尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

Security models

Download as PPT, PDF
LJ PROJECTS
LJ PROJECTS

To Support Digital India, We are trying to enforce the security on the web and digital Information. This Slides provide you basic as well as advance knowledge of security model. Model covered in this slides are Chinese Wall, Clark-Wilson, Biba, Harrison-Ruzzo-Ullman Model, Bell-LaPadula Model etc. Types of Access Control.

Engineering
1 of 22
Security Models Copyright by Aakash Panchal All Right reversed by LJ Projects
2 Basic Concepts
Terminology 3 Trusted Computing Base (TCB) – combination of protection mechanisms within a computer system Subjects / Objects Subjects are active (e.g., users / programs) Objects are passive (e.g., files) Reference Monitor – abstract machine that mediates subject access to objects Security Kernel – core element of TCB that enforces the reference monitor’s security policy
Types of Access Control 4 Discretionary Access Control (DAC) – data owners can create and modify matrix of subject / object relationships (e.g., ACLs) Mandatory Access Control (MAC) – “insecure” transactions prohibited regardless of DAC Cannot enforce MAC rules with DAC security kernel Someone with read access to a file can copy it and build a new “insecure” DAC matrix because he will be an owner of the new file.
Information Flow Models 5 In reality, there are state transitions Key is to ensure transitions are secure Models provide rules for how information flows from state to state. Information flow models do not address covert channels Trojan horses Requesting system resources to learn about other users
State Machine Model State is a snapshot of the system at one moment in time. State transition is the change to the next state. If all the state transitions in a system are secure and if the initial state of the system is secure, then every subsequent state will also be secure, no matter what input occurs.
7 Access Control Models
Bell-LaPadula (BLP) Model 8 BLP is formal (mathematical) description of mandatory access control First model that was created to control access to data. Three properties: ds-property (discretionary security) ss-property (simple security – no “read up”) *-property (star property – no “write down”) A secure system satisfies all of these properties BLP includes mathematical proof that if a system is secure and a transition satisfies all of the properties, then the system will remain secure.
Bell-LaPadula Model (Continued) 9 Honeywell Multics kernel was only true implementation of BLP, but it never took hold DOD information security requirements currently achieved via discretionary access control and segregation of systems rather than BLP-compliant computers The problem with this model is that it does not deal with integrity of the data.
Bell-LaPadula Model (Continued) 10 The star property makes it possible for a lower level subject to write to a higher classified object. A covert channel is an information flow that is not controlled by a security mechanism. A low level subject may see high level object name but are denied access to the contents of the object.
Harrison-Ruzzo-Ullman Model BLP model does not state policies for changing access rights or for the creation or deletion of subjects and objects. This model defines authorization system that address these issues. It operates on access matrices and verifies if there is any sequence of instructions that cause an access right to leak information.
Three Main Goals of Integrity Preventing unauthorized users from making modifications to data or programs. Preventing authorized users from making improper or unauthorized modifications. Maintaining internal and external consistency of data and programs.
Biba Model 13 Similar to BLP but focus is on integrity, not confidentiality Implements the first goal of integrity. Result is to turn the BLP model upside down High integrity subjects cannot read lower integrity objects (no “read down”) Subjects cannot move low integrity data to high-integrity environment (no “write up”)
Intuition Behind Models Control of confidential information is important both in military and commercial environment. However in commercial environment the integrity of data is also equally important to prevent errors and frauds. The higher the level, the more confidence one has that a program will execute correctly. Data at higher level is more accurate, reliable and trustworthy than data at the lower level.
Clark-Wilson Model 15 Reviews distinction between military and commercial policy Military policy focus on confidentiality Commercial policy focus on integrity Mandatory commercial controls typically involve who gets to do what type of transaction rather than who sees what (Example: Handle a check above a certain amount)
Clark-Wilson Model (Continued) 16 Two types of objects: Constrained Data Items (CDIs) Unconstrained Data Items (UDIs) Two types of transactions on CDIs in model Integrity Verification Procedures (IVPs) Transformation Procedures (TPs) IVPs certify that TPs on CDIs result in valid state All TPs must be certified to result in valid transformation
Clark-Wilson Model (Continued) 17 System maintains list of valid relations of the form: {UserID, TP, CDI/UDI} Only permitted manipulation of CDI is via an authorized TP If a TP takes a UDI as an input, then it must result in a proper CDI or the TP will be rejected Additional requirements Auditing: TPs must write to an append-only CDI (log) Separation of duties
Clark-Wilson Model (Continued) 18 Subjects have to identified and authenticated. Objects can be manipulated only by a restricted set of programs. Subjects can execute only a restricted set of programs A proper audit log has to be maintained.
Clark-Wilson versus Biba 19 In Biba’s model, UDI to CDI conversion is performed by trusted subject only (e.g., a security officer), but this is problematic for data entry function. In Clark-Wilson, TPs are specified for particular users and functions. Biba’s model does not offer this level of granularity.
Chinese Wall 20 Focus is on conflicts of interest. Principle: Users should not access the confidential information of both a client organization and one or more of its competitors. How it works Users have no “wall” initially. Once any given file is accessed, files with competitor information become inaccessible. Unlike other models, access control rules change with user behavior
Chinese Wall 21 Separation of Duty. A given user may perform transaction A or Transaction B but not both. A simple security property A subject has access to an object if and only if, all the objects that subject can read are from non competing groups. The *- Property A subject can write to client only if the subject can not read any object from a competing group.
+91-82381-35844 Aakashpanchal100@ gmail.com Follow us

Recommended

Internet anonymity and privacy
Internet anonymity and privacyInternet anonymity and privacy
Internet anonymity and privacy
Dooremoore
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
Shethwala Ridhvesh
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
sadique_ghitm
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
Zaheer720515
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
Deepak Upadhyay
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 

Recommended

Internet anonymity and privacy
Internet anonymity and privacyInternet anonymity and privacy
Internet anonymity and privacy
Dooremoore
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
Shethwala Ridhvesh
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
sadique_ghitm
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
Zaheer720515
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
Deepak Upadhyay
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
IP Security
IP SecurityIP Security
IP Security
Keshab Nath
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Protection and security
Protection and securityProtection and security
Protection and security
mbadhi
 
Spoofing
SpoofingSpoofing
Spoofing
Sanjeev
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
vasanthimuniasamy
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
Mijanur Rahman Milon
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
Dr.Florence Dayana
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSP
Srishti Ahuja
 
Network Security Layers
Network Security LayersNetwork Security Layers
Network Security Layers
natarafonseca
 

More Related Content

What's hot

Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
IP Security
IP SecurityIP Security
IP Security
Keshab Nath
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Protection and security
Protection and securityProtection and security
Protection and security
mbadhi
 
Spoofing
SpoofingSpoofing
Spoofing
Sanjeev
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
vasanthimuniasamy
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
Mijanur Rahman Milon
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
Dr.Florence Dayana
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 

What's hot (20)

Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
IP Security
IP SecurityIP Security
IP Security
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Protection and security
Protection and securityProtection and security
Protection and security
 
Spoofing
SpoofingSpoofing
Spoofing
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Security policies
Security policiesSecurity policies
Security policies
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 

Similar to Security models

Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSP
Srishti Ahuja
 
Network Security Layers
Network Security LayersNetwork Security Layers
Network Security Layers
natarafonseca
 
Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access method
International Journal of Engineering Inventions www.ijeijournal.com
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
gourav kottawar
 
Access control3
Access control3Access control3
Access control3
Awhydot
 
Access control3
Access control3Access control3
Access control3
Awhydot
 
Distributed database security with discretionary access control
Distributed database security with discretionary access controlDistributed database security with discretionary access control
Distributed database security with discretionary access control
Jyotishkar Dey
 
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
FilGov
 
1.1 Cyber Security Layers of Defense and Technology Solutions.pdf.pdf
1.1 Cyber Security Layers of Defense and Technology Solutions.pdf.pdf1.1 Cyber Security Layers of Defense and Technology Solutions.pdf.pdf
1.1 Cyber Security Layers of Defense and Technology Solutions.pdf.pdf
ThangVuQuang4
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
Michelle Singh
 
AccessControl.ppt
AccessControl.pptAccessControl.ppt
AccessControl.ppt
DAKSHATAPANCHAL2
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Model
tom termini
 
Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_models
husseinalshomali
 
Security Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseSecurity Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational Database
David Murphy
 
Presentation security measure
Presentation security measurePresentation security measure
Presentation security measure
mukarram522
 
IJET-V3I2P8
IJET-V3I2P8IJET-V3I2P8
IJET-V3I2P8
IJET - International Journal of Engineering and Techniques
 
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel SecurityLecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Dr. Ramchandra Mangrulkar
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
G Prachi
 
Iaetsd database intrusion detection using
Iaetsd database intrusion detection usingIaetsd database intrusion detection using
Iaetsd database intrusion detection using
Iaetsd Iaetsd
 
Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...
ijcnes
 

Similar to Security models (20)

Security Architecture and Design - CISSP
Security Architecture and Design - CISSPSecurity Architecture and Design - CISSP
Security Architecture and Design - CISSP
 
Network Security Layers
Network Security LayersNetwork Security Layers
Network Security Layers
 
Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access method
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
 
Access control3
Access control3Access control3
Access control3
 
Access control3
Access control3Access control3
Access control3
 
Distributed database security with discretionary access control
Distributed database security with discretionary access controlDistributed database security with discretionary access control
Distributed database security with discretionary access control
 
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
Fighting Spyware With Mandatory Access Control In Microsoft Windows Vista (Di...
 
1.1 Cyber Security Layers of Defense and Technology Solutions.pdf.pdf
1.1 Cyber Security Layers of Defense and Technology Solutions.pdf.pdf1.1 Cyber Security Layers of Defense and Technology Solutions.pdf.pdf
1.1 Cyber Security Layers of Defense and Technology Solutions.pdf.pdf
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
AccessControl.ppt
AccessControl.pptAccessControl.ppt
AccessControl.ppt
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Model
 
Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_models
 
Security Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseSecurity Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational Database
 
Presentation security measure
Presentation security measurePresentation security measure
Presentation security measure
 
IJET-V3I2P8
IJET-V3I2P8IJET-V3I2P8
IJET-V3I2P8
 
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel SecurityLecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
Lecture #8: Clark-Wilson & Chinese Wall Model for Multilevel Security
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Iaetsd database intrusion detection using
Iaetsd database intrusion detection usingIaetsd database intrusion detection using
Iaetsd database intrusion detection using
 
Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...Wireless Information Security System via Role based Access Control Pattern Us...
Wireless Information Security System via Role based Access Control Pattern Us...
 

More from LJ PROJECTS

Tips on looking after yourself | Managing COVID-19 Stress | LJ Projects
Tips on looking after yourself | Managing COVID-19 Stress | LJ ProjectsTips on looking after yourself | Managing COVID-19 Stress | LJ Projects
Tips on looking after yourself | Managing COVID-19 Stress | LJ Projects
LJ PROJECTS
 
LJ Innovation village 2019 - Uploaded by LJ Projects
LJ Innovation village 2019 - Uploaded by LJ ProjectsLJ Innovation village 2019 - Uploaded by LJ Projects
LJ Innovation village 2019 - Uploaded by LJ Projects
LJ PROJECTS
 
Cloudedots - Ideas into Reality | Mobile and Web App development Company
Cloudedots - Ideas into Reality | Mobile and Web App development CompanyCloudedots - Ideas into Reality | Mobile and Web App development Company
Cloudedots - Ideas into Reality | Mobile and Web App development Company
LJ PROJECTS
 
Foodies- An e-Food inventory Management Portal
Foodies- An e-Food inventory Management PortalFoodies- An e-Food inventory Management Portal
Foodies- An e-Food inventory Management Portal
LJ PROJECTS
 
Information security
Information securityInformation security
Information security
LJ PROJECTS
 
Grid Computing (An Up-Coming Technology)
Grid Computing (An Up-Coming Technology)Grid Computing (An Up-Coming Technology)
Grid Computing (An Up-Coming Technology)
LJ PROJECTS
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
LJ PROJECTS
 
Socket Programming- Data Link Access
Socket Programming- Data Link AccessSocket Programming- Data Link Access
Socket Programming- Data Link Access
LJ PROJECTS
 
VPN Theory
VPN TheoryVPN Theory
VPN Theory
LJ PROJECTS
 
TCP/IP Introduction
TCP/IP Introduction TCP/IP Introduction
TCP/IP Introduction
LJ PROJECTS
 
Event Management System Document
Event Management System Document Event Management System Document
Event Management System Document
LJ PROJECTS
 

More from LJ PROJECTS (11)

Tips on looking after yourself | Managing COVID-19 Stress | LJ Projects
Tips on looking after yourself | Managing COVID-19 Stress | LJ ProjectsTips on looking after yourself | Managing COVID-19 Stress | LJ Projects
Tips on looking after yourself | Managing COVID-19 Stress | LJ Projects
 
LJ Innovation village 2019 - Uploaded by LJ Projects
LJ Innovation village 2019 - Uploaded by LJ ProjectsLJ Innovation village 2019 - Uploaded by LJ Projects
LJ Innovation village 2019 - Uploaded by LJ Projects
 
Cloudedots - Ideas into Reality | Mobile and Web App development Company
Cloudedots - Ideas into Reality | Mobile and Web App development CompanyCloudedots - Ideas into Reality | Mobile and Web App development Company
Cloudedots - Ideas into Reality | Mobile and Web App development Company
 
Foodies- An e-Food inventory Management Portal
Foodies- An e-Food inventory Management PortalFoodies- An e-Food inventory Management Portal
Foodies- An e-Food inventory Management Portal
 
Information security
Information securityInformation security
Information security
 
Grid Computing (An Up-Coming Technology)
Grid Computing (An Up-Coming Technology)Grid Computing (An Up-Coming Technology)
Grid Computing (An Up-Coming Technology)
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
Socket Programming- Data Link Access
Socket Programming- Data Link AccessSocket Programming- Data Link Access
Socket Programming- Data Link Access
 
VPN Theory
VPN TheoryVPN Theory
VPN Theory
 
TCP/IP Introduction
TCP/IP Introduction TCP/IP Introduction
TCP/IP Introduction
 
Event Management System Document
Event Management System Document Event Management System Document
Event Management System Document
 

Recently uploaded

❣Unsatisfied Bhabhi Call Girls Surat 💯Call Us 🔝 7014168258 🔝💃Independent Sura...
❣Unsatisfied Bhabhi Call Girls Surat 💯Call Us 🔝 7014168258 🔝💃Independent Sura...❣Unsatisfied Bhabhi Call Girls Surat 💯Call Us 🔝 7014168258 🔝💃Independent Sura...
❣Unsatisfied Bhabhi Call Girls Surat 💯Call Us 🔝 7014168258 🔝💃Independent Sura...
hotchicksescort
 
Cricket management system ptoject report.pdf
Cricket management system ptoject report.pdfCricket management system ptoject report.pdf
Cricket management system ptoject report.pdf
Kamal Acharya
 
High Profile Call Girls Ahmedabad 🔥 7737669865 🔥 Real Fun With Sexual Girl Av...
High Profile Call Girls Ahmedabad 🔥 7737669865 🔥 Real Fun With Sexual Girl Av...High Profile Call Girls Ahmedabad 🔥 7737669865 🔥 Real Fun With Sexual Girl Av...
High Profile Call Girls Ahmedabad 🔥 7737669865 🔥 Real Fun With Sexual Girl Av...
dABGO KI CITy kUSHINAGAR Ak47
 
Covid Management System Project Report.pdf
Covid Management System Project Report.pdfCovid Management System Project Report.pdf
Covid Management System Project Report.pdf
Kamal Acharya
 
Better Builder Magazine, Issue 49 / Spring 2024
Better Builder Magazine, Issue 49 / Spring 2024Better Builder Magazine, Issue 49 / Spring 2024
Better Builder Magazine, Issue 49 / Spring 2024
Better Builder Magazine
 
Mahipalpur Call Girls Delhi 🔥 9711199012 ❄- Pick Your Dream Call Girls with 1...
Mahipalpur Call Girls Delhi 🔥 9711199012 ❄- Pick Your Dream Call Girls with 1...Mahipalpur Call Girls Delhi 🔥 9711199012 ❄- Pick Your Dream Call Girls with 1...
Mahipalpur Call Girls Delhi 🔥 9711199012 ❄- Pick Your Dream Call Girls with 1...
simrangupta87541
 
The Differences between Schedule 40 PVC Conduit Pipe and Schedule 80 PVC Conduit
The Differences between Schedule 40 PVC Conduit Pipe and Schedule 80 PVC ConduitThe Differences between Schedule 40 PVC Conduit Pipe and Schedule 80 PVC Conduit
The Differences between Schedule 40 PVC Conduit Pipe and Schedule 80 PVC Conduit
Guangdong Ctube Industry Co., Ltd.
 
Literature review for prompt engineering of ChatGPT.pptx
Literature review for prompt engineering of ChatGPT.pptxLiterature review for prompt engineering of ChatGPT.pptx
Literature review for prompt engineering of ChatGPT.pptx
LokerXu2
 
Butterfly Valves Manufacturer (LBF Series).pdf
Butterfly Valves Manufacturer (LBF Series).pdfButterfly Valves Manufacturer (LBF Series).pdf
Butterfly Valves Manufacturer (LBF Series).pdf
Lubi Valves
 
AN INTRODUCTION OF AI & SEARCHING TECHIQUES
AN INTRODUCTION OF AI & SEARCHING TECHIQUESAN INTRODUCTION OF AI & SEARCHING TECHIQUES
AN INTRODUCTION OF AI & SEARCHING TECHIQUES
drshikhapandey2022
 
🔥Independent Call Girls In Pune 💯Call Us 🔝 7014168258 🔝💃Independent Pune Esco...
🔥Independent Call Girls In Pune 💯Call Us 🔝 7014168258 🔝💃Independent Pune Esco...🔥Independent Call Girls In Pune 💯Call Us 🔝 7014168258 🔝💃Independent Pune Esco...
🔥Independent Call Girls In Pune 💯Call Us 🔝 7014168258 🔝💃Independent Pune Esco...
AK47
 
CSP_Study - Notes (Paul McNeill) 2017.pdf
CSP_Study - Notes (Paul McNeill) 2017.pdfCSP_Study - Notes (Paul McNeill) 2017.pdf
CSP_Study - Notes (Paul McNeill) 2017.pdf
Ismail Sultan
 
❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...
❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...
❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...
nainakaoornoida
 
Basic principle and types Static Relays ppt
Basic principle and types Static Relays pptBasic principle and types Static Relays ppt
Basic principle and types Static Relays ppt
Sri Ramakrishna Institute of Technology
 
Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)
Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)
Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)
Tsuyoshi Horigome
 
Online train ticket booking system project.pdf
Online train ticket booking system project.pdfOnline train ticket booking system project.pdf
Online train ticket booking system project.pdf
Kamal Acharya
 
SPICE PARK JUL2024 ( 6,866 SPICE Models )
SPICE PARK JUL2024 ( 6,866 SPICE Models )SPICE PARK JUL2024 ( 6,866 SPICE Models )
SPICE PARK JUL2024 ( 6,866 SPICE Models )
Tsuyoshi Horigome
 
🚺ANJALI MEHTA High Profile Call Girls Ahmedabad 💯Call Us 🔝 9352988975 🔝💃Top C...
🚺ANJALI MEHTA High Profile Call Girls Ahmedabad 💯Call Us 🔝 9352988975 🔝💃Top C...🚺ANJALI MEHTA High Profile Call Girls Ahmedabad 💯Call Us 🔝 9352988975 🔝💃Top C...
🚺ANJALI MEHTA High Profile Call Girls Ahmedabad 💯Call Us 🔝 9352988975 🔝💃Top C...
dulbh kashyap
 
Call Girls Goa (india) ☎️ +91-7426014248 Goa Call Girl
Call Girls Goa (india) ☎️ +91-7426014248 Goa Call GirlCall Girls Goa (india) ☎️ +91-7426014248 Goa Call Girl
Call Girls Goa (india) ☎️ +91-7426014248 Goa Call Girl
sapna sharmap11
 
Call Girls In Tiruppur 👯‍♀️ 7339748667 🔥 Free Home Delivery Within 30 Minutes
Call Girls In Tiruppur 👯‍♀️ 7339748667 🔥 Free Home Delivery Within 30 MinutesCall Girls In Tiruppur 👯‍♀️ 7339748667 🔥 Free Home Delivery Within 30 Minutes
Call Girls In Tiruppur 👯‍♀️ 7339748667 🔥 Free Home Delivery Within 30 Minutes
kamka4105
 

Recently uploaded (20)

❣Unsatisfied Bhabhi Call Girls Surat 💯Call Us 🔝 7014168258 🔝💃Independent Sura...
❣Unsatisfied Bhabhi Call Girls Surat 💯Call Us 🔝 7014168258 🔝💃Independent Sura...❣Unsatisfied Bhabhi Call Girls Surat 💯Call Us 🔝 7014168258 🔝💃Independent Sura...
❣Unsatisfied Bhabhi Call Girls Surat 💯Call Us 🔝 7014168258 🔝💃Independent Sura...
 
Cricket management system ptoject report.pdf
Cricket management system ptoject report.pdfCricket management system ptoject report.pdf
Cricket management system ptoject report.pdf
 
High Profile Call Girls Ahmedabad 🔥 7737669865 🔥 Real Fun With Sexual Girl Av...
High Profile Call Girls Ahmedabad 🔥 7737669865 🔥 Real Fun With Sexual Girl Av...High Profile Call Girls Ahmedabad 🔥 7737669865 🔥 Real Fun With Sexual Girl Av...
High Profile Call Girls Ahmedabad 🔥 7737669865 🔥 Real Fun With Sexual Girl Av...
 
Covid Management System Project Report.pdf
Covid Management System Project Report.pdfCovid Management System Project Report.pdf
Covid Management System Project Report.pdf
 
Better Builder Magazine, Issue 49 / Spring 2024
Better Builder Magazine, Issue 49 / Spring 2024Better Builder Magazine, Issue 49 / Spring 2024
Better Builder Magazine, Issue 49 / Spring 2024
 
Mahipalpur Call Girls Delhi 🔥 9711199012 ❄- Pick Your Dream Call Girls with 1...
Mahipalpur Call Girls Delhi 🔥 9711199012 ❄- Pick Your Dream Call Girls with 1...Mahipalpur Call Girls Delhi 🔥 9711199012 ❄- Pick Your Dream Call Girls with 1...
Mahipalpur Call Girls Delhi 🔥 9711199012 ❄- Pick Your Dream Call Girls with 1...
 
The Differences between Schedule 40 PVC Conduit Pipe and Schedule 80 PVC Conduit
The Differences between Schedule 40 PVC Conduit Pipe and Schedule 80 PVC ConduitThe Differences between Schedule 40 PVC Conduit Pipe and Schedule 80 PVC Conduit
The Differences between Schedule 40 PVC Conduit Pipe and Schedule 80 PVC Conduit
 
Literature review for prompt engineering of ChatGPT.pptx
Literature review for prompt engineering of ChatGPT.pptxLiterature review for prompt engineering of ChatGPT.pptx
Literature review for prompt engineering of ChatGPT.pptx
 
Butterfly Valves Manufacturer (LBF Series).pdf
Butterfly Valves Manufacturer (LBF Series).pdfButterfly Valves Manufacturer (LBF Series).pdf
Butterfly Valves Manufacturer (LBF Series).pdf
 
AN INTRODUCTION OF AI & SEARCHING TECHIQUES
AN INTRODUCTION OF AI & SEARCHING TECHIQUESAN INTRODUCTION OF AI & SEARCHING TECHIQUES
AN INTRODUCTION OF AI & SEARCHING TECHIQUES
 
🔥Independent Call Girls In Pune 💯Call Us 🔝 7014168258 🔝💃Independent Pune Esco...
🔥Independent Call Girls In Pune 💯Call Us 🔝 7014168258 🔝💃Independent Pune Esco...🔥Independent Call Girls In Pune 💯Call Us 🔝 7014168258 🔝💃Independent Pune Esco...
🔥Independent Call Girls In Pune 💯Call Us 🔝 7014168258 🔝💃Independent Pune Esco...
 
CSP_Study - Notes (Paul McNeill) 2017.pdf
CSP_Study - Notes (Paul McNeill) 2017.pdfCSP_Study - Notes (Paul McNeill) 2017.pdf
CSP_Study - Notes (Paul McNeill) 2017.pdf
 
❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...
❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...
❣Independent Call Girls Chennai 💯Call Us 🔝 7737669865 🔝💃Independent Chennai E...
 
Basic principle and types Static Relays ppt
Basic principle and types Static Relays pptBasic principle and types Static Relays ppt
Basic principle and types Static Relays ppt
 
Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)
Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)
Update 40 models( Solar Cell ) in SPICE PARK(JUL2024)
 
Online train ticket booking system project.pdf
Online train ticket booking system project.pdfOnline train ticket booking system project.pdf
Online train ticket booking system project.pdf
 
SPICE PARK JUL2024 ( 6,866 SPICE Models )
SPICE PARK JUL2024 ( 6,866 SPICE Models )SPICE PARK JUL2024 ( 6,866 SPICE Models )
SPICE PARK JUL2024 ( 6,866 SPICE Models )
 
🚺ANJALI MEHTA High Profile Call Girls Ahmedabad 💯Call Us 🔝 9352988975 🔝💃Top C...
🚺ANJALI MEHTA High Profile Call Girls Ahmedabad 💯Call Us 🔝 9352988975 🔝💃Top C...🚺ANJALI MEHTA High Profile Call Girls Ahmedabad 💯Call Us 🔝 9352988975 🔝💃Top C...
🚺ANJALI MEHTA High Profile Call Girls Ahmedabad 💯Call Us 🔝 9352988975 🔝💃Top C...
 
Call Girls Goa (india) ☎️ +91-7426014248 Goa Call Girl
Call Girls Goa (india) ☎️ +91-7426014248 Goa Call GirlCall Girls Goa (india) ☎️ +91-7426014248 Goa Call Girl
Call Girls Goa (india) ☎️ +91-7426014248 Goa Call Girl
 
Call Girls In Tiruppur 👯‍♀️ 7339748667 🔥 Free Home Delivery Within 30 Minutes
Call Girls In Tiruppur 👯‍♀️ 7339748667 🔥 Free Home Delivery Within 30 MinutesCall Girls In Tiruppur 👯‍♀️ 7339748667 🔥 Free Home Delivery Within 30 Minutes
Call Girls In Tiruppur 👯‍♀️ 7339748667 🔥 Free Home Delivery Within 30 Minutes
 

Security models

  • 1. Security Models Copyright by Aakash Panchal All Right reversed by LJ Projects
  • 3. Terminology 3 Trusted Computing Base (TCB) – combination of protection mechanisms within a computer system Subjects / Objects Subjects are active (e.g., users / programs) Objects are passive (e.g., files) Reference Monitor – abstract machine that mediates subject access to objects Security Kernel – core element of TCB that enforces the reference monitor’s security policy
  • 4. Types of Access Control 4 Discretionary Access Control (DAC) – data owners can create and modify matrix of subject / object relationships (e.g., ACLs) Mandatory Access Control (MAC) – “insecure” transactions prohibited regardless of DAC Cannot enforce MAC rules with DAC security kernel Someone with read access to a file can copy it and build a new “insecure” DAC matrix because he will be an owner of the new file.
  • 5. Information Flow Models 5 In reality, there are state transitions Key is to ensure transitions are secure Models provide rules for how information flows from state to state. Information flow models do not address covert channels Trojan horses Requesting system resources to learn about other users
  • 6. State Machine Model State is a snapshot of the system at one moment in time. State transition is the change to the next state. If all the state transitions in a system are secure and if the initial state of the system is secure, then every subsequent state will also be secure, no matter what input occurs.
  • 8. Bell-LaPadula (BLP) Model 8 BLP is formal (mathematical) description of mandatory access control First model that was created to control access to data. Three properties: ds-property (discretionary security) ss-property (simple security – no “read up”) *-property (star property – no “write down”) A secure system satisfies all of these properties BLP includes mathematical proof that if a system is secure and a transition satisfies all of the properties, then the system will remain secure.
  • 9. Bell-LaPadula Model (Continued) 9 Honeywell Multics kernel was only true implementation of BLP, but it never took hold DOD information security requirements currently achieved via discretionary access control and segregation of systems rather than BLP-compliant computers The problem with this model is that it does not deal with integrity of the data.
  • 10. Bell-LaPadula Model (Continued) 10 The star property makes it possible for a lower level subject to write to a higher classified object. A covert channel is an information flow that is not controlled by a security mechanism. A low level subject may see high level object name but are denied access to the contents of the object.
  • 11. Harrison-Ruzzo-Ullman Model BLP model does not state policies for changing access rights or for the creation or deletion of subjects and objects. This model defines authorization system that address these issues. It operates on access matrices and verifies if there is any sequence of instructions that cause an access right to leak information.
  • 12. Three Main Goals of Integrity Preventing unauthorized users from making modifications to data or programs. Preventing authorized users from making improper or unauthorized modifications. Maintaining internal and external consistency of data and programs.
  • 13. Biba Model 13 Similar to BLP but focus is on integrity, not confidentiality Implements the first goal of integrity. Result is to turn the BLP model upside down High integrity subjects cannot read lower integrity objects (no “read down”) Subjects cannot move low integrity data to high-integrity environment (no “write up”)
  • 14. Intuition Behind Models Control of confidential information is important both in military and commercial environment. However in commercial environment the integrity of data is also equally important to prevent errors and frauds. The higher the level, the more confidence one has that a program will execute correctly. Data at higher level is more accurate, reliable and trustworthy than data at the lower level.
  • 15. Clark-Wilson Model 15 Reviews distinction between military and commercial policy Military policy focus on confidentiality Commercial policy focus on integrity Mandatory commercial controls typically involve who gets to do what type of transaction rather than who sees what (Example: Handle a check above a certain amount)
  • 16. Clark-Wilson Model (Continued) 16 Two types of objects: Constrained Data Items (CDIs) Unconstrained Data Items (UDIs) Two types of transactions on CDIs in model Integrity Verification Procedures (IVPs) Transformation Procedures (TPs) IVPs certify that TPs on CDIs result in valid state All TPs must be certified to result in valid transformation
  • 17. Clark-Wilson Model (Continued) 17 System maintains list of valid relations of the form: {UserID, TP, CDI/UDI} Only permitted manipulation of CDI is via an authorized TP If a TP takes a UDI as an input, then it must result in a proper CDI or the TP will be rejected Additional requirements Auditing: TPs must write to an append-only CDI (log) Separation of duties
  • 18. Clark-Wilson Model (Continued) 18 Subjects have to identified and authenticated. Objects can be manipulated only by a restricted set of programs. Subjects can execute only a restricted set of programs A proper audit log has to be maintained.
  • 19. Clark-Wilson versus Biba 19 In Biba’s model, UDI to CDI conversion is performed by trusted subject only (e.g., a security officer), but this is problematic for data entry function. In Clark-Wilson, TPs are specified for particular users and functions. Biba’s model does not offer this level of granularity.
  • 20. Chinese Wall 20 Focus is on conflicts of interest. Principle: Users should not access the confidential information of both a client organization and one or more of its competitors. How it works Users have no “wall” initially. Once any given file is accessed, files with competitor information become inaccessible. Unlike other models, access control rules change with user behavior
  • 21. Chinese Wall 21 Separation of Duty. A given user may perform transaction A or Transaction B but not both. A simple security property A subject has access to an object if and only if, all the objects that subject can read are from non competing groups. The *- Property A subject can write to client only if the subject can not read any object from a competing group.

Editor's Notes

  1. Copyright by Aakash Panchal All Right reversed by LJ Projects
  2. Follow us
  翻译: