Access Control - E-Commerce - Lecture Slides, Slides of Fundamentals of E-Commerce

Students of Communication, study E-Commerce as an auxiliary subject. these are the key points discussed in these Lecture Slides of E-Commerce : Access Control, Discretionary, Nondiscretionary Access, Controls, Resource, Policy, Information, Security Property, Write Down, Flow Control

Typology: Slides

2012/2013

Uploaded on 07/29/2013

alok-sarath
alok-sarath 🇮🇳

4.3

(35)

143 documents

1 / 9

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
41
Access Control Lists
S\O Operating
system
Accounts
program
Accounti
ng data
Audit trail
Sam rwx rwx rw r
Alice x x rw -
Bob rx r r r
Docsity.com
pf3
pf4
pf5
pf8
pf9

Partial preview of the text

Download Access Control - E-Commerce - Lecture Slides and more Slides Fundamentals of E-Commerce in PDF only on Docsity!

41

Access Control Lists S\O OperatingAccountssystemprogram

AccountiAudit trailng data Sam^ rwx^ rwx

rw^ r Alice^ x^ x

rw^ - Bob^ rx^ r

r^ r

42

Discretionary and Nondiscretionary

Access

Controls (DAC & MAC)  Discretionary means that someone who owns aresource can make a decision as to who isallowed to use (access) it  Nondiscretionary (mandatory) access controlsenforce a policy where users might be allowed touse information themselves but might not beallowed to make copy of it available to someoneelse (even the owner cannot change the attributeof a data file)

44

Multi-level model of security  Security labels:^ TOP SECRET^ SECRET^ CONFIDENTIAL^ OPEN  Both subjects and objects have security labels  Only subjects with the proper clearance (securitylabel) can see the objects with the same or lowerlevel of security labels

45

Information Flow control  Bell LaPadula (BLP) model  Simple security property: no read up  *-property: no write down

47

Covert channels (cont.)  The timing channel – The Trojan horse program alternatelyloops and waits, in cycles of, say one minute per bit (of theconfidential data). When the bit is 1: the program loops for oneminute. When the bit is 0: the program waits for a minute.Another program running on the same computer (but withoutaccess to the sensitive data) constantly tests the loading of theTrojan horse.  The storage channel – The Trojan horse program loads a(printer) queue to represent a 1, and delete its jobs to represent a0. Easy to check the queue status and get the information.  The error channel – The Trojan horse program creates a file torepresent a 1, and delete it to represent a 0. The external processtries to read the file: since different error messages are reportedwhen the file exists (but its access is not permitted) or when thefile does not exist, which are used to distinguish between the 0'sand 1's.

48

The Orange Book  The National Computer Security Center (NCSC)published an official standard called “TrustedComputer System Evaluation Criteria” (theOrange Book) which defines a series of ratings acomputer system can have based on its securityfeatures and the care that went into its design,documentation, and testing