cse443-lecture-15-macsystems - Mandatory Access Control...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Mandatory Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjae ger/cse443-s12/
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Mandatory Protection System • Mandatory Access Control Policy • Mandatory Protection State – Fixed Set of Subject and Object Labels – Fixed Permission Assignments • Labeling and Transition States – Fixed Label Assignments: (e.g., ±le to object label) 2 O 1 O 2 O 3 J R R W R W S 2 N R R W S 3 N R R W
Background image of page 2
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger MAC and Systems • What is necessary to be a system that enforces MAC policies? – Specify: MAC Protection System – Enforce: Reference Monitor • Plus, others – Management: Policy development tools – Services: MAC-aware services – Applications: Work within MAC limitations • What do these systems look like? – We ʼ ll examine Multics and IX 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Multics Multiplexed Information and Computing Service – Project started as a timesharing system in 1965 -- Used until 2000 – Research project that led to a commercial product (80 seats at $7M per) • Invented a number of important OS features – Segmented and Virtual Memory – Shared Memory Multiprocessor – Online ReconFguration – Hierarchical ±ile Systems 4
Background image of page 4
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Multics Security Features • Also, a number of security features were pioneered – First Multilevel Secure (MLS) system Isolation based on segments and rings Ring crossing mechanisms to protect integrity Guard-like functions for integrity protection (Gatekeepers) – One-way encrypted passwords – Covert channel defenses – And software assurance techniques. .. • But, function presents challenges – Multics Security Evaluation, 1974 – Multics Final Report, 1976 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Multics Mandatory Access Control • Protect System Integrity – Protection Rings • Evolved into 4 ring hardware architectures of modern systems • But, at time of Multics, rings were envisioned as a more Fexible protection mechanism • Prevent Data Leakage – Multilevel Security • ±oundation of computer security, even today – Key theoretical results • Also envisioned as a Fexible approach to security 6
Background image of page 6
Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Protection Rings 7 • Successively less-privileged “domains” • Example: Multics (64 rings in theory, 8 in practice)
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/11/2012 for the course CSE 443 taught by Professor Trentjaeger during the Spring '11 term at Pennsylvania State University, University Park.

Page1 / 25

cse443-lecture-15-macsystems - Mandatory Access Control...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online