Computer Security Security Policies .. - PowerPoint PPT Presentation

About This Presentation
Title:

Computer Security Security Policies ..

Description:

A security mechanism is an entity or procedure that enforces some part of a security policy. ... That is, given any set of inputs, the protection mechanism m ... – PowerPoint PPT presentation

Number of Views:102
Avg rating:3.0/5.0
Slides: 22
Provided by: mikebur
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Computer Security Security Policies ..


1
Computer SecuritySecurity Policies ..
2
Security Policies
  • We view a computer system as a finite-state
    machine
  • Definition
  • A security policy is a statement that partitions
    the states
  • of a system into a set of authorized or secure
    states and
  • a set of unauthorized or nonsecure states.
  • A secure system is a system that starts in an
    authorized
  • state and cannot enter an unauthorized state.

3
Example
t1
s1
s2
t5
t4
s3
s4
t2
t3
An insecure system Authorized states are s1 and
s2 Unauthorized states are s3 and s4
4
Security Policies
  • Definition
  • A breach of security occurs when a system enters
    an unauthorized state.
  • Let X be a set of entities and I be some
    information.
  • I has the property of confidentiality
    with respect to X if no member of X can obtain
    information about I.
  • I has the property of integrity with
    respect to X if all members of X trust I.
  • Let I be a resource I has the property of
    availability with respect to X if all member of
    X can access I.
  • A security mechanism is an entity or procedure
    that enforces some part of a security policy.

5
Types of Policies
  • Definition
  • Military security policies or governmental
    security policies.
  • Commercial security policies
  • Confidentiality policies
  • Integrity policies
  • Transaction policies
  • Discuss issues regarding trust.

6
The role of trust
  • The role of trust is fundamental in understanding
    the
  • nature of computer security.
  • Examples see textbook
  • Example 1-2-3-4, pp 101-102 (high level)
  • 1-2-3-4 102-103 (low-level, formal)

7
Types of Access Control
  • Discretionary Access Control (DAC) or
  • identity based access control.
  • Mandatory Access Control (MAC) or
  • role-based access control.
  • An originator access control (ORCON or ORGON)
    bases access on the creator of an object.
  • Examples pp 103-104

8
Discretionary Access Control (DAC)
  • Access control is left to the discretion of the
    owner.
  • Based on the identity of the subject.
  • Example see textbook pp 104-105

9
Mandatory Access Control (MAC)
  • The operating system enforces mandatory access
  • controls.
  • Neither the subject nor even the owner can
    determine
  • access control.
  • Example see textbook

10
ORiginator access CONtrol (ORCON or ORGON)
  • The originator of the file (or its information)
    has control
  • the dissemination of its information.
  • Example see textbook

11
Policy languages
  • High level policy languages independent of the
    mechanisms used.
  • Low level policy languages
  • Examples pp 104-105

12
High level policy languages
  • Express policy constraints on entities using
    abstraction and are independent of the security
    mechanisms.
  • This requires
  • An unambiguous expression of policy
  • A mathematical or programming formulation
  • Details see textbook.
  • Examples pp105-106

13
Low level policy languages
  • A set of inputs or arguments to commands that set
    or check constraints on a system.
  • For examples, see textbook
  • Examples pp109-110

14
Security and Precision
  • Earlier security and precision was defined in
    terms of the states of the system.
  • We said that security policies were enforced by
    security mechanisms and that such mechanisms were
    either
  • secure, precise or broad.
  • Let P be the set of all states, Q the set of
    secure states
  • and suppose that the mechanism restricts the
    system to
  • the set of states R .
  • A security mechanism was secure if R ? Q ,
    precise if R Q
  • and broad if there are states such that r ?R and
    r ?Q .

15
Security and Precision
  • We now consider the possibility of devising a
    generic procedure for developing a mechanism that
    is security and precise.
  • For this, we will use programs, which will be
    viewed as abstract functions that encode the
    information that needs to be controlled.

16
Security and Precision
  • Definition
  • A program p is a function p I1 ? ? In ? R
    .
  • p has n inputs ij e Ij and one output r e R
  • Axiom (observability postulate)
  • Suppose p does not alter information but merely
    provides a view
  • of its inputs. We say that p encodes all
    available information
  • about i1, ,in
  • Example
  • A confidentiality policy seeks to control what
    views are available.

17
Security and Precision
  • Definition
  • Let p I1 ? ??? ?In ? R be a function
  • A protection mechanism m for p is a function m
    I1???? ?In ? R ? E
  • (E is an error message) for which, when (
    i1, ..., in ) ? I1???? ? In , either
  • a. m (i1,...,ik) p (i1, ... ,ik) or
  • b. m (i1,...,ik) ? E .
  • That is, every legal input to m produces
    either the same value as p or an
  • error message.
  • The set of output values of p that are excluded
    by m are those outputs that
  • would impart confidential information.
  • Examples p 115

18
Security and Precision
  • Definition
  • A confidentiality policy for the program p I1
    ?????In ? R is a function c I1???? ?In ? A,
    where A is a subset of I1???? ?In .
  • Here the set A corresponds to those inputs that
    may be revealed.
  • The complement of A to the confidential inputs.

19
Security and Precision
  • Definitions
  • Let c be a confidentiality policy for a program
    p.
  • Let m I1???? ?In ? R ? E be a security
    mechanism for p.
  • The mechanism m is secure iff there is a
    function
  • m I1???? ?In ? R ? E such that for all
    (i1,...,in ) ? I1???? ?In
  • m (i1,...,ik) m(c (i1,...,ik)) .
  • That is, given any set of inputs, the protection
    mechanism m
  • returns values consistent with the stated policy
    c
  • (here secure confidential )

20
Security and Precision
  • Definitions
  • Let m1, m2 protection mechanisms for program p
  • under policy c.
  • m1 is as precise as m2 if for all inputs
    (i1,...,in)
  • m2 (i1,...,ik) p (i1,...,ik) -gt m1
    (i1,...,ik) p (i1,...,ik)
  • m1 is more precise than m2 if there is an input
  • (i1',...,in' ) such that
  • m2 (i1',...,in' ) p (i1',...,in' )
    m1 (i1',...,in' ) ? p (i1',...,in' )

21
Security and Precision
  • Theorems
  • For any program p there exists a precise secure
    mechanism m such that for all secure mechanisms
    m associated with p and c we have m m.
  • There is no effective way that determines a
    (maximally) precise secure mechanism for any
    policy and program.
Write a Comment
User Comments (0)
About PowerShow.com