Overview • The nature of policies – What they cover – Policy languages • The nature of mechanisms Slide #4-1 – Types • Underlying both – Trust Overview Overview • Overview • Policies • Trust • Nature of Security Mechanisms E l P l i Slide #4-2 • Example Policy 9/6/2010 2 Security Policy Policy partitions system states into • Policy partitions system states into: – Authorized (secure) • These are states the system can enter – Unauthorized (nonsecure) • If the system enters any of these states, it’s a security violation Slide #4-3 • Secure system – Starts in authorized state – Never enters unauthorized state Confidentiality • X set of entities information X set of entities, I information • I has confidentiality property with respect to X if no x X can obtain information from I • I can be disclosed to others • Example: – X set of students Slide #4-4 – I final exam answer key – I is confidential with respect to X if students cannot obtain final exam answer key 9/6/2010 3 Integrity X set of entities information • X set of entities, I information • I has integrity property with respect to X if all x X trust information in I • Types of integrity: – trust I , its conveyance and protection (data integrity) information abo t origin of something or an identit Slide #4-5 – I information about origin of something or an identity (origin integrity, authentication) – I resource: means resource functions as it should (assurance) Availability X set of entities resource • X set of entities, I resource • I has availability property with respect to X if all x X can access I • Types of availability: – traditional: x gets access or not q alit of ser ice: promised a le el of access (for Slide #4-6 – quality of service: promised a level of access (for example, a specific level of bandwidth) and not meet it, even though some access is achieved 9/6/2010 4 Policy Models Abstract description of a policy or class of • Abstract description of a policy or class of policies • Focus on points of interest in policies – Security levels in multilevel security models – Separation of duty in Clark-Wilson model Slide #4-7 – Conflict of interest in Chinese Wall model Types of Security Policies Military (governmental) security policy...
View Full Document

This note was uploaded on 02/08/2012 for the course ITT 650 taught by Professor Dewey during the Spring '11 term at UNC Asheville.

Page1 / 14

ITTChapter_04_Slides - 1 Chapter 4 Security Policies...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online