security policies in computer security, Study notes of Computer Security

this use for know about security policies in cs

Typology: Study notes

2016/2017

Uploaded on 11/01/2017

onsha1044
onsha1044 🇮🇳

1 document

1 / 18

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Security Policies
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12

Partial preview of the text

Download security policies in computer security and more Study notes Computer Security in PDF only on Docsity!

Security Policies

Security Definitions

Below are give some (relatively) formal definitions^1 :

  • a security policy is a statement that partitions the states of a system into a set of authorized , or secure, states and a set of unauthorized , or non-secure, states.
  • a secure system is a system that starts in an authorized state and cannot enter an unauthorized state.
  • a breach of security occurs when a system enters an unauthorized state.
  • a security mechanism is an entity or procedure that enforces some part of the security policy.
  • a security model is a model that represents a particular policy or set of policies. (^1) Matt Bishop: Computer Security

The Military Security Policy (2)

  • a person has a clearance to access information up to a certain level of sensitivity.
  • The clearance of a person has the same form as the classification of a piece of information: <rank; compartments>
  • the need-to-know rule (principle of least privilege) means that individuals shall only have access to those data that they need in order to perform their jobs.
  • the use of compartments helps to enforce the need-to- know rule.
  • the user may not alter classifications, i.e. the policy requires Mandatory Access Control (MAC).

Top Secret

Secret

Confidential

Restricted

Unclassified

Military Security Policy: Hierarchy of Sensitivities Least Sensitive

Most Sensitive

Commercial Security Policies (1)

  • commercial security policies generally have a broader scope than the military security policy.
  • they may address issues such as industrial espionage, conflicts of interest and rules for how activities must be performed within a company. Also they extend the scope to integrity and availability.
  • they are normally less formal. There is no formalized notion of clearance and consequently are the rules for allowing access less regularized.
  • the degrees of sensitivity are normally (but variants exists):
    • public
    • proprietary
    • internal

Commercial Security Policies (2)

  • the Clark-Wilson security policy:
    • proposes a policy for well-formed transactions , which gives rules for the logistic process within the company, in terms of which steps must be performed by which person with a specified authority and in which order. Thus it addresses the integrity aspect.
  • the Clark-Wilson security policy is defined in terms of access triples: <UserID; TP; {CDIi,CDIk, ....}>, which stands for - User ID entification, - T ransformation P rocedure and - C onstrained D ata I tems resp.

Clark-Wilson security policy

Example

Purchase Department

Receiving Department

Accounting Department

Company

Supplier

1 order 2 order copy

4 order copy delivery form (signed)

3 goodsdelivery

6 payment

5 invoice

Well-formed transactions

  1. Order important Receiving clerk does not sign delivery order without making order copy.
  2. No payment unless order form + delivery form SIGNED, by auth. individuals

Performing these steps, in order, and no less / no more,

  • auth individuals signs  well-formed transactions

Commercial Security Policies (3)

  • Lee, Nash and Poland suggested an addition to the Clark- Wilson policy that involves separation of duty. The aim is to prevent abuse that can arise when the same person performs too many related actions in a company.
  • the Chinese Wall policy [by Brewer and Nash] enforces rules that prevents flow of information between companies that may have conflicting interests, e.g. competing. - the policy is defined in terms of three primitives: - objects, - company groups, and - conflict classes. - and the same employee may not access information from different companies in the same conflict class. Thus it addresses confidentiality.

Bell-La Padula Security Model

Overview

  • The BLP is a formalization of the Military Security Model (described a mathematical notation).
  • The BLP model is a formal description of the allowable paths of information flow in a secure system.
  • The BLP defines security requirements for systems that concurrently handles data at different sensitivity levels.
  • The BLP addresses confidentiality.

Bell-La Padula Security Model

Formalism

  • System is described as a set of subjects S and objects O - For each o∈ O , there is a security class L(o) - For each s∈ S , there is a security class L(s)

[classification] [clearance]

Bell-La Padula Security Model

Extension with categories

Adding the need-to-know property with categories (projects).

Each subject s have a security clearance, ls, and the need-to-know to access a number of categories, cs. CMP: Eve: <TS,{snowshoes, sweden}>

Definition: The security level (L,C) dominates the security level (L’,C’) if and only if L’≤L and C’⊆C.

Bell-La Padula Security Model

Properties revisited

  • Simple Security Property : A subject s may have read access to an object o only if s dominates o.
  • *-Property : A subject s who has read access to an object o may have write access to an object p only if p dominates o.