Trusted Computing - Integrated Computer Security - Lecture Slides, Slides of Computer Security

These lecture slides are very easy to understand the ntegrated Computer Security system.The major points in these lecture slides are:Buffer Overflow, Common Attack Mechanism, Morris Worm, Prevention Techniques, Major Concern, Applications, Systems, Careless Programming, Programmers, History of Buffer Overflow Attacks

Typology: Slides

2012/2013

Uploaded on 04/25/2013

bageshri
bageshri 🇮🇳

4.3

(24)

175 documents

1 / 62

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture 19
Trusted Computing and Multilevel Security
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e

Partial preview of the text

Download Trusted Computing - Integrated Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!

Lecture 19

Trusted Computing and Multilevel Security

Computer Security Models

  • two fundamental computer security facts:
    • all complex software systems have eventually revealed flaws or bugs that need to be fixed
    • it is extraordinarily difficult to build computer hardware/software not vulnerable to security attacks
  • problems involved both design and

implementation

  • led to development of formal security models

Bell-LaPadula (BLP) Model

  • formal model for access control
    • developed in 1970s
  • subjects and objects are assigned a security class
    • a subject has a security clearance
    • an object has a security classification
    • form a hierarchy and are referred to as security levels - top secret > secret > confidential > restricted >unclassified
    • security classes control the manner by which a subject may access an object

BLP Model Access Modes

  • READ
    • the subject is allowed only read access to the object
  • APPEND
    • the subject is allowed only write access to the object
  • WRITE
    • the subject is allowed both read and write access to the object
  • EXECUTE
    • the subject is allowed neither read nor write access to the object but may invoke the object for execution

Multi-Level Security

  • no read up
    • subject can only read an object of less or equal security level
    • referred to as the simple security property
      • ss-property
  • no write down
    • a subject can only write into an object of greater or equal security level
    • referred to as the *-property

7

? AC

Multi-Level Security

BLP Formal Description

  • based on current state of system (b, M, f, H):
    • current access set b : triples of (s, o, a)
      • subject s has current access to object o in access mode a
    • access matrix M : matrix of M (^) ij
      • access modes of subject S (^) i to access object Oj
    • level function f : security level of subjects and objects
      • fo ( Oj ) is the classification level of object Oj
      • fs ( S (^) i ) is the security clearance of subject S (^) i
      • fc ( S (^) i ) is the current security level of subject S (^) i
    • hierarchy H : a directed rooted tree of objects

BLP Formal Description

  • three BLP properties:
    • ss-property: ∀ (Si , Oj, read) has fc (Si) ≥ fo (Oj)
    • *-property: ∀ (S (^) i , Oj, append) has fc (Si) ≤ fo (Oj) and ∀ (S (^) i , Oj, write) has fc (Si ) = fo (Oj)
    • ds-property: current (Si , Oj, A (^) x ) implies A (^) x ∈ M[S (^) i Oj]
  • BLP gives formal theorems
    • theoretically possible to prove system is secure
    • in practice usually not possible

BLP Rules

1 •^ get access

2 •^ release access

3 •^ change object level

4 •^ change current level

5 •^ give access permission

6 •^ rescind access permission

7 •^ create an object

8 •^ delete a group of objects

BLP

Example

*-property

16

BLP

Example

downgrade ” in a controlled and monitored manner “ classification creep ”: information from a range of sources and levels

covert channels ”: (untrusted) low classified executable data allowed to be executed by a high clearance (trusted) subject

Confidentiality or Integrity

Biba Integrity Model

  • strict integrity policy:
    • Modify : To write or update information in an object
    • Observe : To read information in an object
    • Execute : To execute an object
    • Invoke : Communication from one subject to another
    • simple integrity: I(S) ≥ I(O)
    • integrity confinement: I(S) ≤ I(O)
    • invocation property: I(S1) ≥ I(S2)

Clark-Wilson Integrity Model

  • Principal components of the model
    • Constrained data items (CDIs)
      • Subject to strict integrity controls
    • Unconstrained data items (UDIs)
      • Unchecked data items
    • Integrity verification procedures (IVPs):
      • Intended to assure that all CDIs conform to some application-specific model of integrity and consistency
    • Transformation procedures (TPs):
      • System transactions that change the set of CDIs from one consistent state to another (^) Docsity.com 19

Clark-Wilson Integrity Model