SlideShare a Scribd company logo

Mandatory access control for information security

Download as PPTX, PDF
A
Ajit Dadresa

Mandatory Access Control (MAC) is an access control model that is used in highly classified environments. It relies on a system-wide security policy to control access rather than allowing individuals to control access. The policy dictates who can access what. MAC implements mandatory integrity control in Windows Vista based on the Biba model, which ensures integrity by controlling writes and deletions. It defines four integrity levels (low, medium, high, system) and usually inherits levels between processes, but customization is allowed.

1 of 23
Mandatory Access Control
Access Control Overview • Access Controls: The security features that control how users and systems communicate and interact with one another • Access: The flow of information between subject and object • Subject: An active entity that requests access to an object or the data in an object • Object: A passive entity that contains information http://www.ifour-consultancy.com Offshore software development company India
Security Principles The three main security principles also pertain to access control: Confidentiality Availability http://www.ifour-consultancy.com Offshore software development company India
Access Control Models Discretionary Mandatory Role based http://www.ifour-consultancy.com Offshore software development company India
MAC: Mandatory Access Control • A system-wide policy decrees who is allowed to have access • Relies on the system to control access rather than individuals • This model is used in highly classified and confidential environments (e.g. the military) • Example: The law allows a court to access driving records without the owners’ permission http://www.ifour-consultancy.com Offshore software development company India
Security Policy Model • A security policy model is a concise statement of the protection properties that a system, or generic type of system, must have • Traditional MAC mechanisms have been tightly coupled to a few security models • Recently, systems support flexible security models (e.g., SELinux, Trusted Solaris, TrustedBSD, etc.) http://www.ifour-consultancy.com Offshore software development company India
Why MAC? • Need for consistency of global polices which cannot be met by DAC • Control of information flow one object to another, so that access to a copy is not possible if the owner of the original does not provide access • Control to prevent malicious/flawed software from modifying system policies. DAC cannot prevent this if program runs by owner access. http://www.ifour-consultancy.com Offshore software development company India
Multilevel Security • People and Information are classified into different levels of trust and sensitivity • Clearance level : Indicates the highest level of classified information to be stored or handled by the person, device, or location • Classification level : Indicate the degree of damage the country could suffer if the information is disclosed to an enemy • Security level is a generic term for either a clearance level or a classification level http://www.ifour-consultancy.com Offshore software development company India
The Bell-LaPadula Security Policy Model • Proposed by David Bell and Len LaPadula in 1973 • The most widely recognized MLS model • Deals with confidentiality only http://www.ifour-consultancy.com Offshore software development company India
The Bell-LaPadula Security Policy Model • Two properties: No read up and No write down ◦ Simple security property: Subject A is allowed to read object O only if class(O) ≤ class(A) ◦ * property: Subject A is allowed to write object O only if class(A) ≤ class(O) • The * property was Bell and LaPadula’s critical innovation http://www.ifour-consultancy.com Offshore software development company India
The BibaModel • Proposed by Ken Biba • Deals with integrity alone and ignores confidentiality entirely • Covers integrity levels, which are analogous to sensitivity levels in Bell-LaPadula • Integrity levels cover inappropriate modification of data http://www.ifour-consultancy.com Offshore software development company India
The BibaModel • Read Up, Write Down : Subjects cannot read objects of lesser integrity, subjects cannot write to objects of higher integrity • Two properties: ◦ Simple Integrity Property: A low integrity subject will not write or modify high integrity data ◦ * Property: The high integrity subject will not read low integrity data http://www.ifour-consultancy.com Offshore software development company India
Multilateral Security • To protect information from leaking between compartments on the same level • Also known as compartmentation • Example: Customers of an Internet bank can not see each others’ data nor can they make their data visible to others (not even accidentally) http://www.ifour-consultancy.com Offshore software development company India
Multilateral Security Different types  Organizational  Privilege-based  A mix Multilateral security models:  The Chinese Wall Model  The BMA Model (British Medical Association) http://www.ifour-consultancy.com Offshore software development company India
The Chinese Wall Model • Proposed by David Brewer and Michael Nash 1989 • Rules to prevent conflict of interest • Rule: There must be no information flow that causes a conflict of interest • Conflict of Interest (CoI) classes: indicate which companies are in competition. http://www.ifour-consultancy.com Offshore software development company India
Eg :- COI Bank A Bank B School 1 School 2 School 3 Company datasets files Conflict of interest (CoI) class http://www.ifour-consultancy.com Offshore software development company India
The Chinese Wall Model Simple security rule(Read rule): A subject s can access company c’s data only if ◦ s has already accessed c’s data OR ◦ s has not accessed any of c’s competitors’data *Property (Write Rule): S can write to c’s data only if s can not read any other company’s sensitive data http://www.ifour-consultancy.com Offshore software development company India
BMA Model(British Medical Association) • Protects medical information • Protects personal information of clients • Famous in the health information sciences http://www.ifour-consultancy.com Offshore software development company India
BMA Model BMA security policy is consists on the nine principles 1. Access Control – access control list 2. Record Opening 3. Control 4. Consent and Notification 5. Persistence – delete only after time period has expired 6. Attribution – record name, date and time 7. Information Flow – append if there is common access list 8. Aggregation Control – measures to prevent aggregation of personal health information 9. Trusted Computing base http://www.ifour-consultancy.com Offshore software development company India
MAC Implementation in Windows Vista • It is called Mandatory Integrity Control (MIC) in Windows Vista • MIC implements a form of the Biba model, which ensures integrity by controlling writes and deletions 1. Label on Subjects 2. Label on Objects 3. Access Control Policy 4. Relationship to DAC 5. Default levels 6. Integrity Levels http://www.ifour-consultancy.com Offshore software development company India
MAC Implementation in Windows Vista Integrity levels: Windows Vista defines four integrity levels Low Everyone can access Medium Standard users, authenticated users. High Local service, network service, elevated users System System services http://www.ifour-consultancy.com Offshore software development company India
MAC Implementation in Windows Vista • Usually, child processes inherit the integrity level of their parents, unless the executable program running in the child process has a lower integrity level. For example: downloaded executables • The integrity level can also be customized on a per-process basis For example: Internet Explorer 8 http://www.ifour-consultancy.com Offshore software development company India
References 1. CIS/CSE 643: Computer Security (Syracuse University) 2. www.Wikipedia.com 3. http://www.cs.cornell.edu/courses/cs5430/2011sp/NL.accessControl.html 4. http://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control 5. Symbiosis students 1. Aswathi Jayaram 2. Manikaran Singh 3. Priti Patil 4. Sabari Nair http://www.ifour-consultancy.com Offshore software development company India

Recommended

Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
File access methods.54
File access methods.54File access methods.54
File access methods.54myrajendra
 
Distributed System - Security
Distributed System - SecurityDistributed System - Security
Distributed System - SecurityHarshana Madusanka Jayamaha
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 

Recommended

Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
An overview of access control
An overview of access controlAn overview of access control
An overview of access controlElimity
 
File access methods.54
File access methods.54File access methods.54
File access methods.54myrajendra
 
Distributed System - Security
Distributed System - SecurityDistributed System - Security
Distributed System - SecurityHarshana Madusanka Jayamaha
 
Access Controls
Access ControlsAccess Controls
Access Controlsprimeteacher32
 
Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemLalfakawmaKh
 
Database security issues
Database security issuesDatabase security issues
Database security issuesn|u - The Open Security Community
 
Network security protocols.pptx
Network security protocols.pptxNetwork security protocols.pptx
Network security protocols.pptxSamyLacheheub
 
Deadlock dbms
Deadlock dbmsDeadlock dbms
Deadlock dbmsVardhil Patel
 
Session Layer
Session LayerSession Layer
Session Layersarangaprabod
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
Advanced Operating System Lecture Notes
Advanced Operating System Lecture NotesAdvanced Operating System Lecture Notes
Advanced Operating System Lecture NotesAnirudhan Guru
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management ProtocolPrasenjit Gayen
 
Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Alan Mark
 
Multiple Access Protocal
Multiple Access ProtocalMultiple Access Protocal
Multiple Access Protocaltes31
 
wireless network IEEE 802.11
wireless network IEEE 802.11 wireless network IEEE 802.11
wireless network IEEE 802.11Shreejan Acharya
 
Operating system Dead lock
Operating system Dead lockOperating system Dead lock
Operating system Dead lockKaram Munir Butt
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
Stop and-wait protocol
Stop and-wait protocolStop and-wait protocol
Stop and-wait protocolVenkata Sreeram
 
Unit 2 data link control
Unit 2 data link controlUnit 2 data link control
Unit 2 data link controlVishal kakade
 
Deterministic Finite Automata (DFA)
Deterministic Finite Automata (DFA)Deterministic Finite Automata (DFA)
Deterministic Finite Automata (DFA)Animesh Chaturvedi
 
Types and roles
Types and rolesTypes and roles
Types and rolesSatyamevjayte Haxor
 
FLAT Notes
FLAT NotesFLAT Notes
FLAT Notesdilip kumar
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systemsAbDul ThaYyal
 
Structure of dbms
Structure of dbmsStructure of dbms
Structure of dbmsMegha yadav
 
Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBACAjit Dadresa
 
Access Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureAccess Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureSabrina Kirrane
 

More Related Content

What's hot

Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemLalfakawmaKh
 
Network security protocols.pptx
Network security protocols.pptxNetwork security protocols.pptx
Network security protocols.pptxSamyLacheheub
 
Advanced Operating System Lecture Notes
Advanced Operating System Lecture NotesAdvanced Operating System Lecture Notes
Advanced Operating System Lecture NotesAnirudhan Guru
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management ProtocolPrasenjit Gayen
 
Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Alan Mark
 
Multiple Access Protocal
Multiple Access ProtocalMultiple Access Protocal
Multiple Access Protocaltes31
 
wireless network IEEE 802.11
wireless network IEEE 802.11 wireless network IEEE 802.11
wireless network IEEE 802.11Shreejan Acharya
 
Operating system Dead lock
Operating system Dead lockOperating system Dead lock
Operating system Dead lockKaram Munir Butt
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
Unit 2 data link control
Unit 2 data link controlUnit 2 data link control
Unit 2 data link controlVishal kakade
 
Deterministic Finite Automata (DFA)
Deterministic Finite Automata (DFA)Deterministic Finite Automata (DFA)
Deterministic Finite Automata (DFA)Animesh Chaturvedi
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systemsAbDul ThaYyal
 
Structure of dbms
Structure of dbmsStructure of dbms
Structure of dbmsMegha yadav
 

What's hot (20)

Protection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating SystemProtection Domain and Access Matrix Model -Operating System
Protection Domain and Access Matrix Model -Operating System
 
Database security issues
Database security issuesDatabase security issues
Database security issues
 
Network security protocols.pptx
Network security protocols.pptxNetwork security protocols.pptx
Network security protocols.pptx
 
Deadlock dbms
Deadlock dbmsDeadlock dbms
Deadlock dbms
 
Session Layer
Session LayerSession Layer
Session Layer
 
Firewalls
FirewallsFirewalls
Firewalls
 
Advanced Operating System Lecture Notes
Advanced Operating System Lecture NotesAdvanced Operating System Lecture Notes
Advanced Operating System Lecture Notes
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
 
Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)
 
Multiple Access Protocal
Multiple Access ProtocalMultiple Access Protocal
Multiple Access Protocal
 
wireless network IEEE 802.11
wireless network IEEE 802.11 wireless network IEEE 802.11
wireless network IEEE 802.11
 
Operating system Dead lock
Operating system Dead lockOperating system Dead lock
Operating system Dead lock
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
Stop and-wait protocol
Stop and-wait protocolStop and-wait protocol
Stop and-wait protocol
 
Unit 2 data link control
Unit 2 data link controlUnit 2 data link control
Unit 2 data link control
 
Deterministic Finite Automata (DFA)
Deterministic Finite Automata (DFA)Deterministic Finite Automata (DFA)
Deterministic Finite Automata (DFA)
 
Types and roles
Types and rolesTypes and roles
Types and roles
 
FLAT Notes
FLAT NotesFLAT Notes
FLAT Notes
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systems
 
Structure of dbms
Structure of dbmsStructure of dbms
Structure of dbms
 

Viewers also liked

Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBACAjit Dadresa
 
Access Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureAccess Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureSabrina Kirrane
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and PracticeNabeel Yoosuf
 
DACS Presentation January 2015
DACS Presentation January 2015DACS Presentation January 2015
DACS Presentation January 2015John Barry
 
Access control patterns
Access control patterns Access control patterns
Access control patterns WSO2
 
Access control3
Access control3Access control3
Access control3Awhydot
 
Distributed database security with discretionary access control
Distributed database security with discretionary access controlDistributed database security with discretionary access control
Distributed database security with discretionary access controlJyotishkar Dey
 
View, Act, and React: Shaping Business Activity with Analytics, BigData Queri...
View, Act, and React: Shaping Business Activity with Analytics, BigData Queri...View, Act, and React: Shaping Business Activity with Analytics, BigData Queri...
View, Act, and React: Shaping Business Activity with Analytics, BigData Queri...Srinath Perera
 
Distributed database security with discretionary access control
Distributed database security with discretionary access controlDistributed database security with discretionary access control
Distributed database security with discretionary access controlJyotishkar Dey
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CloudIDSummit
 
Development and Implementation of Mandatory Access Control Policy for RDBMS M...
Development and Implementation of Mandatory Access Control Policy for RDBMS M...Development and Implementation of Mandatory Access Control Policy for RDBMS M...
Development and Implementation of Mandatory Access Control Policy for RDBMS M...Denis Kolegov
 
Network Security Layers
Network Security LayersNetwork Security Layers
Network Security Layersnatarafonseca
 
Implementing AutoComplete for Freemarker and Velocity languages in ACE Editor
Implementing AutoComplete for Freemarker and Velocity languages in ACE EditorImplementing AutoComplete for Freemarker and Velocity languages in ACE Editor
Implementing AutoComplete for Freemarker and Velocity languages in ACE Editorpeychevi
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql databasegourav kottawar
 
Access control3
Access control3Access control3
Access control3Awhydot
 
Object Oriented Programming in JavaScript
Object Oriented Programming in JavaScriptObject Oriented Programming in JavaScript
Object Oriented Programming in JavaScriptzand3rs
 

Viewers also liked (20)

Role based access control - RBAC
Role based access control - RBACRole based access control - RBAC
Role based access control - RBAC
 
Access Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and FutureAccess Control for Linked Data: Past, Present and Future
Access Control for Linked Data: Past, Present and Future
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and Practice
 
Unit 2 nms
Unit 2 nmsUnit 2 nms
Unit 2 nms
 
DACS Presentation January 2015
DACS Presentation January 2015DACS Presentation January 2015
DACS Presentation January 2015
 
Access control patterns
Access control patterns Access control patterns
Access control patterns
 
Access control3
Access control3Access control3
Access control3
 
Chapter23
Chapter23Chapter23
Chapter23
 
Distributed database security with discretionary access control
Distributed database security with discretionary access controlDistributed database security with discretionary access control
Distributed database security with discretionary access control
 
View, Act, and React: Shaping Business Activity with Analytics, BigData Queri...
View, Act, and React: Shaping Business Activity with Analytics, BigData Queri...View, Act, and React: Shaping Business Activity with Analytics, BigData Queri...
View, Act, and React: Shaping Business Activity with Analytics, BigData Queri...
 
Distributed database security with discretionary access control
Distributed database security with discretionary access controlDistributed database security with discretionary access control
Distributed database security with discretionary access control
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
 
Development and Implementation of Mandatory Access Control Policy for RDBMS M...
Development and Implementation of Mandatory Access Control Policy for RDBMS M...Development and Implementation of Mandatory Access Control Policy for RDBMS M...
Development and Implementation of Mandatory Access Control Policy for RDBMS M...
 
Network Security Layers
Network Security LayersNetwork Security Layers
Network Security Layers
 
Ipsec 2
Ipsec 2Ipsec 2
Ipsec 2
 
Implementing AutoComplete for Freemarker and Velocity languages in ACE Editor
Implementing AutoComplete for Freemarker and Velocity languages in ACE EditorImplementing AutoComplete for Freemarker and Velocity languages in ACE Editor
Implementing AutoComplete for Freemarker and Velocity languages in ACE Editor
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
 
Access control3
Access control3Access control3
Access control3
 
Object Oriented Programming in JavaScript
Object Oriented Programming in JavaScriptObject Oriented Programming in JavaScript
Object Oriented Programming in JavaScript
 

Similar to Mandatory access control for information security

Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessPrecisely
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security ProgramDenim Group
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applicationsmgianarakis
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Precisely
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 

Similar to Mandatory access control for information security (20)

Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security Program
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
U nit 4
U nit 4U nit 4
U nit 4
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
 
iot_basic_1.pptx
iot_basic_1.pptxiot_basic_1.pptx
iot_basic_1.pptx
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 

Mandatory access control for information security

  • 2. Access Control Overview • Access Controls: The security features that control how users and systems communicate and interact with one another • Access: The flow of information between subject and object • Subject: An active entity that requests access to an object or the data in an object • Object: A passive entity that contains information http://www.ifour-consultancy.com Offshore software development company India
  • 3. Security Principles The three main security principles also pertain to access control: Confidentiality Availability http://www.ifour-consultancy.com Offshore software development company India
  • 4. Access Control Models Discretionary Mandatory Role based http://www.ifour-consultancy.com Offshore software development company India
  • 5. MAC: Mandatory Access Control • A system-wide policy decrees who is allowed to have access • Relies on the system to control access rather than individuals • This model is used in highly classified and confidential environments (e.g. the military) • Example: The law allows a court to access driving records without the owners’ permission http://www.ifour-consultancy.com Offshore software development company India
  • 6. Security Policy Model • A security policy model is a concise statement of the protection properties that a system, or generic type of system, must have • Traditional MAC mechanisms have been tightly coupled to a few security models • Recently, systems support flexible security models (e.g., SELinux, Trusted Solaris, TrustedBSD, etc.) http://www.ifour-consultancy.com Offshore software development company India
  • 7. Why MAC? • Need for consistency of global polices which cannot be met by DAC • Control of information flow one object to another, so that access to a copy is not possible if the owner of the original does not provide access • Control to prevent malicious/flawed software from modifying system policies. DAC cannot prevent this if program runs by owner access. http://www.ifour-consultancy.com Offshore software development company India
  • 8. Multilevel Security • People and Information are classified into different levels of trust and sensitivity • Clearance level : Indicates the highest level of classified information to be stored or handled by the person, device, or location • Classification level : Indicate the degree of damage the country could suffer if the information is disclosed to an enemy • Security level is a generic term for either a clearance level or a classification level http://www.ifour-consultancy.com Offshore software development company India
  • 9. The Bell-LaPadula Security Policy Model • Proposed by David Bell and Len LaPadula in 1973 • The most widely recognized MLS model • Deals with confidentiality only http://www.ifour-consultancy.com Offshore software development company India
  • 10. The Bell-LaPadula Security Policy Model • Two properties: No read up and No write down ◦ Simple security property: Subject A is allowed to read object O only if class(O) ≤ class(A) ◦ * property: Subject A is allowed to write object O only if class(A) ≤ class(O) • The * property was Bell and LaPadula’s critical innovation http://www.ifour-consultancy.com Offshore software development company India
  • 11. The BibaModel • Proposed by Ken Biba • Deals with integrity alone and ignores confidentiality entirely • Covers integrity levels, which are analogous to sensitivity levels in Bell-LaPadula • Integrity levels cover inappropriate modification of data http://www.ifour-consultancy.com Offshore software development company India
  • 12. The BibaModel • Read Up, Write Down : Subjects cannot read objects of lesser integrity, subjects cannot write to objects of higher integrity • Two properties: ◦ Simple Integrity Property: A low integrity subject will not write or modify high integrity data ◦ * Property: The high integrity subject will not read low integrity data http://www.ifour-consultancy.com Offshore software development company India
  • 13. Multilateral Security • To protect information from leaking between compartments on the same level • Also known as compartmentation • Example: Customers of an Internet bank can not see each others’ data nor can they make their data visible to others (not even accidentally) http://www.ifour-consultancy.com Offshore software development company India
  • 14. Multilateral Security Different types  Organizational  Privilege-based  A mix Multilateral security models:  The Chinese Wall Model  The BMA Model (British Medical Association) http://www.ifour-consultancy.com Offshore software development company India
  • 15. The Chinese Wall Model • Proposed by David Brewer and Michael Nash 1989 • Rules to prevent conflict of interest • Rule: There must be no information flow that causes a conflict of interest • Conflict of Interest (CoI) classes: indicate which companies are in competition. http://www.ifour-consultancy.com Offshore software development company India
  • 16. Eg :- COI Bank A Bank B School 1 School 2 School 3 Company datasets files Conflict of interest (CoI) class http://www.ifour-consultancy.com Offshore software development company India
  • 17. The Chinese Wall Model Simple security rule(Read rule): A subject s can access company c’s data only if ◦ s has already accessed c’s data OR ◦ s has not accessed any of c’s competitors’data *Property (Write Rule): S can write to c’s data only if s can not read any other company’s sensitive data http://www.ifour-consultancy.com Offshore software development company India
  • 18. BMA Model(British Medical Association) • Protects medical information • Protects personal information of clients • Famous in the health information sciences http://www.ifour-consultancy.com Offshore software development company India
  • 19. BMA Model BMA security policy is consists on the nine principles 1. Access Control – access control list 2. Record Opening 3. Control 4. Consent and Notification 5. Persistence – delete only after time period has expired 6. Attribution – record name, date and time 7. Information Flow – append if there is common access list 8. Aggregation Control – measures to prevent aggregation of personal health information 9. Trusted Computing base http://www.ifour-consultancy.com Offshore software development company India
  • 20. MAC Implementation in Windows Vista • It is called Mandatory Integrity Control (MIC) in Windows Vista • MIC implements a form of the Biba model, which ensures integrity by controlling writes and deletions 1. Label on Subjects 2. Label on Objects 3. Access Control Policy 4. Relationship to DAC 5. Default levels 6. Integrity Levels http://www.ifour-consultancy.com Offshore software development company India
  • 21. MAC Implementation in Windows Vista Integrity levels: Windows Vista defines four integrity levels Low Everyone can access Medium Standard users, authenticated users. High Local service, network service, elevated users System System services http://www.ifour-consultancy.com Offshore software development company India
  • 22. MAC Implementation in Windows Vista • Usually, child processes inherit the integrity level of their parents, unless the executable program running in the child process has a lower integrity level. For example: downloaded executables • The integrity level can also be customized on a per-process basis For example: Internet Explorer 8 http://www.ifour-consultancy.com Offshore software development company India
  • 23. References 1. CIS/CSE 643: Computer Security (Syracuse University) 2. www.Wikipedia.com 3. http://www.cs.cornell.edu/courses/cs5430/2011sp/NL.accessControl.html 4. http://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control 5. Symbiosis students 1. Aswathi Jayaram 2. Manikaran Singh 3. Priti Patil 4. Sabari Nair http://www.ifour-consultancy.com Offshore software development company India

Editor's Notes

  1. Offshore development company India – http://www.ifour-consultancy.com
  2. user:  a human subject:  a process executing on behalf of a user object:  a piece of data or a resource. Offshore development company India – http://www.ifour-consultancy.com
  3. Offshore development company India – http://www.ifour-consultancy.com
  4. Discretionary Access Control Unlike Mandatory Access Control (MAC) where access to system resources is controlled by the operating system (under the control of a system administrator), Discretionary Access Control (DAC) allows each user to control access to their own data. DAC is typically the default access control mechanism for most desktop operating systems. Instead of a security label in the case of MAC, each resource object on a DAC based system has an Access Control List (ACL) associated with it. An ACL contains a list of users and groups to which the user has permitted access together with the level of access for each user or group. For example, User A may provide read-only access on one of her files to User B, read and write access on the same file to User C and full control to any user belonging to Group 1. It is important to note that under DAC a user can only set access permissions for resources which they already own. A hypothetical User A cannot, therefore, change the access control for a file that is owned by User B. User A can, however, set access permissions on a file that she owns. Under some operating systems it is also possible for the system or network administrator to dictate which permissions users are allowed to set in the ACLs of their resources. Discretionary Access Control provides a much more flexible environment than Mandatory Access Control but also increases the risk that data will be made accessible to users that should not necessarily be given access. # A discretionary access control (DAC) policy is a means of assigning access rights based on rules specified by users.  This class of policies includes the file permissions model implemented by nearly all operating systems.  In Unix, for example, a directory listing might yield "... rwxr-xr-x ... file.txt", meaning that the owner of file.txt may read, write, or execute it, and that other users may read or execute the file but not write it.  The set of access rights in this example is {read, write, execute}, and the operating system mediates all requests to perform any of these actions.  Users may change the permissions on files they own, making this a discretionary policy. A mechanism implementing a DAC policy must be able to answer the question:  "Does subject S have right R for object O?"  Abstractly, the  information needed to answer this question can be represented as a mathematical relation D on subjects, objects, and rights:   if (S,O,R) is in D, then S does have right R for object O; otherwise, S does not.  More practically, the same information could also be represented as an access control matrix.  Each row of the matrix corresponds to a subject and each column to an object.  Each cell of the matrix contains a set of rights. # Role Based Access Control Role Based Access Control (RBAC), also known as Non discretionary Access Control, takes more of a real world approach to structuring access control. Access under RBAC is based on a user's job function within the organization to which the computer system belongs. Essentially, RBAC assigns permissions to particular roles in an organization. Users are then assigned to that particular role. For example, an accountant in a company will be assigned to theAccountant role, gaining access to all the resources permitted for all accountants on the system. Similarly, a software engineer might be assigned to the developer role. Roles differ from groups in that while users may belong to multiple groups, a user under RBAC may only be assigned a single role in an organization. Additionally, there is no way to provide individual users additional permissions over and above those available for their role. The accountant described above gets the same permissions as all other accountants, nothing more and nothing less. Offshore development company India – http://www.ifour-consultancy.com
  5. In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating systemkernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object will be tested against the set of authorization rules (akapolicy) to determine if the operation is allowed. Offshore development company India – http://www.ifour-consultancy.com
  6. Offshore development company India – http://www.ifour-consultancy.com
  7. DAC: Discretionary Access Control – Definition: An individual user can set an access control mechanism to allow or deny access to an object. – Relies on the object owner to control access. – DAC is widely implemented in most operating systems, and we are quite familiar with it. – Strength of DAC: Flexibility: a key reason why it is widely known and implemented in main- stream operating systems. Limitation of DAC: – Global policy: DAC let users to decide the access control policies on their data, regardless of whether those policies are consistent with the global policies. Therefore, if there is a global policy, DAC has trouble to ensure consistency. – Information flow: information can be copied from one object to another, so access to a copy is possible even if the owner of the original does not provide access to the original copy. This has been a major concern for military. – Malicious software: DAC policies can be easily changed by owner, so a malicious program (e.g., a downloaded untrustworthy program) running by the owner can change DAC policies on behalf of the owner. – Flawed software: Similarly to the previous item, flawed software can be “instructed” by attackers to change its DAC policies. Offshore development company India – http://www.ifour-consultancy.com
  8. In national security and military environments, documents are labeled according to their sensitivity levels.  In the US, these range from Unclassified (anyone can see this) to Confidential to Secret and finally (we believe) toTop Secret; other countries use similar classifications.  These levels correspond to the risk associated with release of the information.    But it is not sufficient to use only sensitivity levels to classify objects if one wants to comply with the need to know principle:  access to information should only be granted if it is necessary to perform one's duties. Compartments are used to handle this decomposition of information.  Every object is associated with a set of compartments (e.g. crypto, nuclear, biological, reconnaissance, etc.).  An object associated with {crypto, nuclear} may be accessed only by subjects who need to know about both cryptography and nuclear weapons. A label is a pair of a sensitivity level and a set of compartments.  A document might have the label (Top Secret, {crypto,nuclear}) if it contained extremely sensitive information regarding cryptography and nuclear weapons.  In practice, each paragraph in a document is assigned a set of compartments and a sensitivity.  The classification of the entire document would then be the most restrictive classification given to a paragraph in that document. Users are also labelled according to their security clearance.  A user's clearance, just like a document's label, is a pair of a sensitivity level and a set of compartments. Given two labels L1 = (S1, C1) and L2 = (S2, C2), we write that L1 ≤  L2---meaning that L1 is no more restrictive than L2---when S1 ≤  S2, where Unclassified ≤  Confidential ≤  Secret ≤  Top Secret, and C1 ⊆ C2. Notice that ≤  is a partial order:  it is possible to have two labels that are incomparable (e.g. (secret, {crypto}) vs. (top secret, {nuclear})) according to ≤ .  The following diagram depicts some of the ≤  relationships as alattice, where a line from a label L1 lower in the lattice to a label L2 higher in the lattice denotes that L1 ≤  L2.  Offshore development company India – http://www.ifour-consultancy.com
  9. Offshore development company India – http://www.ifour-consultancy.com
  10. Proposed by David Bell and Len Lapadula in 1973, in response to U.S. Air Force concerns over the security of time-sharing mainframe systems. The *-property was Bell and LaPadula’s critical innovation. It was driven by the fear that a user with “Secret” clearance might be “tricked” by attackers (e.g., through Trojan horse programs or software vulnerabilities) to copy down the information to a ”Unclassified” area where the attackers can read. Offshore development company India – http://www.ifour-consultancy.com
  11. Offshore development company India – http://www.ifour-consultancy.com
  12. Offshore development company India – http://www.ifour-consultancy.com
  13. Offshore development company India – http://www.ifour-consultancy.com
  14. Offshore development company India – http://www.ifour-consultancy.com
  15. Offshore development company India – http://www.ifour-consultancy.com
  16. All corporate information is stored in a hierarchically arranged filing system such as that shown in figure 1. There are three levels of significance: at the lowest level, we consider individual items of information, each concerning a single corporation. In keeping with BLP, we will refer to the files in which such information is stored as objects; at the intermediate level, we group all objects which concern the same corporation together into what we will call a company dataset; at the highest level, we group together all company datasets whose corporations are in competition. We will refer to each such group as a conflict of interest class. Offshore development company India – http://www.ifour-consultancy.com
  17. Access is only granted if the object requested: is in the same company dataset as an object already accessed by that subject, i.e. within the Wall, or belongs to an entirely different conflict of interest class. T1) Once a subject has accessed an object the only other objects accessible by that subject lie within the same company dataset or within a different conflict of interest class. T2) A subject can at most have access to one company dataset in each conflict of interest class. *-Property Suppose two subjects, User-A and User-B, have between them access to the three datasets, Oil Company-A, Oil Company-B and Bank-A, in particular User-A has access to Oil Company-A and Bank-A and User-B has access to Oil Company-B and Bank-A. If User-A reads information from Oil Company-A and writes it to Bank-A then User-B can read Oil Company-A information. This should not be permitted, however, because of the conflict of interest between Oil Company-A and Oil Company-B. Thus indirect violations of the Chinese Wall policy are possible. We can prevent such violations by insisting that: Write access is only permitted if access is permitted by the simple security rule, and no object can be read which is in a different company dataset to the one for which write access is requested and contains unsanitized information. Offshore development company India – http://www.ifour-consultancy.com
  18. Offshore development company India – http://www.ifour-consultancy.com
  19. Access control: each identifiable clinical record shall be marked with an access control list naming the people or groups of people who may read it and append data to it. The system shall prevent anyone not on the access control list from accessing the record in any way. 2) Record opening: a clinician may open a record with herself and the patient on the access control list. Where a patient has been referred, she may open a record with herself, the patient and the referring clinician(s) on the access control list. 3) Control: one of the clinicians on the access control list must be marked as being responsible. Only she may alter the access control list, and she may only add other health care professionals to it. 4) Consent and notification: the responsible clinician must notify the patient of the names on his record’s access control list when it is opened, of all subsequent additions, and whenever responsibility is transferred. His consent must also be obtained, except in emergency or in the case of statutory exemptions. 5) Persistence: no-one shall have the ability to delete clinical information until the appropriate time period has expired. 6) Attribution: all accesses to clinical records shall be marked on the record with the subject’s name, as well as the date and time. An audit trail must also be kept of all deletions. 7) Information flow: information derived from record A may be appended to record B if and only if B’s access control list is contained in A’s. 8) Aggregation control: there shall be effective measures to prevent the aggregation of personal health information. In particular, patients must receive special notification if any person whom it is proposed to add to their access control list already has access to personal health information on a large number of people. 9) Trusted Computing Base: computer systems that handle personal health information shall have a subsystem that enforces the above principles in an effective way. Its effectiveness shall be subject to evaluation by independent experts. Offshore development company India – http://www.ifour-consultancy.com
  20. Label on Subjects: When a user logs on, Windows Vista assigns an integrity SID to the users access token. Included in the SID is an integrity label that determines the level of access the token (and thus the user) can achieve. Label on Objects: Objects, such as files, pipes, processes, threads, registry keys, services, printers, etc., are also assigned an integrity SID, which is stored in the system access control list (SACL) of the objects security descriptor. The label in the SID specifies the integrity level of the object. Access Control Policy: To write to or delete an object, the integrity level of subject must be equal to or greater than the object’s level. Relationship to DAC: Vista checks MAC first, if passed, it then checks DAC (e.g. access control list). Therefore, MAC provides a layer of access control in addition to DAC; it does not overwrite DAC. Default levels: Objects that lack an integrity label are treated as medium by the operating system. This prevents low integrity code from modifying unlabeled objects Offshore development company India – http://www.ifour-consultancy.com
  21. Windows Vista defines four integrity levels: low, medium, high, and system. Standard users receive medium, elevated users receive high. Processes you start and objects you create receive your integrity level (medium or high) or low if the executable file’s level is low; system services receive system integrity. Objects that lack an integrity label are treated asmedium by the operating system—this prevents low integrity code from modifying unlabeled objects. For those keeping track… Yes, there’ve been some changes since I spoke about MIC at TechEd. First, the label numbers have changed from 100/200/300/400 to 4096/8192/12288/16384, which in hex are 1000/2000/3000/4000. So don’t use the numbers when referring to labels, because they might change again! Second, processes no longer receive the lower of your integrity or the file’s integrity—instead, process integrity behaves as I described above. Third, we no longer use MIC to enforce Windows resource protection (WRP). All operating system files are now unlabeled, meaning they default tomedium integrity. The files are ACLed such that only the trusted installer has write access; everyone else, including administrators, has only read and execute access. Consider a scenario. Say you receive an attachment in email. When you save it, it’s written with low integrity because it came from the Internet—an untrusted source. When you execute the attachment, its process runs at low integrity because the file object is labeled low; therefore, your data (labeled medium or high) is protected from malicious writes by the attachment. It will, however be able to read your data. MIC implements a form of the Biba model, which ensures integrity by controlling writes and deletions. Contrast this with the more well-known Bell-LaPadula model, which describes levels of confidentiality by controlling reads. Offshore development company India – http://www.ifour-consultancy.com
  22. Usually, child processes inherit the integrity level of their parents, unless the executable program running in the child process has a lower integrity level. For example, all the downloaded executables will run with Low integrity level because the labels of the executable programs are marked as Low when they are downloaded from the Internet. The integrity level can also be customized on a per-process basis. For example, Internet Explorer 8 runs has an Low integrity level only. This means that IE has limited opportunities to be able to alter files on the machine without triggering an elevation prompt that the user must agree to. Objects created by processes inherit the IL of the process. So files downloaded by IE still have an IL of Low – this explains why downloaded executables will only run with Low integrity level. Offshore development company India – http://www.ifour-consultancy.com
  23. Offshore development company India – http://www.ifour-consultancy.com