Security Goals
Secrecy (confidentiality)
- Unauthorized disclosure
- Limits the objects (files/sockets) that a process can read
Integrity
- Unauthorized modification
- Limits the objects that a process can write
(objects may contains information that other processes depend on)
Availability
- Limits the system resources that processes (or users) may consume
- Therefore preventing denial of service attacks
- Achieved by OS resource management techniques like fair scheduling
Confidentiality & Integrity
Achieved by Access Control
Access Control SystemsSecrecy (confidentiality)
- Unauthorized disclosure
- Limits the objects (files/sockets) that a process can read
Integrity
- Unauthorized modification
- Limits the objects that a process can write
(objects may contains information that other processes depend on)
Availability
- Limits the system resources that processes (or users) may consume
- Therefore preventing denial of service attacks
- Achieved by OS resource management techniques like fair scheduling
Confidentiality & Integrity
Achieved by Access Control
- Every access to an object in the system should be controlled
- All and Only authorized accesses can take place
Development of an access control system has three components
- Security Policy : high level rules that define access control
- Security Model : a formal representation of the access control security policy and its working.
(this allows a mathematical representation of a policy; there by aid in proving that the model is secure)
- Security Mechanism : low level (sw / hw) functional implementations of policy and model.
Security Policy
- A scheme for specifying and enforcing security policies in a system
- Driven by
- Often take the form of a set of statements
- Goals are agreed upon either by
* The entire community
* Top management
* Or is the basis of a formal mathematical analysis
A bad security policy model of a company
Megacorp Inc security policy
- This policy is approved by Management.
- All staff shall obey this security policy.
- Data shall be available only to those with a 'need-to-know'.
- All breaches of this policy shall be reported at once to security.
Security Model
Why have it at all?
- It is a mathematical representation of the policy.
- By proving the model is secure and that the mechanism correctly implements the model, we can argue that the system is indeed secure (w.r.t. the security policy)
Security Mechanism
- Implementing a correct mechanism is non trivial
- Could contain bugs in implementation which would break the security
- The implementation of the security policy must work as a 'trusted base' (reference monitor)
- Properties of the implementation
- Non-bypassable (all access should be evaluated by the mechanism)
- Security kernel
- must be confined to a limited part of the system (scattering security
functions all over the system implies that all code must be verified)
- Small - so as to achieve rigorous verification.
Discretionary Access Control
Discretionary (DAC)
- Access based on
- Identity of requestor
- Access rules state what requestors are (or are not) allowed to do
- Privileges granted or revoked by an administrator
- Users can pass on their privileges to other users
- Example. Access Matrix Model.
Access Matrix Model
- By Butler Lampson, 1971
- Subjects : active elements requesting information
- Objects : passive elements storing information
States of Access Matrix
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
Posts
0 Comments:
Post a Comment