SlideShare a Scribd company logo

Survey of file protection techniques

G
G Prachi

This document provides an overview of techniques for securing operating systems, including file protection mechanisms, user authentication, designing trusted operating systems, and security models. It discusses basic forms of file protection like all-none and group protection and individual permissions in Unix. It covers user authentication using passwords, biometrics, and one-time passwords. It also describes how to design trusted operating systems using security policies, models, and principles like least privilege and separation of duties. Security models like Bell-LaPadula and Biba are presented for enforcing confidentiality and integrity.

Technology
1 of 42
Survey of techniques UNIT 4
Index • Overview • File protection mechanisms • User authentication • Designing Trusted OS • Security Policy • Models of Security • Trusted Operating System Design
Overview • An operating system has two goals: controlling shared access  implementing an interface to allow that access • Underneath those goals are support activities, including identification and authentication, naming, filing objects, scheduling, communication among processes, and reclaiming and reusing objects
Overview cont. • Operating system functions can be categorized as:  access control identity and credential management  information flow  audit and integrity protection • Each of these activities has security implications.
File Protection Mechanisms • Basic Forms of Protection All-None Protection Unacceptable for several reasons – Lack of trust – Too coarse – Rise of sharing – Complexity – File listings
Basic Forms of Protection (Cont’d) Group Protection – Focused on identifying groups of users who had some common relationship. – All authorized users are separated into groups. – A group may consist of several members working on a common project, a – department, a class, or a single user. – The basis for group membership is need to share. – A key advantage of the group protection approach is its ease of – implementation.
Basic Forms of Protection (Cont’d) • Group Protection (Cont’d) – Group affiliation: A single user cannot belong to two groups. – Multiple personalities: To overcome the one-person one-group restriction, certain people might obtain multiple accounts, permitting them, in effect, to be multiple users. – All groups: To avoid multiple personalities, the system administrator may decide that Tom should have access to all his files any time he is active. – Limited sharing: Files can be shared only within groups or with the world.
Basic Forms of Protection (Cont’d) • Individual Permissions – Persistent Permission – Temporary Acquired Permission • Unix+ operating systems provide an interesting permission scheme based on a three-level user-group- world hierarchy. • The Unix designers added a permission called set userid (suid) • Per-Object and Per-User Protection
User Authentication • Authentication mechanisms use any of three qualities to confirm a user's identity. – Something the user knows. Passwords, PIN numbers, passphrases, • a secret handshake, and mother's maiden name are examples of what a user may know. – Something the user has. Identity badges, physical keys, license, or a uniform are common examples of things people have that make them recognizable. – Something the user is. These authenticators, called biometrics, are based on a physical characteristic of the user,
User Authentication(cont’d) • Passwords as Authenticators – Use of Passwords – Passwords are mutually agreed-upon code words, assumed to be known – only to the user and the system. • Suffer from some difficulties of use: – Loss. Depending on how the passwords are implemented, it is possible that no one will be able to replace a lost or forgotten password – Use. Supplying a password for each access to a file can be inconvenient and time consuming. – Disclosure. If a password is disclosed to an unauthorized individual, the file becomes immediately accessible. – Revocation.
Passwords as Authenticators • Additional Authentication Information – Using additional authentication information is called multifactor authentication. – Two forms of authentication (which is known as two-factor authentication) are better than one, assuming of course that the two forms are strong. – But as the number of forms increases, so also does the inconvenience.
Passwords as Authenticators • Attacks on Passwords • Some ways you might be able to determine a user's password, in decreasing order of difficulty. – Try all possible passwords. – Try frequently used passwords. – Try passwords likely for the user. – Search for the system list of passwords. – Ask the user.
Passwords as Authenticators • Attacks on Passwords (Cont’d) • Loose-Lipped Systems – E.g., WELCOME TO THE XYZ COMPUTING SYSTEMS ENTER USER NAME: adams INVALID USER NAME / UNKNOWN USER ENTER USER NAME:
Passwords as Authenticators • Attacks on Passwords (Cont’d) • Loose-Lipped Systems (Cont’d) – An alternative arrangement of the login sequence is shown below. WELCOME TO THE XYZ COMPUTING SYSTEMS ENTER USER NAME: adams ENTER PASSWORD: john INVALID ACCESS ENTER USER NAME:
Passwords as Authenticators • Attacks on Passwords (Cont’d) • Loose-Lipped Systems (Cont’d) ENTER USER NAME: adams ENTER PASSWORD: john INVALID ACCESS ENTER USER NAME: adams ENTER PASSWORD: johnq WELCOME TO THE XYZ COMPUTING SYSTEMS
Passwords as Authenticators • Attacks on Passwords (Cont’d) • Exhaustive Attack – In an exhaustive or brute force attack, the attacker tries all possible passwords, usually in some automated fashion – Probable Passwords – Passwords Likely for a User
Passwords as Authenticators Attacks on Passwords (Cont’d) • password guessing steps: – no password – the same as the user ID. – is, or is derived from, the user's name – common word list (for example, "password," "secret," "private") plus common names and patterns (for example, "asdfg," "aaaaaa") – short college dictionary – complete English word list
Passwords as Authenticators • One-Time Passwords • Biometrics: Authentication Not Using Passwords • Identification vs Authentication • Much reliable, but less effective
Designing Trusted Operating Systems • An operating system is trusted if we have confidence that it provides these four services consistently and effectively – Policy - every system can be described by its requirements: statements of what the system should do and how it should do it. – Model - designers must be confident that the proposed system will meet its requirements while protecting appropriate objects and relationships.
Designing Trusted Operating Systems – Design - designers choose a means to implement it. – Trust - trust in the system is rooted in two aspects: • FEATURES - the operating system has all the necessary functionality needed to enforce the expected security policy. • ASSURANCE - the operating system has been implemented in such a way that we have confidence it will enforce the security policy correctly and effectively.
Trustworthy OS • An OS is trusted if it provides: – Memory protection – Generation object access control – User authentication • In a consistent and effective manner. • Why trusted OS, why not secure OS?
“Secure” Vs. “Trust” • .
Security Policies Security policy: statement of the security we expect the system to enforce. • Military Security Policy – Based on protecting classified information. – Each piece of information is ranked at a particular sensitivity level, such as unclassified, restricted, confidential, secret, or top secret. – The ranks or levels form a hierarchy, and they reflect an increasing order of sensitivity
Figure - Hierarchy of Sensitivities. Least Sensitive Military security policy
Figure - Compartments and Sensitivity Levels. Compartments in a Military security policy
Figure - Association of Information and Compartments. A single piece of information may belong to multiple compartments.
Terms • Information falls under different degrees of sensitivity: – Unclassified to top secret. – Each sensitivity is determined by a rank. E.g., unclassified has rank 0. • Need to know: enforced using compartments – E.g., a particular project may need to use information which is both top secret and secret. Solution; create a compartment to cover the information in both. – A compartment may include information across multiple sensitivity levels. • Clearance: A person seeking access to sensitive information must be cleared. Clearance is expressed as a combination: <rank; compartments>
Dominance relation • Consider subject s and an object o. – s <= o if an only if: • rank_s <= rank_o and • compartments_s subset compartments_o – E,g, a subject can read an object only if: • The clearance level of the subject is at least as high as that of the information and • The subject has a need to know about all compartments for which the information is classified. • E.g.information <secret, {Sweden}> can be read by someone with clearance: <top_secret, {Sweden}> and <secret , {Sweden}> but not by <top_secret, {Crypto}>
Figure - Commercial View of Sensitive Information. Commercial security policies What are some of the needs of a commercial policy?
Example: Chinese Wall Policy Addresses needs of commercial organizations: legal, medical, investment and accounting firms. Key protection: conflict of interest. Abstractions: Objects: elementary objects such as files. Company groups: at the next level, all objects concerning a particular company are grouped together. Conflict classes: all groups of objects for competing companies are clustered together.
Figure - Chinese Wall Security Policy. Chinese Wall Security Policy
Clark Wilson Model •Defines tuples for every operation <userID,transformationProcedure, {CDIs…}> • userID: person who can perform the operation. • transformationProcedure: performs only certain operations depending on the data. E.g., writeACheck if the data’s integrity is mainted. • CDIs: constrained data items: data items with certain attributes.
Security Models While policies tell us what we want…. models tell us formally what conditions we need to enforce in order to achieve a policy. We study models for various reasons: (i) test a particular policy for completeness and consistency. (ii) Document a policy (iii) Help conceptualize and design an implementation (iv) Check whether an implementation meets its requirements.
Example models (i) Bell LaPadula Model: to enforce confidentiality. (ii) Biba Model: enforces integrity. To understand this, we study a structure called Lattice. lattice is a “partial - ordering of data” such that every data item has a least upper bound and the greatest lower bound. E.g., Military model is a lattice. E.g., <secret, {Sweden}> and <secret, {France}> have a least upper bound and a greatest lower bound. Figure - Sample Lattice.
Bell LaPadula Model for Confidentiality Tells us “what conditions” need to be met to satisfy confidentiality to implement multi-level security policies (e.g., military policies): Consider a security system with the following properties: (i) system contains a set of subjects S. (ii) a set of objects O. (iii) each subject s in S and each object o in O has a fixed security class (C(s), C(o)).  In military security examples of class: secret, top secret etc… (iv) Security classes are ordered by <= symbol.
Bell La Padula Model for Confidentiality Properties: • Simple security property: A subject s may have read access to an object o, only if C(o) <= C(s). • (* property) - A subject s who has read access to an object o, may have write access to an object p only if C(o) <= C(p). Figure - Subject, Object, and Rights.
Figure - Secure Flow of Information. Bell LaPadula; read down, write up.
Biba Model for Integrity. Simple policy: Subject s can modify (write) object o only if I(s) >= I(o). Here I is similar to C, except I is called Integrity class. Integrity *-Property: If subject s has read access to object o with integrity level I(o), s can have write access to object p only if I(o) >= I(p). Why is the second policy important?
Trusted OS Design • The policies tells us what we want. • The model tells us the properties needed to satisfy for the policies to succeed. • Next: designing an OS which is trusted. Trusted OS design principles- • Principle of least privilege • Economy of mechanism • Open design • Complete mediation • Permission based • Separation of privilege. • Least common mechanism • Ease of use.
Review: Overview of an Operating System’s Functions.
Security Functions of a Trusted Operating System.
Key Features of a Trusted OS User identification and authentication (we already studied this). • Access control. • Complete mediation. • Trusted path • Audit • Audit log reduction • Intrusion detection.

Recommended

Data explosion
Data explosionData explosion
Data explosion
G Prachi
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
Distributed system architecture
Distributed system architectureDistributed system architecture
Distributed system architecture
Yisal Khan
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
Santosh Khadsare
 
Database security
Database securityDatabase security
Database security
Birju Tank
 
Chapter 13 - I/O Systems
Chapter 13 - I/O SystemsChapter 13 - I/O Systems
Chapter 13 - I/O Systems
Wayne Jones Jnr
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
Zaheer720515
 

Recommended

Data explosion
Data explosionData explosion
Data explosion
G Prachi
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
Distributed system architecture
Distributed system architectureDistributed system architecture
Distributed system architecture
Yisal Khan
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
Santosh Khadsare
 
Database security
Database securityDatabase security
Database security
Birju Tank
 
Chapter 13 - I/O Systems
Chapter 13 - I/O SystemsChapter 13 - I/O Systems
Chapter 13 - I/O Systems
Wayne Jones Jnr
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
Zaheer720515
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
Ch 10: Hacking Web Servers
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web Servers
Sam Bowne
 
ch-10.ppt
ch-10.pptch-10.ppt
ch-10.ppt
GoldenMIT
 
Deadlock
DeadlockDeadlock
Deadlock
Mayuri Verma
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1
abdifatah said
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
Dr.Florence Dayana
 
Cryptography
CryptographyCryptography
Cryptography
Abhi Prithi
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to Security
Information Technology
 
Symmetric Encryption Techniques
Symmetric Encryption Techniques Symmetric Encryption Techniques
Symmetric Encryption Techniques
Dr. Kapil Gupta
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
Database security
Database securityDatabase security
Database security
keerthusandeepreddy
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
veeresh35
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009
Deborah Obasogie
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
RAMESHBABU311293
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
G Prachi
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
selvapriyabiher
 

More Related Content

What's hot

Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
Ch 10: Hacking Web Servers
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web Servers
Sam Bowne
 
ch-10.ppt
ch-10.pptch-10.ppt
ch-10.ppt
GoldenMIT
 
Deadlock
DeadlockDeadlock
Deadlock
Mayuri Verma
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1
abdifatah said
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
Dr.Florence Dayana
 
Cryptography
CryptographyCryptography
Cryptography
Abhi Prithi
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to Security
Information Technology
 
Symmetric Encryption Techniques
Symmetric Encryption Techniques Symmetric Encryption Techniques
Symmetric Encryption Techniques
Dr. Kapil Gupta
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
Zaid Shabbir
 
Database security
Database securityDatabase security
Database security
keerthusandeepreddy
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
veeresh35
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009
Deborah Obasogie
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
RAMESHBABU311293
 

What's hot (20)

Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Information Security
Information SecurityInformation Security
Information Security
 
Ch 10: Hacking Web Servers
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web Servers
 
ch-10.ppt
ch-10.pptch-10.ppt
ch-10.ppt
 
Deadlock
DeadlockDeadlock
Deadlock
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
 
Cryptography
CryptographyCryptography
Cryptography
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to Security
 
Symmetric Encryption Techniques
Symmetric Encryption Techniques Symmetric Encryption Techniques
Symmetric Encryption Techniques
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
Database security
Database securityDatabase security
Database security
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
 

Similar to Survey of file protection techniques

Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
G Prachi
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
selvapriyabiher
 
Information Security
Information SecurityInformation Security
Information Security
sonykhan3
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
AmanSoni665879
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
QA or the Highway
 
basic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.pptbasic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.ppt
PawachMetharattanara
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
David Hoen
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
Young Alista
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
Harry Potter
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
Tony Nguyen
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
Fraboni Ec
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
Luis Goldster
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
James Wong
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
babak danyal
 
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWSAWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
Amazon Web Services
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
MongoDB
 
CyberSecurity101.pdf
CyberSecurity101.pdfCyberSecurity101.pdf
CyberSecurity101.pdf
DhananjaySingh23178
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
KIYALIBAN1
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 

Similar to Survey of file protection techniques (20)

Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating system
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
Information Security
Information SecurityInformation Security
Information Security
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan Koch
 
basic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.pptbasic-security-concepts-what-is-security48.ppt
basic-security-concepts-what-is-security48.ppt
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
 
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWSAWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
 
CyberSecurity101.pdf
CyberSecurity101.pdfCyberSecurity101.pdf
CyberSecurity101.pdf
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
 

More from G Prachi

The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architecture
G Prachi
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security models
G Prachi
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
G Prachi
 
Network defenses
Network defensesNetwork defenses
Network defenses
G Prachi
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
G Prachi
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02
G Prachi
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01
G Prachi
 
Basic web security model
Basic web security modelBasic web security model
Basic web security model
G Prachi
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
G Prachi
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
G Prachi
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
G Prachi
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
G Prachi
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Administering security
Administering securityAdministering security
Administering security
G Prachi
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
G Prachi
 
Program security
Program securityProgram security
Program security
G Prachi
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
G Prachi
 
Information security introduction
Information security introductionInformation security introduction
Information security introduction
G Prachi
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedom
G Prachi
 

More from G Prachi (20)

The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architecture
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Mobile platform security models
Mobile platform security modelsMobile platform security models
Mobile platform security models
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01
 
Basic web security model
Basic web security modelBasic web security model
Basic web security model
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
 
Exploitation techniques and fuzzing
Exploitation techniques and fuzzingExploitation techniques and fuzzing
Exploitation techniques and fuzzing
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Administering security
Administering securityAdministering security
Administering security
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Program security
Program securityProgram security
Program security
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
 
Information security introduction
Information security introductionInformation security introduction
Information security introduction
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedom
 

Recently uploaded

Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 

Recently uploaded (20)

Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 

Survey of file protection techniques

  • 2. Index • Overview • File protection mechanisms • User authentication • Designing Trusted OS • Security Policy • Models of Security • Trusted Operating System Design
  • 3. Overview • An operating system has two goals: controlling shared access  implementing an interface to allow that access • Underneath those goals are support activities, including identification and authentication, naming, filing objects, scheduling, communication among processes, and reclaiming and reusing objects
  • 4. Overview cont. • Operating system functions can be categorized as:  access control identity and credential management  information flow  audit and integrity protection • Each of these activities has security implications.
  • 5. File Protection Mechanisms • Basic Forms of Protection All-None Protection Unacceptable for several reasons – Lack of trust – Too coarse – Rise of sharing – Complexity – File listings
  • 6. Basic Forms of Protection (Cont’d) Group Protection – Focused on identifying groups of users who had some common relationship. – All authorized users are separated into groups. – A group may consist of several members working on a common project, a – department, a class, or a single user. – The basis for group membership is need to share. – A key advantage of the group protection approach is its ease of – implementation.
  • 7. Basic Forms of Protection (Cont’d) • Group Protection (Cont’d) – Group affiliation: A single user cannot belong to two groups. – Multiple personalities: To overcome the one-person one-group restriction, certain people might obtain multiple accounts, permitting them, in effect, to be multiple users. – All groups: To avoid multiple personalities, the system administrator may decide that Tom should have access to all his files any time he is active. – Limited sharing: Files can be shared only within groups or with the world.
  • 8. Basic Forms of Protection (Cont’d) • Individual Permissions – Persistent Permission – Temporary Acquired Permission • Unix+ operating systems provide an interesting permission scheme based on a three-level user-group- world hierarchy. • The Unix designers added a permission called set userid (suid) • Per-Object and Per-User Protection
  • 9. User Authentication • Authentication mechanisms use any of three qualities to confirm a user's identity. – Something the user knows. Passwords, PIN numbers, passphrases, • a secret handshake, and mother's maiden name are examples of what a user may know. – Something the user has. Identity badges, physical keys, license, or a uniform are common examples of things people have that make them recognizable. – Something the user is. These authenticators, called biometrics, are based on a physical characteristic of the user,
  • 10. User Authentication(cont’d) • Passwords as Authenticators – Use of Passwords – Passwords are mutually agreed-upon code words, assumed to be known – only to the user and the system. • Suffer from some difficulties of use: – Loss. Depending on how the passwords are implemented, it is possible that no one will be able to replace a lost or forgotten password – Use. Supplying a password for each access to a file can be inconvenient and time consuming. – Disclosure. If a password is disclosed to an unauthorized individual, the file becomes immediately accessible. – Revocation.
  • 11. Passwords as Authenticators • Additional Authentication Information – Using additional authentication information is called multifactor authentication. – Two forms of authentication (which is known as two-factor authentication) are better than one, assuming of course that the two forms are strong. – But as the number of forms increases, so also does the inconvenience.
  • 12. Passwords as Authenticators • Attacks on Passwords • Some ways you might be able to determine a user's password, in decreasing order of difficulty. – Try all possible passwords. – Try frequently used passwords. – Try passwords likely for the user. – Search for the system list of passwords. – Ask the user.
  • 13. Passwords as Authenticators • Attacks on Passwords (Cont’d) • Loose-Lipped Systems – E.g., WELCOME TO THE XYZ COMPUTING SYSTEMS ENTER USER NAME: adams INVALID USER NAME / UNKNOWN USER ENTER USER NAME:
  • 14. Passwords as Authenticators • Attacks on Passwords (Cont’d) • Loose-Lipped Systems (Cont’d) – An alternative arrangement of the login sequence is shown below. WELCOME TO THE XYZ COMPUTING SYSTEMS ENTER USER NAME: adams ENTER PASSWORD: john INVALID ACCESS ENTER USER NAME:
  • 15. Passwords as Authenticators • Attacks on Passwords (Cont’d) • Loose-Lipped Systems (Cont’d) ENTER USER NAME: adams ENTER PASSWORD: john INVALID ACCESS ENTER USER NAME: adams ENTER PASSWORD: johnq WELCOME TO THE XYZ COMPUTING SYSTEMS
  • 16. Passwords as Authenticators • Attacks on Passwords (Cont’d) • Exhaustive Attack – In an exhaustive or brute force attack, the attacker tries all possible passwords, usually in some automated fashion – Probable Passwords – Passwords Likely for a User
  • 17. Passwords as Authenticators Attacks on Passwords (Cont’d) • password guessing steps: – no password – the same as the user ID. – is, or is derived from, the user's name – common word list (for example, "password," "secret," "private") plus common names and patterns (for example, "asdfg," "aaaaaa") – short college dictionary – complete English word list
  • 18. Passwords as Authenticators • One-Time Passwords • Biometrics: Authentication Not Using Passwords • Identification vs Authentication • Much reliable, but less effective
  • 19. Designing Trusted Operating Systems • An operating system is trusted if we have confidence that it provides these four services consistently and effectively – Policy - every system can be described by its requirements: statements of what the system should do and how it should do it. – Model - designers must be confident that the proposed system will meet its requirements while protecting appropriate objects and relationships.
  • 20. Designing Trusted Operating Systems – Design - designers choose a means to implement it. – Trust - trust in the system is rooted in two aspects: • FEATURES - the operating system has all the necessary functionality needed to enforce the expected security policy. • ASSURANCE - the operating system has been implemented in such a way that we have confidence it will enforce the security policy correctly and effectively.
  • 21. Trustworthy OS • An OS is trusted if it provides: – Memory protection – Generation object access control – User authentication • In a consistent and effective manner. • Why trusted OS, why not secure OS?
  • 23. Security Policies Security policy: statement of the security we expect the system to enforce. • Military Security Policy – Based on protecting classified information. – Each piece of information is ranked at a particular sensitivity level, such as unclassified, restricted, confidential, secret, or top secret. – The ranks or levels form a hierarchy, and they reflect an increasing order of sensitivity
  • 24. Figure - Hierarchy of Sensitivities. Least Sensitive Military security policy
  • 25. Figure - Compartments and Sensitivity Levels. Compartments in a Military security policy
  • 26. Figure - Association of Information and Compartments. A single piece of information may belong to multiple compartments.
  • 27. Terms • Information falls under different degrees of sensitivity: – Unclassified to top secret. – Each sensitivity is determined by a rank. E.g., unclassified has rank 0. • Need to know: enforced using compartments – E.g., a particular project may need to use information which is both top secret and secret. Solution; create a compartment to cover the information in both. – A compartment may include information across multiple sensitivity levels. • Clearance: A person seeking access to sensitive information must be cleared. Clearance is expressed as a combination: <rank; compartments>
  • 28. Dominance relation • Consider subject s and an object o. – s <= o if an only if: • rank_s <= rank_o and • compartments_s subset compartments_o – E,g, a subject can read an object only if: • The clearance level of the subject is at least as high as that of the information and • The subject has a need to know about all compartments for which the information is classified. • E.g.information <secret, {Sweden}> can be read by someone with clearance: <top_secret, {Sweden}> and <secret , {Sweden}> but not by <top_secret, {Crypto}>
  • 29. Figure - Commercial View of Sensitive Information. Commercial security policies What are some of the needs of a commercial policy?
  • 30. Example: Chinese Wall Policy Addresses needs of commercial organizations: legal, medical, investment and accounting firms. Key protection: conflict of interest. Abstractions: Objects: elementary objects such as files. Company groups: at the next level, all objects concerning a particular company are grouped together. Conflict classes: all groups of objects for competing companies are clustered together.
  • 31. Figure - Chinese Wall Security Policy. Chinese Wall Security Policy
  • 32. Clark Wilson Model •Defines tuples for every operation <userID,transformationProcedure, {CDIs…}> • userID: person who can perform the operation. • transformationProcedure: performs only certain operations depending on the data. E.g., writeACheck if the data’s integrity is mainted. • CDIs: constrained data items: data items with certain attributes.
  • 33. Security Models While policies tell us what we want…. models tell us formally what conditions we need to enforce in order to achieve a policy. We study models for various reasons: (i) test a particular policy for completeness and consistency. (ii) Document a policy (iii) Help conceptualize and design an implementation (iv) Check whether an implementation meets its requirements.
  • 34. Example models (i) Bell LaPadula Model: to enforce confidentiality. (ii) Biba Model: enforces integrity. To understand this, we study a structure called Lattice. lattice is a “partial - ordering of data” such that every data item has a least upper bound and the greatest lower bound. E.g., Military model is a lattice. E.g., <secret, {Sweden}> and <secret, {France}> have a least upper bound and a greatest lower bound. Figure - Sample Lattice.
  • 35. Bell LaPadula Model for Confidentiality Tells us “what conditions” need to be met to satisfy confidentiality to implement multi-level security policies (e.g., military policies): Consider a security system with the following properties: (i) system contains a set of subjects S. (ii) a set of objects O. (iii) each subject s in S and each object o in O has a fixed security class (C(s), C(o)).  In military security examples of class: secret, top secret etc… (iv) Security classes are ordered by <= symbol.
  • 36. Bell La Padula Model for Confidentiality Properties: • Simple security property: A subject s may have read access to an object o, only if C(o) <= C(s). • (* property) - A subject s who has read access to an object o, may have write access to an object p only if C(o) <= C(p). Figure - Subject, Object, and Rights.
  • 37. Figure - Secure Flow of Information. Bell LaPadula; read down, write up.
  • 38. Biba Model for Integrity. Simple policy: Subject s can modify (write) object o only if I(s) >= I(o). Here I is similar to C, except I is called Integrity class. Integrity *-Property: If subject s has read access to object o with integrity level I(o), s can have write access to object p only if I(o) >= I(p). Why is the second policy important?
  • 39. Trusted OS Design • The policies tells us what we want. • The model tells us the properties needed to satisfy for the policies to succeed. • Next: designing an OS which is trusted. Trusted OS design principles- • Principle of least privilege • Economy of mechanism • Open design • Complete mediation • Permission based • Separation of privilege. • Least common mechanism • Ease of use.
  • 40. Review: Overview of an Operating System’s Functions.
  • 41. Security Functions of a Trusted Operating System.
  • 42. Key Features of a Trusted OS User identification and authentication (we already studied this). • Access control. • Complete mediation. • Trusted path • Audit • Audit log reduction • Intrusion detection.

Editor's Notes

  1. E.g., when the receiving clerk sends the delivery form to the accounting clerk… the delivery form has been already “checked” by the receiving clerk. Think of these as “stamps” of approval.
  2. Need for the two policies: Definition of subject, object and access rights. E.g., s can “r” or “read” object o.
  3. Bell LaPadula is only for confidentiality, how about integrity… come up with a policy.
  4. Access control can be Mandatory, Discretionary, Role Based