Confidentiality Policies and Integrity Policies - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Confidentiality Policies and Integrity Policies

Description:

Prevent the unauthorized disclosure of information ... CONFIDENTIAL Claire,Clarence Activity Log File. UNCLASSIFIED Ulaley, Ursula Telephone List File ... – PowerPoint PPT presentation

Number of Views:254
Avg rating:3.0/5.0
Slides: 12
Provided by: peggyv
Category:

less

Transcript and Presenter's Notes

Title: Confidentiality Policies and Integrity Policies


1
Confidentiality Policies and Integrity Policies
  • by Stefanie Wilcox

2
Confidentiality Policies
  • Prevent the unauthorized disclosure of
    information
  • Unauthorized alteration of information
  • The Bell-LaPadula Model

3
The Bell-LaPadula Model
  • Military-style classifications
  • Security Classifications
  • Security Clearances

TOP SECRET Tamara,Thomas Personnel
Files SECRET Sally, Samuel E-Mail
Files CONFIDENTIAL Claire,Clarence Activity Log
File UNCLASSIFIED Ulaley, Ursula Telephone List
File
4
The Bell-LaPadula Model
  • Simple Security Condition S(subject) can read
    O(object) if and only if lo lt ls, and S has
    read access to O.
  • -Property S can write to O if and only if ls
    lt lo and S has write access to O.
  • Basic Security Theorem A system is secure, if
    all transformations satisfy both.

5
The Bell-LaPadula Model
TOP SECRET Tamara,Thomas Personnel
Files SECRET Sally, Samuel E-Mail
Files CONFIDENTIAL Claire,Clarence Activity Log
File UNCLASSIFIED Ulaley, Ursula Telephone List
File
6
The Bell LaPadula Model
  • Principle of Tranquility Subjects and objects
    may not change their security levels once they
    have been instantiated.
  • Declassification problem
  • Trusted Entities
  • Strong Tranquility/Weak Tranquility

7
Integrity Policies
  • Commercial and Industrial firms are more
    concerned with accuracy than disclosure.
  • Goals

1) Users will not write their own programs, but
will use existing production programs and
databases. 2) Programmers will develop and test
programs on a nonproduction system if they need
access to actual data, they will be given
production data via a special process, but will
use it on their development system. 3) A special
process must be followed to install a program
from the development system onto the production
system. 4) The special process in 3 must be
controlled and audited. 5) The managers and
auditors must have access to both the system
state and the system logs that are generated.
8
Integrity Policies
  • Principles of Operation

Separation of Duty Separation of
Function Auditing
9
Integrity Policies
  • Biba(1977)--Integrity Model
  • Low-Water Mark
  • Ring Policy
  • Strict Integrity Policy

10
HDI
  • Formal Policy(Corporate)
  • Informal (ERP software, Payroll)

11
Bibliography
Bishop, Matt. Computer Security Art and Science.
2003 www.aw.com Hanover Direct Inc. Corporate
Information Systems Use Policy \www.hanoverdircect
.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Confidentiality Policies and Integrity Policies" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!