C3 allowed relations must meet the require ments of

This preview shows 22 out of 29 pages.

C3 - Allowed relations must meet the require- ments of "separation of duty". We need authentication to keep track of this. E3 - System must authenticate every user attempt- ing a TP. Note that this is per TP request, not per login.
Image of page 22

Subscribe to view the full document.

Clark Wilson rules C4,C5 source: For security purposes, a log should be kept. C4 - All TPs must append to a log enough information to reconstruct the operation. When information enters the system it need not be trusted or constrained (i.e. can be a UDI). We must deal with this ap- propriately. C5 - Any TP that takes a UDI as input may only perform valid transactions for all possible values of the UDI. The TP will either accept (convert to CDI) or reject the UDI.
Image of page 23
Clark Wilson rules E4 source: Finally, to prevent people from gaining access by changing qualifications of a TP: E4 - Only the certifier of a TP may change the list of entities associated with that TP.
Image of page 24

Subscribe to view the full document.

Limitations of Clark-Wilson 1 This policy formulation only goes so far in protecting a sys- tem against dishonest insiders. Rule C3 requires a "sepera- tion of duties" but doesn't specify what this means. Another problem referred to by Ross Anderson in "Security Engineering", Wiley 2001 is that some transactions require more than one TP in order to be fully validated, e.g. a chequing account that requires 2 signatures. This can result in a pending transactions file, where there would normally be an expectation that entries in this ledger are completed or removed within a limited period of time, e.g. 3 days.
Image of page 25
Limitations of Clark-Wilson 2 Anderson describes an attack where a bank clerk siphoned money out of the system into a friend's ac- count from a suspense account into which new transactions were continually input to cover the im- balance. Eventually the clerk responsible for the fraud became unable to keep track of the growing number of transactions. Having a rule where every bank employee has to take at least one week's holi- day every 6 months reduces the risk of someone be- ing able to maintain this kind of juggling act without being noticed for very long.
Image of page 26

Subscribe to view the full document.

The purpose of Audit It's one thing for an organisation to keep books and records. It's another for these records to pass muster by an independ- ant and experienced professional who comes in unan- nounced at any time to check them and confirm whether or not the records correspond to reality. Banks do this more frequently using internal auditors, but accounts of all organ- isations over a certain size will have to be externally audited once a year. In practice auditors will tend to check samples of activity. The purpose of an audit isn't to prove that a sys- tem contains no errors, but to carry out spot checks which help encourage participants to stay honest and alert, by risk- ing detection of any dishonesty or sloppy oversight through audit
Image of page 27
Financial Transaction network protocols In any protocol that involves a sequence of messages between the initiator (client), and the responder, (server) it is possible for the last message in the protocol to be lost. The sender and receiver of this last message are now in different states concerning the same transaction.
Image of page 28

Subscribe to view the full document.

Image of page 29
You've reached the end of this preview.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern