computer system security cse 5339 7339 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Computer System Security CSE 5339/7339 PowerPoint Presentation
Download Presentation
Computer System Security CSE 5339/7339

Loading in 2 Seconds...

play fullscreen
1 / 34

Computer System Security CSE 5339/7339 - PowerPoint PPT Presentation


  • 125 Views
  • Uploaded on

Computer System Security CSE 5339/7339. Session 18 October 21, 2004. Contents. Midterm  back Midterm Key – Part-3 (Questions 2, 3, 9, 10) Security Policy Models of Security Trusted Operating Systems Mehmet’s presentation. Midterm Question 2. “ELVISISALIVE” and S 2 = “DNOYZWLFEDSL”.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Computer System Security CSE 5339/7339


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
computer system security cse 5339 7339
Computer System SecurityCSE 5339/7339

Session 18

October 21, 2004

contents
Contents
  • Midterm  back
  • Midterm Key – Part-3 (Questions 2, 3, 9, 10)
  • Security Policy
  • Models of Security
  • Trusted Operating Systems
  • Mehmet’s presentation
midterm question 2
Midterm Question 2

“ELVISISALIVE” and S2 = “DNOYZWLFEDSL”.

a) What ciphertext results from using S1 as plaintext and S2 as a one-time pad? Justify your answer.

b) If S2 is ciphertext, what characters must have been used as key material from a one-time pad if the plaintext is “ANDINMEMPHIS”? Justify your answer

midterm question 3
Midterm Question 3

Describe the difference between symmetric-key and asymmetric-key cryptosystems. Discuss one advantage and one disadvantage of each

midterm question 9
Midterm Question 9

Using DES, what would the 32-bit output of the S-boxes be if the input was (in binary):

001011 010111 001011 110100 110110 111010 001000 110011

midterm question 10
Midterm Question 10

Using AES, show the column that will result after applying the Mix Column operation to the following column:

  0A

52

31

9C

military security policy
Military Security policy

Unclassified

Restricted

Confidential

Secret

Top

Secret

access to information
Access to Information

Information access is limited by the need-to-know rule.

Compartment: Each piece of classified information may be associated with one or more projects called compartments

compartments and sensitivity levels
Compartments and Sensitivity Levels

Top Secret

Compartment 1

Secret

Compartment 2

Confidential

Compartment 3

Restricted

Unclassified

classification clearance
Classification & Clearance

<rank; compartments>  class of a piece of information

Clearance: an indication that a person is trusted to access information up to a certain level of sensitivity.

<rank; compartments>  clearance of a subject

dominance relation
Dominance Relation

We say that s dominates o (or o is dominated by s) if o  s.

For a subject s and an object o,

o  s if and only if

rank(o)  rank(s) and

compartments(o) is subset of compartments(s)

A subject can read an object if the subject dominates the object.

example
Example

Information classified as <secret; {Sweden}>

Which of the following subject clearances can read the above information?

<top secret; {Sweden}>

<secret; {Sweden, crypto}>

<top secret; {crypto}>

<confidential; {Sweden}>

<secret; {France}>

models of security
Models of Security
  • Security models are used to
    • Test a particular policy for completeness and consistency
    • Document a policy
    • Help conceptualize and design an implementation
    • Check whether an implementation meets the requirements
bell la padula model
Bell-La Padula Model
  • Formal description of the allowable paths of information flow in a secure system.
  • Set of subjects and another set of objects
  • Each subject s has a fixed security clearance C(s)
  • Each object o has a fixed security class C(o)
bell la padula model cont
Bell-La Padula Model (Cont.)
  • Two properties characterize the secure flow of information:
    • A subject s may have read access to an object o only if C(o) C(s)
    • A subject s who has read access to an object o may have write access to an object p only if C(o) C(p).
illustration

o5

High

Illustration

s2

o4

o3

s1

o2

Low

o1

hru model cont
HRU Model (cont.)
  • HRU allows the state of the protraction system to be changed by a well defined set of commands:
    • Add subject s to M
    • Add object o to M
    • Delete subject s from M
    • Delete object o from M
    • Add right r to M[s,o]
    • Delete right r from M[s,o]

Owner can change rights of an object

take grant model
Take Grant Model
  • Unlimited number of subjects and objects
  • States and state transitions
  • Directed graph
  • Four primitive operations:
    • take
    • create
    • grant
    • revoke
take grant model cont
Take Grant Model (Cont.)

S2

read

O2

execute

Read, write

read

O1

O3

S1

read

execute

S3

create
Create

S

O

S

becomes

rights

revoke
Revoke

S

O

S

O

becomes

r1, r2

r1, r2, r3

slide24
Take

S2

O

S1

read

take

becomes

read

S2

O

S1

read

take

grant
Grant

read

S2

O

S1

grant

becomes

read

S2

O

S1

read

grant

trusted os design
Trusted OS Design
  • OS is a complex system  difficult to design
  • Adding the responsibility of security enforcement makes it even more difficult
  • OS controls interactions between subjects and objects
  • Clear mapping from security requirements to the design
  • Design must be checked using formal reviews or simulation
  • Requirements  design  testing
security design principles
Security Design Principles
  • Least privilege – users, programs, fewest privilege possible
  • Economy of mechanism – small, simple, straight forward
  • Open design – extensive public scrutiny
  • Complete mediation – every attempt must be checked
  • Permission based – denial of access is the default
  • Separation of privilege – more than one condition
  • Least common mechanism – the risk of sharing
  • Ease of use – unlikely to be avoided
slide28

OS Functions

users

User interface

Synchronization

Concurrency control

Deadlock management

Communication

Accounting

OS

Services

Resource allocation

Data

CPU

Memory

I/O devices

Tables

Libraries

security features in ordinary os
Security features in ordinary OS
  • Authentication of users – password comparison
  • Protection of memory – user space, paging, segmentations
  • File and I/O device access control – access control matrix
  • Allocation & access control to general objects – table lookup
  • Enforcement of sharing – integrity, consistency
  • Fair service – no starvation
  • Interprocess communication & synchronization – table lookup
  • Protection of OS protection data – encryption, hardware control, isolation
security features of trusted os
Security features of Trusted OS
  • Identification and Authentication
  • Mandatory and Discretionary Access Control (MAC & DAC)
  • Object reuse protection
  • Complete mediation – all accesses are checked
  • Trusted path
  • Accountability and Audit – security log
  • Audit log reduction
  • Intrusion detection – patterns of normal system usages, anomalies
security kernel responsible for enforcing security mechanisms of the entire os
Security Kernel – responsible for enforcing security mechanisms of the entire OS
  • Coverage – ensure that every access is checked
  • Separation – security mechanisms are isolated from the rest of OS and from user space  easier to protect
  • Unity – allsecurity mechanisms are performed by a single set of code  easier to trace problems
  • Modifiability – security mechanism changes are easier to make and test
  • Compactness – relatively small
  • Verifiability – formal methods , all situations are covered
combined security kernel os system

User tasks

Combined Security Kernel / OS System

OS Kernel:

- HW interactions

- Access control

OS

OS Kernel

Hardware

OS:

  • Resource allocation
  • Sharing
  • Access control
  • Authentication functions

Security activity

separate security kernel

User tasks

Separate Security Kernel

Security Kernel:

  • Access control
  • Authentication functions

OS

Security Kernel

Hardware

OS:

  • Resource allocation
  • Sharing
  • Hardware interactions