Mandatory access controls

PROS AND CONS OF MAC Pros: Provide a high degree of protection – in a way of preventing any illegal flow of information. Suitable for military types of applications. Cons: Not easy to apply: require a strict classification of subjects and objects into security levels. Applicable for very few environments.

pdf29 trang | Chia sẻ: vutrong32 | Lượt xem: 1158 | Lượt tải: 0download
Bạn đang xem trước 20 trang tài liệu Mandatory access controls, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
MANDATORY ACCESS CONTROLS Faculty of Computer Science & Engineering HCMC University of Technology Information Systems of Technology 1  Introduction to Mandatory Access Control MAC in Oracle: Oracle Label Security OUTLINE 2  Security Classes MAC properties Multilevel relation  Pros and cons of MAC INTRODUCTION TOMAC 3 INTRODUCTION TOMAC Mandatory Access Control (MAC):  MAC applies to large amounts of information requiring strong protect in environments where both the system data and users can be classified clearly.  MAC is a mechanism for enforcing multiple level of security.  Propose Model: Bell-LaPadula 4 SECURITY CLASSES  Classifies subjects and objects based on security classes.  Security class:  Classification level  Category  A subject classification reflects the degree of trust and the application area.  A object classification reflects the sensitivity of the information. 5 CLASSIFICATION LEVEL  Typical classification level are:  Top secret (TS)  Secret (S)  Confidential (C)  Unclassified (U) Where TS is the highest level and U is the lowest: TS ≥ S ≥ C ≥ U 6 CATEGORY  Categories tend to reflect the system areas or departments of the organization.  Example: there are 3 departments of the organization: Sales, Production, Delivery 7 SECURITY CLASSES  A security class is defined as follow: SC = (A, C) A: classification level C: category  A relation of partial order on the security classes: SC ≤ SC’ is verified, only if: A ≤ A’ and C’ ⊇ C  Examples: (2, Sales) ≤ (3, (Sales, Production)) (2, (Sales, Production)) ≤ (3, Sales) 8  Security Classes MAC properties Multilevel relation  Pros and cons of MAC INTRODUCTION TOMAC 9 MAC PROPERTIES  Simple security property: A subject S is not allowed read access to an object O unless class(S) ≥ class(O).  No read-up  Star property (or * property): A subject S is not allowed to write an object O unless class(S) ≤ class(O)  No write-down These restrictions together ensure that there is no direct flow of information from high to low subjects!!! 10 WHY STAR PROPERTY? 11 WHY STAR PROPERTY? 12 WHY STAR PROPERTY? 13  Security Classes MAC properties Multilevel relation  Pros and cons of MAC INTRODUCTION TOMAC 14 MULTILEVEL RELATION Multilevel relation: MAC + relational database model Data objects: attributes and tuples Each attribute A is associated with a classification attribute C A tuple classification attribute TC is to  provide a classification for each tuple as a whole, the highest of all attribute classification values. R(A1,C1,A2,C2, , An,Cn,TC)  The apparent key of a multilevel relation is the set of attributes that would have formed the primary key in a regular (single-level) relation. 15 Multilevel relation 16 A multilevel relation will appear to contain different data to subjects (users) with different security levels SELECT * FROM EMPLOYEE Multilevel relation A user with security level S 17 SELECT * FROM EMPLOYEE Multilevel relation A user with security level C 18 SELECT * FROM EMPLOYEE Multilevel relation A user with security level U 19 SELECT * FROM EMPLOYEE Multilevel relation A user with security level U 20 Read and write operations: satisfy the No Read-Up and No Write-Down principles. Properties of Multilevel relation 21 Entity integrity: all attributes that are members of the apparent key must not be null and must have the same security classification within each individual tuple.  In addition, all other attribute values in the tuple must have a security classification greater than or equal to that of the apparent key. Properties of Multilevel relation  This constraint ensures that a user can see the key if the user is permitted to see any part of the tuple at all. 22 PROPERTIES OFMULTILEVEL RELATION Polyinstantiation: where several tuples can have the same apparent key value but have different attribute values for users at different classification levels. 23 POLYINSTANTIATION EXAMPLE (security level C) A user with security level C tries to update the value of JobPerformance of Smith to ‘Excellent’: UPDATE EMPLOYEE SET JobPerformance = ‘Excellent’ WHERE Name = ‘Smith’; 24 POLYINSTANTIATION EXAMPLE 25  Security Classes MAC properties Multilevel relation  Pros and cons of MAC INTRODUCTION TOMAC 26 PROS AND CONS OFMAC  Pros:  Provide a high degree of protection – in a way of preventing any illegal flow of information.  Suitable for military types of applications.  Cons:  Not easy to apply: require a strict classification of subjects and objects into security levels.  Applicable for very few environments. 27  Introduction to Mandatory Access Control MAC in Oracle: Oracle Label Security OUTLINE 28  Introduction to Mandatory Access Control MAC in Oracle: Oracle Label Security (Lab) OUTLINE 29

Các file đính kèm theo tài liệu này:

  • pdfslide05_mac_9454.pdf