lecture 2: security policy models

13

Lecture 2: Security Policy Models Fred Chong CS290N Architectural Support for Secure and Reliable Computing

Upload: howard

Post on 23-Feb-2016

19 views

Category:

Documents

0 download

Report

Download

Tags:

Embed Size (px):

DESCRIPTION

Lecture 2: Security Policy Models. Fred Chong CS290N Architectural Support for Secure and Reliable Computing. Multi-Level vs Multi-Lateral Policies. Bell-La Padua Policy. BLP vs BIBA. Biba. Example: BLP password file protection. Password file is “high” - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Lecture 2: Security Policy Models

Lecture 2: Security Policy Models

Fred ChongCS290N Architectural Support for

Secure and Reliable Computing

Page 2: Lecture 2: Security Policy Models

Multi-Level vs Multi-Lateral Policies

Page 3: Lecture 2: Security Policy Models

Bell-La Padua Policy

Page 4: Lecture 2: Security Policy Models

BLP vs BIBA

Page 5: Lecture 2: Security Policy Models

Biba

Page 6: Lecture 2: Security Policy Models

Example: BLP password file protection

• Password file is “high”• Network reads and writes are “low”• Malware from the network is “low,” can’t read

password file (read of “high” from “low”)• Even if Malware becomes “high” somehow,

can’t write password data to the network (write of “high” to “low”)

Page 7: Lecture 2: Security Policy Models

Example: Biba protects system files

• System files are “high”• Malware from the network is “low”• Malware can’t write to system files (“low”

writes to “high”)• Hardware dynamic information flow tracking

techniques (taint tracking) implement Biba

Page 8: Lecture 2: Security Policy Models

Chinese Wall

Page 9: Lecture 2: Security Policy Models

BLP vs Chinese Wall

Page 10: Lecture 2: Security Policy Models

Clark-Wilson

Page 11: Lecture 2: Security Policy Models

BLP vs Clark-Wilson

Page 12: Lecture 2: Security Policy Models

BLP with Codewords

• “Need to know”• A Lattice Model

Page 13: Lecture 2: Security Policy Models

BMA medical record policy

Lecture 21 Cosmological Models

Formal Security Models and the Modern Organization · PDF fileRiVidium Whites Formal Security Models and the Organization ... Formal Security Models and the Modern Organization

Security Management Models

Lecture 2: Retrieval Models

Lecture 7: Assignment Models (Empirics) - Dave …dave-donaldson.com/.../10/Lecture-7-Assignment-Models-empirics.pdf · { Lecture 7: Assignment Models (Empirics) ... agriculture As

Data Models lecture

CCM 4350 Lecture 14 Security Models 2: Biba, Chinese Wall ... · CCM 4350 Lecture 14 Security Models 2: Biba, Chinese Wall, Clark Wilson . 2 Introduction Bell-LaPadula model designed

Lecture 7: Probabilistic Models

Why we need Network Security? - t U · Computer Network Security The Security Trinity Prevention Detection Response Security Models Basic Terminology Risk Assessment Security Models-Security

Security Models

Security Models - Computer Security Lecture 7A security policy describes requirements for a system. A security model is a way of formalizing a policy. There are two basic paradigms:

Lecture 1 graphical models

Queuing Models Lecture Presentation.ppt

Security Models - Computer Security Lecture 13 · inﬂuential Bell-LaPadula (BLP) model. BLP enforces conﬁdentiality Other models enforce integrity, or a combination. Access operations

Database Application Security Models Database Application Security Models 1

J Carpenter 2008 702904 & 711908 lecture -05 1 702904 & 711908 Information Security 2008 Lecture 5 Access Control, Security Models

Lecture 1b - Database Models

Portfolio models - Podgorica€¦ · Portfolio models - Podgorica Luca Sitzia [email protected] Lecture 1: Returns Lecture 2: Utility models Lecture 3: Portfolio selection Lecture

Lecture 02 Transistor Models

Lecture 22 Cosmological Models

MT5104 - Computer Security - Models & Policies 1 Models & Policies The previous lecture has presented a choice of access control structures. Access control

Security models for security architecture

1 Lecture 3 Security Model. 2 Why Security Models? u A security model is a formal description of a security policy u Models are used in high assurance

TEL2813/IS2820 Security Management - University of … TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction n To create or

Models of Security

Lecture 5 Com Models

Lecture 9: Network models

Lecture Slides: Lecture Introduction to Human Models

Sequencing (Models) - Lecture

Formal Security Models

CS408 Cryptography & Internet Securitycrix/CS.408/content/408-lecture-02.pdf · CS408 Cryptography & Internet Security Lecture 2: Types of attacks, Models to evaluate security, Classical

Security Architeture & Models

1 Database Application Security Models Database Application Security Models Dr. Gabriel

Lecture 3-Km Models

PPA 573 – Emergency Management and Homeland Security Lecture 1b – Models of Emergency Management