Post on 16-Jun-2015
description
transcript
Mandatory Access Control
Access Control Overview
• Access Controls: The security features that control how users and systems communicate and interact with one another
• Access: The flow of information between subject and object
• Subject: An active entity that requests access to an object or the data in an object
• Object: A passive entity that contains information
http://www.ifour-consultancy.com Offshore software development company India
Security PrinciplesThe three main security principles also pertain to access control:
ConfidentialityIntegrity
Availability
http://www.ifour-consultancy.com Offshore software development company India
Access Control Models
Discretionary Mandatory Role based
http://www.ifour-consultancy.com Offshore software development company India
MAC: Mandatory Access Control
• A system-wide policy decrees who is allowed to have access
• Relies on the system to control access rather than individuals
• This model is used in highly classified and confidential environments (e.g. the military)
• Example: The law allows a court to access driving records without the owners’ permission
http://www.ifour-consultancy.com Offshore software development company India
Security Policy Model
• A security policy model is a concise statement of the protection properties that a system, or generic type of system, must have
• Traditional MAC mechanisms have been tightly coupled to a few security models
• Recently, systems support flexible security models (e.g., SELinux, Trusted Solaris, TrustedBSD, etc.)
http://www.ifour-consultancy.com Offshore software development company India
Why MAC?
• Need for consistency of global polices which cannot be met by DAC
• Control of information flow one object to another, so that access to a copy is not possible if the owner of the original does not provide access
• Control to prevent malicious/flawed software from modifying system policies. DAC cannot prevent this if program runs by owner access.
http://www.ifour-consultancy.com Offshore software development company India
Multilevel Security • People and Information are classified into different levels of trust and sensitivity
• Clearance level : Indicates the highest level of classified information to be stored or handled by the person, device, or location
• Classification level : Indicate the degree of damage the country could suffer if the information is disclosed to an enemy
• Security level is a generic term for either a clearance level or a classification level
Unclassified Confidential Secret Top Secret
http://www.ifour-consultancy.com Offshore software development company India
The Bell-LaPadula Security Policy Model
• Proposed by David Bell and Len LaPadula in 1973
• The most widely recognized MLS model
• Deals with confidentiality only
http://www.ifour-consultancy.com Offshore software development company India
The Bell-LaPadula Security Policy Model
• Two properties: No read up and No write down
◦ Simple security property: Subject A is allowed to read object O only if
class(O) ≤ class(A)
◦ * property: Subject A is allowed to write object O only if class(A) ≤ class(O)
• The * property was Bell and LaPadula’s critical innovationhttp://www.ifour-consultancy.com Offshore software development company India
The Biba Model
• Proposed by Ken Biba
• Deals with integrity alone and ignores confidentiality entirely
• Covers integrity levels, which are analogous to sensitivity levels in Bell-LaPadula
• Integrity levels cover inappropriate modification of data
http://www.ifour-consultancy.com Offshore software development company India
The Biba Model
• Read Up, Write Down : Subjects cannot read objects of lesser integrity, subjects cannot write to objects of higher integrity
• Two properties:◦ Simple Integrity Property: A low integrity subject will not write
or modify high integrity data
◦ * Property: The high integrity subject will not read low integrity data
http://www.ifour-consultancy.com Offshore software development company India
Multilateral Security• To protect information from leaking between compartments on the same level
• Also known as compartmentation
• Example: Customers of an Internet bank can not see each others’ data nor can they make their data visible to others (not even accidentally)
http://www.ifour-consultancy.com Offshore software development company India
Different typesOrganizationalPrivilege-basedA mix
Multilateral security models:The Chinese Wall ModelThe BMA Model (British Medical Association)
Multilateral Security
http://www.ifour-consultancy.com Offshore software development company India
The Chinese Wall Model• Proposed by David Brewer and Michael Nash 1989
• Rules to prevent conflict of interest
• Rule: There must be no information flow that causes a conflict of interest
• Conflict of Interest (CoI) classes: indicate which companies are in competition.
http://www.ifour-consultancy.com Offshore software development company India
Eg :- COI
Bank A Bank B School 1 School 2
School 3
Company datasets
files
Conflict of interest (CoI) class
http://www.ifour-consultancy.com Offshore software development company India
Simple security rule(Read rule):
A subject s can access company c’s data only if ◦ s has already accessed c’s data
OR◦ s has not accessed any of c’s competitors’data
*Property (Write Rule):
S can write to c’s data only if s can not read any other company’s sensitive data
The Chinese Wall Model
http://www.ifour-consultancy.com Offshore software development company India
BMA Model(British Medical Association)• Protects medical information
• Protects personal information of clients
• Famous in the health information sciences
http://www.ifour-consultancy.com Offshore software development company India
BMA Model BMA security policy is consists on the nine principles
1. Access Control – access control list2. Record Opening 3. Control4. Consent and Notification5. Persistence – delete only after time period has expired6. Attribution – record name, date and time7. Information Flow – append if there is common access list8. Aggregation Control – measures to prevent aggregation of
personal health information9. Trusted Computing base
http://www.ifour-consultancy.com Offshore software development company India
MAC Implementation in Windows Vista
• It is called Mandatory Integrity Control (MIC) in Windows Vista
• MIC implements a form of the Biba model, which ensures integrity by controlling writes and deletions
1. Label on Subjects2. Label on Objects3. Access Control Policy4. Relationship to DAC5. Default levels6. Integrity Levels
http://www.ifour-consultancy.com Offshore software development company India
MAC Implementation in Windows Vista Integrity levels: Windows Vista defines four integrity levels
Everyone can accessLow
Standard users, authenticated users.MediumLocal service, network service, elevated usersHigh
System servicesSystem
http://www.ifour-consultancy.com Offshore software development company India
MAC Implementation in Windows Vista
• Usually, child processes inherit the integrity level of their parents, unless the executable program running in the child process has a lower integrity level.
For example: downloaded executables
• The integrity level can also be customized on a per-process basis
For example: Internet Explorer 8
http://www.ifour-consultancy.com Offshore software development company India
References1. CIS/CSE 643: Computer Security (Syracuse University)
2. www.Wikipedia.com
3. http://www.cs.cornell.edu/courses/cs5430/2011sp/NL.accessControl.html
4. http://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control
5. Symbiosis students1. Aswathi Jayaram2. Manikaran Singh3. Priti Patil4. Sabari Nair
http://www.ifour-consultancy.com Offshore software development company India