Vinay kumar madhadi l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

MANDATORY FLOW CONTROL MODELS PowerPoint PPT Presentation


  • 168 Views
  • Uploaded on
  • Presentation posted in: General

Vinay Kumar Madhadi. CSC-8320. MANDATORY FLOW CONTROL MODELS. 10/28/2009. Outline. Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control Part 2 : Different Models-Lattice & Multi- Level Recent Studies

Download Presentation

MANDATORY FLOW CONTROL MODELS

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Vinay kumar madhadi l.jpg

Vinay Kumar Madhadi

CSC-8320

MANDATORY FLOW CONTROL MODELS

10/28/2009


Outline l.jpg

Outline

  • Part 1 : Mandatory Flow Control Models?

    MAC vs. DAC

    Information Flow Control

  • Part 2 : Different Models-Lattice & Multi- Level

    Recent Studies

  • Part 3 : Future work


Part 1 what is mandatory flow control model l.jpg

Part 1: What is Mandatory Flow Control Model?

  • The Mandatory Flow Control Models are the subset of computer security models that require access control of all subjects and objects under its control on a system wide basis.

    (Chow et al, 1997)

  • How is it different from Discretionary Security Model and why is it needed?


Discretionary ac vs mandatory ac l.jpg

DISCRETIONARY AC VS MANDATORY AC

DAC

MAC

  • Determined by owner of the object. The owner decides who is allowed to access the object and what privileges they have.

  • It is discretionary by nature

  • MAC is an access policy determined by the system. It is used in multi-level systems that process highly sensitive data.

  • It is non discretionary


Problem with access control matrix model l.jpg

Problem with Access Control Matrix Model

  • Confinement problem: How to determine whether there is any mechanism by which a subject authorized to access an object may leak information contained in that object to some other subjects not authorized to access that object.

  • Another disadvantage is that no semantics of information in the objects are considered; thus the security sensitivity of an object is hardly expressed by that model.

  • Security Control should be applied to the information in addition to the subject holding the information


Information flow control l.jpg

Information Flow Control:

  • Information Flow control is concerned with how information is propagated from one object to another.

  • System entities are partitioned into security classes.

  • The security classes of all entities must be specified explicitly and the class of an entity seldom changes after it has been created( changes sometimes made by the system administration) .


Part 2 different models l.jpg

Part 2: Different Models

There are three different models employed

namely:

  • Lattice Model

  • Bell-LaPadula Model

  • Biba Model


Lattice model l.jpg

Lattice Model

  • It is the best known information flow control model.

  • Based upon the concept of a lattice from mathematics.

  • Lattice is a Directed Acyclic Graph(DAG) with a single source and sink. Information is permitted to flow from a lower class to upper class.


Lattice model contd l.jpg

Lattice Model contd..


Flow properties of lattice l.jpg

Flow Properties of lattice

  • The relation → is reflexive, transitive and anti-symmetric for all A,B,C Ɛ SC.

  • Reflexive: A → A

  • Transitive: A → B and B → C implies A → C .

  • Anti-symmetric: A → B and B → A implies A=B

  • In addition, the other two properties of lattice include

  • Aggregation: A → C and B → C implies A U B → C

  • Separation: A U B → C implies A → C and B → C


Multi level security models l.jpg

Multi-Level Security Models

  • Multilevel Security is a special case of the lattice-based information flow model.

  • There are two well-known multilevel security models:

  • The Bell-LaPadula Model

  • The Biba Model


Bell lapadula model l.jpg

Bell LaPadula Model:

  • L is a linearly ordered set of security levels

  • C is a lattice of security categories

  • The security class assigned to a subject or an object includes two components: a hierarchical security level and a nonhierarchical security category.

  • The security level is called the clearance if applied to subjects, and classification if applied to objects.

  • Each security category is a set of compartments that represent natural or artificial characteristics of subjects and objects and is used to enforce the need-to-know principle.


Bell lapadula model contd l.jpg

Bell-LaPadula Model contd..

  • The lattice of security classes is L × C. If AB Ɛ F, A dominates B if A’s level is higher than B’s level and B’s category is a subset of A’s category

  • Security with respect to confidentiality in the Bell-LaPadula model is described by the following two axioms:

  • Simple security property: Reading information from an object o by a subject s requires that F(s) dominates F(o) ”no read up”).

  • The *-property: Writing information to an object o by a subject s requires that F(o) dominates F(s).


Biba model l.jpg

Biba Model:

  • In Biba model information can only flow from a higher integrity class to a lower integrity class.

  • L is a linearly ordered set of integrity levels

  • C is a lattice of integrity categories

  • Integrity levels form a linear lattice in which each level represents the classification of integrity of information an object can contain or the clearance of a subject for modifying an object.

  • Integrity categories form a subset lattice and are used to enforce the need-to-have principle.

  • The lattice of security classes is L × C.


Biba model contd l.jpg

Biba Model Contd..

Security with respect to integrity in the Biba model is

described by the following two axioms:

  • Simple security property:

    Writing information to an object o by a subject s requires that F(s) dominates F(o) (“no write up”).

  • The*-property:

    Reading information from an object o by a subject s requires that F(o) dominates F(s) ( “no read down”).


Blp model vs biba model l.jpg

BLP Model VS Biba Model

BLP Model

Biba Model

  • Emphasizes on information integrity

    • Subjects that are writing information to an object must have a higher security class than the object.

    • Objects being read from by a subject must have higher security class than the subject.

  • Emphasizes on information

    confidentiality

    • Subjects reading from an object must have a higher security class than the object.

    • Objects being written to by a subject must have higher security class than the subject.


Part 2 recent studies l.jpg

Part 2: Recent Studies

A) INFORMATION FLOW ENHANCED DISCRETIONARY ACCESS

CONTROL( IFEDAC):

  • Generally DAC mechanisms are more user-friendly than Mandatory Access Control (MAC) systems, but are vulnerable to attacks that use Trojan horse or exploit buggy software.

  • The IFEDAC Model combines the best of both DAC(ease-to-use) and MAC(defense against Trojan horse and buggy problems)

    Advantage: Combines the best of DAC and MAC

    Disadvantage: Can be implemented only on Linux OS.

    (Jiang, Ziqing, Chen 2009)


Recent studies contd l.jpg

Recent Studies contd..

B) PROTECTING CONFIDENTIALITY AGAINST TROJAN HORSE

PROGRAMS IN DAC PROGRAMS:

  • A modified DAC is proposed with the central idea of separation of management of rights from other activities of user.

  • The resulting system offers flexibility of DAC and protection of MAC

    Advantage: The lack of flexibility of MAC systems is eliminated.

    (Adrian, Armin, Hartmut 2008)


Part 3 future work l.jpg

Part 3: Future Work

  • The Mandatory flow Control Models do not solve the Trojan Horse problem completely. If there are any covert channels present, then enforcement of information flow policies will be difficult. Research must be done to develop a type of model which solves this Trojan Horse problem completely even with secret channels present.

  • A model must be developed which can function on all the operating systems unlike the IEPDA model which can function only on the Linux Machine.

    (Jiang, Ziqing, Chen 2009)


Future work contd l.jpg

Future Work contd..

  • A new model combining the advantages of discretionary, mandatory and role-based access models must be developed. This should avoid all the shortcomings that these models faced. Research if done in this field will contribute a lot to the field of computer security.

    (Sylvia, Qamar, Ravi 2000)

  • Since newer operating systems keep emerging, it is important to constantly update the models developed so that they function on the latest operating systems too.

    Example: Biba Model is implemented in Vista OS


References l.jpg

References:

Xuxian Jiang, Mao J., Li., Hong Chen.: Trojan Horse Resistant Discretionary Access Control. In: ACM 2009, pp. 237–246 (2009)

Adrian S., Armin B., Hartmut L.: protecting confidentiality against Trojan Horse Programs in Discretionary Access Control Systems(2008)

Tanenbaum, S., Steen, M.V.: DISTRIBUTED SYSTEMS: Principles and Paradigms, p.2e. Prentice Hall, Inc, Englewood Cliffs (2007)

Alexander Brodsky, Csilla F., Sushil J. ,Database Security— Concepts, Approaches, and Challenges IEEE Transactions on Dependable and Secure Computing-(March 2005)

Yixin Jiang,Chuang Lin, Zhen Chen, Hao Yin 2004 IEEE International Conference on Systems, Man and Cybernetics Security Analysis of Mandatory Access Control Model(2004)

Distributed Systems principles and paradigms by Andrew S. Tanenbaum, Maarten van Steen, (2002)


References22 l.jpg

References:

  • G. Tel. Introduction to Distributed Algorithms. Cambridge University Press Second Edition, 2000.

  • Sylvia O., Qamar M., Ravi S..Configuring role-based access control to enforce mandatory and discretionary access control policies , ACM, 85-106 (March 2000)

  • Distributed Operating Systems & Algorithms, Randy Chow and Theodore Johnson, Addison Wesley, 1997.


Thank you l.jpg

THANK YOU


  • Login