COMPUSEC

1
COMPUSEC

• Security Policies
• Reference Monitor
• MAC, DAC, RBAC

2
References

• Gasser, m., Building a Secure Computer System,
  Van Nostrand Reinhold, 1988
• SandHu, R., Samarati, P., Access Control
  Principles and Practice, IEEE Communications,
  Sep. 1994

3
Teaching Points

• Security Policies
• Modes of Operation
• The Reference Monitor
• Discretionary Access Control
• Mandatory Access Control

4
Information Security Objectives

• Confidentiality (or Secrecy)
• related to disclosure of Information
• Integrity
• related to modification of information
• Availability
• related to denial of access to information

5
Information Security Requirements

• Policy
• describes how people may access documents or
  other information
• Protection Mechanisms
• controls for maintaining the security of the
  information
• Assurance
• degree of confidence that the system security
  policy has been correctly implemented

6
Components of a Security Policy

• External Security
• controls physical access to the system security
  that the system itself cannot address
• Physical Security
• control of physical access to the environment of
  the information system (locks, guards, etc),
  protection from disaster

7
Components of a Security Policy

• External Security (contd)
• Administative Security
• Personnel Security
• techniques used in deciding whom to trust with
  information
• Procedural Security
• controls the process of granting people access to
  machines, handling physical input and output
  (printouts, etc) installing/modifying H/W and S/W

8
Components of a Security Policy

• Internal Security
• security controls that are implemented in the
  hardware or software of the system
• COMSEC Security
• communications security
• COMPUSEC Security
• computer security

9
(No Transcript)
10
Modes of Operation

• Dedicated Mode
• users all cleared, all have need-to -know
• System-High Mode
• users all cleared, may not have need-to-know
• Compartmented Mode
• users all cleared, may not have formal access
  approval for all compartments
• Controlled Mode
• Multilevel Mode
• users may not be cleared for all information

11
Protection Mechanisms

• Identification Authentication
• who is it?
• is it really that person?
• used to track exactly who is responsible for
  actions in the system
• Audit
• tracking of security relevant events
• Access Control
• control access of subjects to information objects
• reference monitor concept

12
The Reference Monitor
13
Properties of a Reference Monitor

• May be implemented in any combination of S/W,
  H/W, firmware
• Properties
• must be tamper proof
• must always be invoked
• must be small enough to be subjected to analysis
  and tests to ensure that it is correct

14
The Access Control Matrix
15
Discretionary Access Control (DAC)

• judgement-based
• Users can exercise their judgement (i.e.
  discretion) in granting access to objects
• The containment problem
• It is very difficult to control the flow of
  information
• Trojan Horse
• who do we really trust?

16
Mandatory Access Control (MAC)

• rule-based
• Static rules enforced by the system govern access
  and these rules cannot be circumvented
• Security labels used to govern clearance and
  classification
• Security lattice (domiance)
• Simple security property
• -property

17
The Security Lattice
TS/nato,alpha
TS/nato
TS/alpha
TS
S/nato
S/alpha
S
C
U
18
Security Properties

• Simple Security Property
• for a subject to access an object such that it is
  able to read information from the object, then
  the clearance of the subject must dominate the
  classification of the object.
• -Property
• if a subject has simultaneous access to more than
  one object, the classification of all of the
  objects it can read information from must
  dominate the classification of all the objects it
  can write to

19
Teaching Points

• Security Policies
• Modes of Operation
• The Reference Monitor
• Discretionary Access Control
• Mandatory Access Control