Firewall Policy with Mandatory Access Control Model

1
Firewall Policy with Mandatory Access Control
Model

• Reena Cherukuri

2
Introduction

• In 1960s the classified information was safely
  handled as the computers were oriented for single
  user at a time.
• In the early 70s technological advances have
  made it possible for the Multi user Multi
  processor operating system.
• With the advent of first multi user multi
  processor operating systems information security
  became a very important issue.

3
Multi User Operating System

• Balance requirements of multiple users
• Provide each program enough and separate
  resources
• Isolate problems with one user from the rest
• Enforce good computer use
• Protect users from each other evil

4
Security Issues

• Flaws and Patches
• Targeted Malicious code
• Trapdoors
• Covert Channels
• Viruses and other malicious code
• Viruses
• Trojan Horses
• Non-malicious program errors
• Buffer overflow
• Incomplete Mediation
• Time-of-check to Time-of use errors
• Combinations

5
Access Control Models

• These models are designed to control the flow of
  information in the organization.
• Terms used in Access control models
• Subject Something or someone to which access is
  granted or denied, i.e. a user, application, or
  system process.
• Object Something that is granted access or
  denied for, i.e. a file, printer, application, or
  system process

6
Types of Access Control Models

• Discretionary Access Control Models (DAC)
• Mandatory Access Control Models (MAC)

7
DAC - The Model

• A Set of Objects (O)
• A Set of Subjects (S)
• An Access Matrix (A)
• Element A i,j specifies the access which
  subject i has to object j.

• ACLs Storing the matrix by Columns
• Capabilities Storing the matrix by Rows

8
DAC - Drawbacks

• Does not provide real assurance on the flow of
  information in a system.
• Does not impose any restriction on the usage of
  information by a User once the User has received
  it.
• Objects are at the whim or fancy of their owners
  to grant access to them for other Users.
• Information can be copied from one Object to
  another, so access to a copy is possible even if
  the owner of the original does not provide access
  to it.

9
MAC - The Model

• Subjects and Objects in a System have a certain
  classification.
• Read Up - A Subject's integrity level must be
  dominated by the integrity level of the Object
  being read.
• Write Down - A Subject's integrity level must
  dominate the integrity level of the Object being
  written.

10
BELL-LAPADULA MODEL

• The concept of mandatory access controls was
  first formalized by Bell and LA Padula
• The key idea in BLP is to augment discretionary
  access controls with mandatory access controls,
  so as to ensure the information flow policies.
• The mandatory access control policy is expressed
  in terms of security labels attached to subjects
  and objects. A label on an object is called a
  security classification, while a label on a user
  is called security clearance.

11
BLP MODEL

• The specific mandatory access rules given in BLP
  are as follows, where ? signifies the security
  label of the indicated subject or object.
• Simple-Security Property Subject s can read
  object o only if ?(s) ? (o).
• -Property Subject s can write object o only
  if ?(s) ?(o). (The -property is pronounced as
  the star-property.)

12
BLP MODEL
13
BIBA MODEL

• Formulated for the purpose of integrity.
• The basic concept of BIBA model is that
  low-integrity information should not be allowed
  to flow to high-integrity objects, whereas the
  opposite is acceptable.
• In Biba Model the high integrity is placed
  towards the top of the lattice of security labels
  and low integrity to bottom.
• The information flow is from top to bottom.

14
BIBA MODEL

• Simple-Integrity Property Subject s can read
  object o only if ?(s) ?(o).
• Integrity -Property Subject s can write object
  o only if ?(s) ?(o).
• These properties are called the duals of the
  corresponding properties of BLP.
• BIBA and BLP models can be combined in situations
  where both confidentiality and integrity are
  concerned.

15
COMPOSITE MODEL

• The combined mandatory controls are as follows
• Subject s can read object o only if ?(s) ?(o)
  and ?(s) ?(o).
• Subject s can write object o only if ?(s) ?(o)
  and ?(s) ?(o).
• It is a popular model and has been implemented in
  several OS, database and network products.
• It is the simultaneous application of two
  lattices, in which the information flow occurs in
  opposite direction.

16
Composite Model
17
Distributed Environments

• In late 80s and early 90s the enterprises
  started to disintegrate as PCs gained a lot of
  importance.
• Since individual persons are responsible for
  their own PCs the security was the
  responsibility of the owner too.
• Mid 90s as internet gained a lot of importance
  the enterprises started distributing.
• Advances in hardware and software moved the
  computing from desk-top to networked computers
  that cover a large geographical area, possibly
  the whole world.

18
Firewalls

• Firewalls are computer security facilities which
  used to control unauthorized access into the
  network.
• They are used to enforce a security policy of the
  organization and they are placed between
  networks.
• They are the security enforcement points that
  separate networks.
• It is a device that interfaces the network to the
  outside world and shields the network from
  unauthorized users.

19
What can't a firewall do?

• They cannot provide complete security
• They can do nothing to guard against insider
  threats.
• Employee misconduct or carelessness cannot be
  controlled by firewalls.
• Policies involving the use and misuse of
  passwords and user accounts must be strictly
  enforced.
• The firewalls cannot handle the Trojan horses or
  malicious code. They can be delivered though
  email etc.

20
How to improve Security?
Firewall

• Distributed systems

Firewall Policy
DAVIE
BOCA
Jupiter
COAST
21
How to improve Security?
Firewall

• Distributed systems

Central Firewall Policy
DAVIE
BOCA
Jupiter
COAST
22
Firewalls Using MAC

• Now with the organization firewall we implement
  the MAC.
• Depending on the subjects (IP address) role in
  the organization we give them the read and the
  write access.
• The roles are defined by the administrator.
• This prevents the Trojan Horses.
• It is very easy to implement and it avoids a lot
  of configuration errors.

23
References

• C. Mohan Survey of recent operating systems
  research, designs and implementations ACM SIGOPS
  Operating Systems Review,  Volume 12 Issue 1,
  January 1978
• Harrison, M.A., W.L. Rizzo, and J.D. Ullam,
  Protection in Operating Systems, Communications
  of the ACM, 19, 8, Pp. 461-471, August 1976
• Ravi S. Sandhu and Pierangela Samarati. Access
  control Principles and practice, IEEE
  Communications, 32(9)40-48, 1994.
• D.E. Bell and L.J. LaPadula, "Secure Computer
  Systems Mathematical Foundations and Model,"
  Mitre Corp. Report No. M74-244, Bedford, Mass.,
  1975. (Also available through Nat'l Technical
  Information Service, Springfield, Va., Report No.
  NTIS AD-771543.)
• Dorothy E. Denning, A lattice model of secure
  information flow, Communications of the ACM,
  v.19 n.5, p.236-243, May 1976
• Ravi S. Sandhu Lattice-Based Access Control
  Models (Vol. 26, No. 11) p. 9-19 November 1993
• Rolf Oppliger Internet security firewalls and
  beyond Communications of the ACM, Volume 40 , 
  Issue 5 p 92 102, May 1997
• Mark Vandenwauver, Joris Claessens, Wim Moreau,
  Katholieke Universiteit at Leuven Why
  Enterprises Need More than Firewalls and
  Intrusion Detection Systems IEEE 8th
  International Workshops on Enabling Technologies
  Infrastructure for Collaborative Enterprises June
  16 - 18, 1999 Palo Alto, California p. 152

24
Questions Suggestions ????
25
Thank You!!!!