Scribd
Upload
28 views9 pages

Lecture 4

Uploaded by

Khawar Zulfiqar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
28 views9 pages

Lecture 4

Uploaded by

Khawar Zulfiqar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 9

Chapter 4: Security Policies

• Overview
• The nature of policies
– What they cover
– Policy languages
• The nature of mechanisms
– Types
• Underlying both
– Trust
November 1, 2004 Introduction to Computer Security Slide #4-1
©2004 Matt Bishop
Overview
• Overview
• Policies
• Trust
• Nature of Security Mechanisms
• Example Policy

November 1, 2004 Introduction to Computer Security Slide #4-2


©2004 Matt Bishop
Security Policy
• Policy partitions system states into:
– Authorized (secure)
• These are states the system can enter
– Unauthorized (nonsecure)
• If the system enters any of these states, it’s a
security violation
• Secure system
– Starts in authorized state
– Never enters unauthorized state
November 1, 2004 Introduction to Computer Security Slide #4-3
©2004 Matt Bishop
Confidentiality
• X set of entities, I information
• I has confidentiality property with respect to X if
no x  X can obtain information from I
• I can be disclosed to others
• Example:
– X set of students
– I final exam answer key
– I is confidential with respect to X if students cannot
obtain final exam answer key

November 1, 2004 Introduction to Computer Security Slide #4-4


©2004 Matt Bishop
Integrity
• X set of entities, I information
• I has integrity property with respect to X if all x 
X trust information in I
• Types of integrity:
– trust I, its conveyance and protection (data integrity)
– I information about origin of something or an identity
(origin integrity, authentication)
– I resource: means resource functions as it should
(assurance)
November 1, 2004 Introduction to Computer Security Slide #4-5
©2004 Matt Bishop
Availability
• X set of entities, I resource
• I has availability property with respect to X if all x
 X can access I
• Types of availability:
– traditional: x gets access or not
– quality of service: promised a level of access (for
example, a specific level of bandwidth) and not meet it,
even though some access is achieved

November 1, 2004 Introduction to Computer Security Slide #4-6


©2004 Matt Bishop
Policy Models
• Abstract description of a policy or class of
policies
• Focus on points of interest in policies
– Security levels in multilevel security models
– Separation of duty in Clark-Wilson model
– Conflict of interest in Chinese Wall model

November 1, 2004 Introduction to Computer Security Slide #4-7


©2004 Matt Bishop
Types of Security Policies
• Military (governmental) security policy
– Policy primarily protecting confidentiality
• Commercial security policy
– Policy primarily protecting integrity
• Confidentiality policy
– Policy protecting only confidentiality
• Integrity policy
– Policy protecting only integrity
November 1, 2004 Introduction to Computer Security Slide #4-8
©2004 Matt Bishop
Integrity and Transactions
• Begin in consistent state
– “Consistent” defined by specification
• Perform series of actions (transaction)
– Actions cannot be interrupted
– If actions complete, system in consistent state
– If actions do not complete, system reverts to
beginning (consistent) state

November 1, 2004 Introduction to Computer Security Slide #4-9


©2004 Matt Bishop

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy