lecture 2: security policy models
DESCRIPTION
Lecture 2: Security Policy Models. Fred Chong CS290N Architectural Support for Secure and Reliable Computing. Multi-Level vs Multi-Lateral Policies. Bell-La Padua Policy. BLP vs BIBA. Biba. Example: BLP password file protection. Password file is “high” - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/1.jpg)
Lecture 2: Security Policy Models
Fred ChongCS290N Architectural Support for
Secure and Reliable Computing
![Page 2: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/2.jpg)
Multi-Level vs Multi-Lateral Policies
![Page 3: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/3.jpg)
Bell-La Padua Policy
![Page 4: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/4.jpg)
BLP vs BIBA
![Page 5: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/5.jpg)
Biba
![Page 6: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/6.jpg)
Example: BLP password file protection
• Password file is “high”• Network reads and writes are “low”• Malware from the network is “low,” can’t read
password file (read of “high” from “low”)• Even if Malware becomes “high” somehow,
can’t write password data to the network (write of “high” to “low”)
![Page 7: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/7.jpg)
Example: Biba protects system files
• System files are “high”• Malware from the network is “low”• Malware can’t write to system files (“low”
writes to “high”)• Hardware dynamic information flow tracking
techniques (taint tracking) implement Biba
![Page 8: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/8.jpg)
Chinese Wall
![Page 9: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/9.jpg)
BLP vs Chinese Wall
![Page 10: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/10.jpg)
Clark-Wilson
![Page 11: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/11.jpg)
BLP vs Clark-Wilson
![Page 12: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/12.jpg)
BLP with Codewords
• “Need to know”• A Lattice Model
![Page 13: Lecture 2: Security Policy Models](https://reader036.vdocument.in/reader036/viewer/2022062812/5681632f550346895dd3ab22/html5/thumbnails/13.jpg)
BMA medical record policy