lecture 2: security policy models
DESCRIPTION
Lecture 2: Security Policy Models. Fred Chong CS290N Architectural Support for Secure and Reliable Computing. Multi-Level vs Multi-Lateral Policies. Bell-La Padua Policy. BLP vs BIBA. Biba. Example: BLP password file protection. Password file is “high” - PowerPoint PPT PresentationTRANSCRIPT
Lecture 2: Security Policy Models
Fred ChongCS290N Architectural Support for
Secure and Reliable Computing
Multi-Level vs Multi-Lateral Policies
Bell-La Padua Policy
BLP vs BIBA
Biba
Example: BLP password file protection
• Password file is “high”• Network reads and writes are “low”• Malware from the network is “low,” can’t read
password file (read of “high” from “low”)• Even if Malware becomes “high” somehow,
can’t write password data to the network (write of “high” to “low”)
Example: Biba protects system files
• System files are “high”• Malware from the network is “low”• Malware can’t write to system files (“low”
writes to “high”)• Hardware dynamic information flow tracking
techniques (taint tracking) implement Biba
Chinese Wall
BLP vs Chinese Wall
Clark-Wilson
BLP vs Clark-Wilson
BLP with Codewords
• “Need to know”• A Lattice Model
BMA medical record policy