Download Computer Security - Florida State University

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
Document related concepts

Spring (operating system) wikipedia , lookup

Burroughs MCP wikipedia , lookup

DNIX wikipedia , lookup

OS 2200 wikipedia , lookup

VS/9 wikipedia , lookup

Security-focused operating system wikipedia , lookup

Unix security wikipedia , lookup

Transcript 
Computer Security
Access Control
5/23/2017
1
The Orange Book
First published in 1983, the Department of Defense Trusted
Computer System Evaluation Criteria, known as the Orange
Book is the de facto standard for computer security today.
The Orange Book, and others in the Rainbow Series, are still
the benchmark for systems produced almost two decades
later, and Orange Book classifications such as C2 provide a
shorthand for the base level security features of modern
operating systems.
5/23/2017
2
Access Control
Terminology
• subject, object, reference monitor
• access request
Subject
5/23/2017
Access
request
Reference
monitor
Object
3
Access Control
We can specify
• What a subject is allowed to do
• Way may be done with an object
5/23/2017
4
Access Operations
• Access modes
– Observe  look at the contents of an object
– Alter  change the contents of an object
5/23/2017
5
Access Operations
• Access rights & attributes
–
Bell-LaPadula security model
Access rights execute
append
observe
alter
5/23/2017
read
write
x
x
x
x
6
Access Operations
• Unix
file
read
read from a file
Write write to a file
execute execute a (program) file
directory
list directory contents
create or rename a file in a directory
search the directory
Access rights are changed by my modifying the file’s
entry in its directory
5/23/2017
7
Access Operations
• Windows NT
Permissions of Windows New Technology File System (NTFS)
–
–
–
–
–
–
read
write
execute
delete
change permission
change ownership
One does not rely on operations on directories for deletion of files,
or to change access rights.
5/23/2017
8
Ownership
• The owner of a resource decrees who is
allowed to access it.
• A system wide policy decrees who has access./
5/23/2017
9
Access Control Structures
Now we must state which access operations are permitted.
We do this by studying their structures.
Let
• S be a set of subjects,
• O a set of objects,
• A a set of access operations
5/23/2017
10
Access Control Matrix
Access rights are determined by a matrix
M = (Mso)seS,oeO with Mso  A
The Bell-LaPadula model employs access contol
matrices to model discretionary access policies of
the Orange Book.
5/23/2017
11
Access Control Matrix
An example
bill.doc
Alice
Bob
5/23/2017
--{read,write}
edit.exe
fun.com
{execute}
{execute, read}
{execute}
{execute,read,write}
12
Access Control Matrix
Access rights can be kept with the
• subjects or the
• objects.
5/23/2017
13
Access Control Matrix
Capabilities
If the access rights are kept with the subjects then
these are the subject’s access rights.
Every subject is given a capability.
Alice’s capability: edit.exe: execute; fun.com: read
Bob’s capability: bill.doc: read, write; edit.exe: execute;
fun.com: execute, read, write
5/23/2017
14
Access Control Matrix
Access control lists (ACL)
An ACL stores the access rights to an object with
the object itself.
ACLs are a typical feature of secure operating
systems of the Orange Book class C2
ACL for bill.doc: Bill: read write
ACL for bill.doc: Alice: execute; Bill: execute
ACL for fun.com: Alice: execute, read; Bill: execute,read, write
5/23/2017
15
Access Control Matrix
Access control lists (ACL)
Management of access rights can be cumbersome.
Therefore users are placed in groups, and derive
access from a user’s group.
5/23/2017
16
Intermediate control
Managing a security policy defined by an access
control matrix is a complex task in large systems.
There are several means of simplifying this task.
5/23/2017
17
Groups and negative permissions
subjects
s1
s2
groups
o1
objects
5/23/2017
s3
s4
g1
o2
s5
g2
o3
o4
o5
o6
18
Groups and negative permissions
subjects
groups
s1
s2
x
o1
objects
5/23/2017
s3
x
g1
o2
s4
o3
s5
g2
o4
o5
o6
19
Protection rings
0
1
2
3
operating system kernel
operating system
utilities
user processors
Each subject (or process) is assigned a number
0,1,2,3… depending on its importance.
5/23/2017
20
Protection rings
3
5/23/2017
2 1
0
0 operating system kernel
1
operating system
2
utilities
3
user processors
21
Protection rings
Protection rings are mainly used for integrity protection
An example is the QNX Neutrino microkernel OS *
• The Neutrino microkernel runs in ring 0
• The Neutrino process runs in ring 1
• All other programs run in ring 3
* A microkernel OS is structured as a tiny kernel that provides the minimal services
used by a team of optional cooperating processes, which in turn provide the higher
level OS functionality.
5/23/2017
22
Protection rings
Unix employs a similar protection but uses only two
levels
5/23/2017
23
Privileges
subjects
s1
s2
privileges
op1
s3
s4
pr1
op2
s5
pr2
op3
op4
op5
op6
operations
5/23/2017
24
Role base access control
Privileges come predefined with the OS
• Roles: a collection of procedures
– roles are assigned to users; a user can have many roles
• Procedures: high-level access control methods.
Can only be applied to objects of certain data types.
• Datatypes: each object has a certain datatype and
can only be accessed throuhg procedures defined
for this datatype.
5/23/2017
25
The lattice OS Security levels
The Mandatory Access Control (MAC) policies and the
multi-level security policies of the Orange Book refer
to security levels.
top secret
secret
confidential
unclassified
5/23/2017
26
A lattice
{a,b,c}
{a,b}
{b,c}
{a,c}
{a}
{b}
{c}
{0}
5/23/2017
27
A lattice
A lattice (L,  ) is a set with a partial ordering 
Such that for each pair of elements a,b of L there is
a lub u in L and a glb v in L.
5/23/2017
28
An example
• Let H be a set of classifications with hierarchical
ordering  .
• Take a set of categories C, e.g. project names,
company divisions, etc
• A compartment is a set of categories.
• A security label (level) is a pair (h,c), where h in H is
the security level and c in C is a compartment.
5/23/2017
29
An example
• The partial ordering is defined by:
(h1,c1)  (h2,c2) if and only if h1 h2 and c1  c2
5/23/2017
30
Related documents
Instructor Rubric for Presentations
Instructor Rubric for Presentations
WWW Lab1
WWW Lab1
Sustainable Consumption & Production
Sustainable Consumption & Production
Document
Document
Tapeworm Diseases - AAP Red Book
Tapeworm Diseases - AAP Red Book
Document
Document
Math 130
Math 130
Slide 1
Slide 1
Marketing Essentials: Intro to Marketing
Marketing Essentials: Intro to Marketing
CFP - IEEE SMC 2017
CFP - IEEE SMC 2017
Slides4
Slides4