Download
1 / 3
30 likes | 148 Views
This lecture by Erland Jonsson explores key aspects of computer security, focusing on the principles of security classification and access control. It outlines advantages and inherent problems of security levels, including issues of communication limitations between high and low users and the risks associated with unauthorized object creation. Additionally, the Principle of Tranquility is introduced, emphasizing the importance of maintaining established security levels throughout a system's lifecycle. Key Swedish security actors and their roles in managing IT incidents and certifications are also discussed.
E N D
Computer Securitycourse – lecture 9 additions Presented by Erland Jonsson Department of Computer Science and Engineering
Bell- LaPadulapros and cons • Advantages: • A subject may not downgrade information • Problems: • High users can never talk to low users • Only confidentiality • Anyone can create an object with a higher classification • ”Float-up” (i.e. down-grade needed) • Does not address access control • Does not address covert channels Principle of tranquility – Subjects and objects may not change their security level once they are instantiated
Swedish SecurityActors • KBM– Swedish Emergency Management Ageny (Krisberedskapsmyndigheten) - Emergency Management / Leading Role[->Myndigheten för Samhällskydd och Beredskap from 2009] • PTS– National Post and Telecom Agency(Post och Telestyrelsen) – IT incidents (CERT) • FMV– Swedish Defence Material Administra-tion (Försvarets Materielverk) - certification • FRA– National Defence Radio Establish-ment (Försvarets Radioanstalt) – crypto certification
