Strong property no reading or writing to another

Info icon This preview shows pages 8–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Strong * property – no reading or writing to another level 3. Discretionary Security Property – Uses Access Matrix to specify discretionary access control Discretionary access can be: n Content Dependent – access decisions based on data contained in the object data. n Context Dependent – access based on subject or object attributes to make these decisions (i.e. job role, earlier accesses, and file creation dates and times). Weaknesses of Bell-Lapadula n Does not address covert channels n Does not address modern systems that use file sharing and server n Does not define secure state transition n Based on multilevel security does not address other policy types Integrity Models Biba Integrity Model Integrity defined by three goals n Data protected from modification by unauthorized users n Data protected from unauthorized modification by authorized users n Data is internally and externally consistent. Biba Integrity Model n Developed in 1977 as an integrity add on to Bell-Lapadula n Lattice Based uses less than or equal to relation n A lattice structure is a set with a least upper bound (LUB) and a greatest lower bound (GLB) n Lattice represents a set of integrity classes (IC) and an ordered relationship n Lattice = (IC, , LUB, GUB) Integrity Axioms 1 The Simple Integrity Axiom - no reading of lower object from higher subject (No Read Down) 2 The * (star) Integrity Axiom – No writing from lower subject to higher object (No write Up) 3 A subject at a lower level of integrity can not invoke a subject at a higher level of integrity Clark-Wilson Integrity Model n Two elements: well formed transaction and separation of duties . n Developed in 1987 for use in real-world commercial environment n Addresses the three integrity goals n Constrained Data Item (CDI) – A data Item whose integrity is to be preserved
Image of page 8

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
n Integrity Verification Procedure (IVP) – confirms that all CDIs have integrity n Transformation Procedure (TP) – transforms a CDI from one integrity state to another integrity state n Unconstrained Data Item – data items outside of the control area of the modeled environment n Requires Integrity Labels Information Flow Models n Each object and subject is assigned security class and value; info is constrained to flow in directions that are permitted by the security policy. n Based on state machine and consists of objects, state transitions and lattice (flow policy) states. n Object can be a user n Each object is assigned a security class and value n Information is constrained to flow in the directions permitted by the policy Non-interference Model Actions of group A using commands C are not seen by users in Group B using commands D Composition Theories When smaller systems are combined they must maintain the component system security properties McClean – defined internal and external compositional constructions n External Constructs n Cascading – one systems input is the output of another n
Image of page 9
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern