{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Strong property no reading or writing to another

Info iconThis preview shows pages 8–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Strong * property – no reading or writing to another level 3. Discretionary Security Property – Uses Access Matrix to specify discretionary access control Discretionary access can be: n Content Dependent – access decisions based on data contained in the object data. n Context Dependent – access based on subject or object attributes to make these decisions (i.e. job role, earlier accesses, and file creation dates and times). Weaknesses of Bell-Lapadula n Does not address covert channels n Does not address modern systems that use file sharing and server n Does not define secure state transition n Based on multilevel security does not address other policy types Integrity Models Biba Integrity Model Integrity defined by three goals n Data protected from modification by unauthorized users n Data protected from unauthorized modification by authorized users n Data is internally and externally consistent. Biba Integrity Model n Developed in 1977 as an integrity add on to Bell-Lapadula n Lattice Based uses less than or equal to relation n A lattice structure is a set with a least upper bound (LUB) and a greatest lower bound (GLB) n Lattice represents a set of integrity classes (IC) and an ordered relationship n Lattice = (IC, , LUB, GUB) Integrity Axioms 1 The Simple Integrity Axiom - no reading of lower object from higher subject (No Read Down) 2 The * (star) Integrity Axiom – No writing from lower subject to higher object (No write Up) 3 A subject at a lower level of integrity can not invoke a subject at a higher level of integrity Clark-Wilson Integrity Model n Two elements: well formed transaction and separation of duties . n Developed in 1987 for use in real-world commercial environment n Addresses the three integrity goals n Constrained Data Item (CDI) – A data Item whose integrity is to be preserved
Background image of page 8

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
n Integrity Verification Procedure (IVP) – confirms that all CDIs have integrity n Transformation Procedure (TP) – transforms a CDI from one integrity state to another integrity state n Unconstrained Data Item – data items outside of the control area of the modeled environment n Requires Integrity Labels Information Flow Models n Each object and subject is assigned security class and value; info is constrained to flow in directions that are permitted by the security policy. n Based on state machine and consists of objects, state transitions and lattice (flow policy) states. n Object can be a user n Each object is assigned a security class and value n Information is constrained to flow in the directions permitted by the policy Non-interference Model Actions of group A using commands C are not seen by users in Group B using commands D Composition Theories When smaller systems are combined they must maintain the component system security properties McClean – defined internal and external compositional constructions n External Constructs n Cascading – one systems input is the output of another n
Background image of page 9
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}