chapter 5 network security n.
Skip this Video
Loading SlideShow in 5 Seconds..
Chapter 5 Network Security PowerPoint Presentation
Download Presentation
Chapter 5 Network Security

Loading in 2 Seconds...

play fullscreen
1 / 23

Chapter 5 Network Security - PowerPoint PPT Presentation

  • Uploaded on

Chapter 5 Network Security. Chapter 5 – Designing Trusted Operating Systems. In this section . What is a trusted system? Security Policy Military Commercial Clark-Wilson Separation of Duty Chinese Wall Models Lattice Model Bell-La Padula Biba Graham-Denning Take-Grant .

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Chapter 5 Network Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chapter 5 network security

Chapter 5 Network Security

Chapter 5 – Designing Trusted Operating Systems

in this section
In this section
  • What is a trusted system?
  • Security Policy
    • Military
    • Commercial
    • Clark-Wilson
    • Separation of Duty
    • Chinese Wall
  • Models
    • Lattice Model
    • Bell-La Padula
    • Biba
    • Graham-Denning
    • Take-Grant
designing trusted os
Designing Trusted OS
  • Primary security in computing systems
  • Primary Security
    • Memory
    • File
    • Objects/Access Control
    • User Authentication
  • Trusted – We are confident that services are provided consistently and effectively
making of a trusted os
Making of a trusted OS
  • Policy – requirements statement of what is should do
  • Model – model of the environment to be secured; represents the policy to be enforced
  • Design – the means of implementation; functionality and construction
  • Trust – assurance of meeting expectation through the features offered
what is a trusted system
What is a trusted system?
  • What makes something secure?
    • For how long?
  • Trusted Software – rigorously developed and analyzed
  • Key Characteristics of Trusted Software:
    • Functional Correctness
    • Enforcement of Integrity
    • Limited Privilege
    • Appropriate Confidence Level
  • We speak in terms of trusted and not secure

Many types of Trust:

    • Trusted Process
    • Trusted Product
    • Trusted Software
    • Trusted Computing Base
    • Trusted System
  • Through:
    • Enforcement of Security Policy
    • Sufficiency of Measures and Mechanism
    • Evaluation
security policy
Security Policy
  • Security Policy – statement of the security we expect the system to enforce
  • A trusted system can be trusted only in relation to its security policy…. To the security needs the system expected to satisfy
military security policy
Military Security Policy
  • Basis of many OS security policies
  • Based on protecting classified information
  • Top Secret (most sensitive), Secret, Confidential, Restricted, Unclassified (least sensitive)
  • Limited by the Need-to-Know rule: Access is allowed only to subjects who need to know data to perform job.
  • Compartments- classification information may be associated with one or more projects describing the subject matter of the information

Classification - <rank; compartments>

    • This enforces need-to-know both by security level and by topic
  • Clearance – person is trusted to access information up to a given level of sensitivity with need-to-know
  • Dominance, on a set of Objects (0) and Subjects (s)
    • s ≤ o if and only if rank(s) ≤ rank (0) and compartments (s) ⊆ compartments(0)
  • We say 0 dominates s (or s is dominated by o)
  • Dominance is used to limit the sensitivity and content of information a subject can access
  • As subject can read an object only if:
    • clearance level of the subject is at least as high as the information
    • Subject has a need-to-know about all compartments for which the information is classified
commercial security policies
Commercial Security Policies
  • Worried about espionage
  • Degrees of sensitivity:
    • Public
    • Proprietary
    • Internal
  • No dominance function for most commercial policies since no formal clearance is needed
  • Integrity and availability are just, not if more, important than confidentiality
clark wilson commercial security policy
Clark-Wilson Commercial Security Policy
  • This is based on Integrity
  • Policy on well-formed transactions
  • Sequence of activities
  • Performing steps in order, performing exactly the steps listed, and authentication of individuals in the steps (well-formed transactions)
  • Goal: maintain consistency between internal data and external (users’) expectation of data
  • Constrained data items which are processed by transformation procedures
separation of duty
Separation of Duty
  • The required division of responsibilities is called separation of duty
  • Accomplished manually by means of dual signatures
chinese wall security policy
Chinese Wall Security Policy
  • Used in legal, medical, investment and accounting firms
  • Addresses the conflict of interest
  • Security Policy Builds on:
    • Objects – low level
    • Company Groups – mid level
    • Conflict Classes – high level, groups of objects of competing companies are clusterd
models of security
Models of Security
  • Security Models are used to:
    • Test a particular policy for completeness and consistency
    • Document policy
    • Help conceptualize and design an implementation
    • Check whether an implementation meets its requirements
  • Policy is established outside any model
  • Model is only a mechanism that enforces the policy
multilevel security
Multilevel Security
  • Build a model to represent a range of sensitivities and to reflect the need to separate subjects rigorously from objects to which they should not have access
  • The generalized model is called the Lattice Model of Security
bell la padula confidentiality model
Bell-La Padula Confidentiality Model
  • Formal description of allowable paths of flow in a secure system
  • Formalization of the military security policy
  • Two properties:
    • Simple Security Property – A subject s may have read access to object o only if C(o) ≤ C(s)
    • *-Property – A subject s who has read access to an object o may have write access to an object p only if C(o) ≤ C(p)
  • C(s) – clearance; c(0) classification
  • Write-down – high level subjects transfers high level data to a low level object (prevented by star property)
biba integrity model
Biba Integrity Model
  • Bell-La Padula model applies only to secrecy
  • Biba is about Integrity and defines integrity levels
  • Properties:
    • Simple Integrity Property – Subject s can modify (have write access to) object o only if I(s) ≥ I(o)
    • *-Property – if subject s has read access to object o with integrity level I(0), s can have write access to object p only if I(o) ≥ I(p) [write-down]
  • Totally ignores secrecy
graham denning model
Graham-Denning Model
  • Formal System of Protection Rules
  • Access Control Mechanism (matrix) of a protection system
  • Eight Privative Protection Rights
    • Create object, Create subject, Delete object and Delete subject
    • Read Access
    • Grant Access
    • Delete Access Right
    • Transfer Access Right
  • Matrix: A[s,o]
take grant systems
Take-Grant Systems
  • Four primitives: create, revoke, take and grant