Principles of Security Model Slide ke-12 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki
Principles of Security Model
Slide ke-12 Mata Kuliah: Keamanan Jaringan
Course Objectives
Security Models, Subjects and
Objects, Understanding System
Security and Evaluation, Common
Flaws and Security Issue.
Security Models
- In information security, models provide a way to formalize security policies.
- – Provide an explicit set of rules that a computer can follow to implement the
fundamental security concepts, processes,
and procedures that make up a security policy.
developers can be sure their
- In this way,
Security Models (Cont.)
- You’ll explore
several security models in
the following sections: 1. Trusted computing base.
2. State machine model.
3. Take-Grant model.
4. Access control matrix.
Security Models (Cont.)
- You’ll explore
several security models in
the following sections: 6. Biba.
7. Clark-Wilson.
8. Brewer and Nash model (also known as
Chinese Wall).Trusted Computing Based (TCB)
- Trusted computing base (TCB) as a
Combination of hardware, software
and controls that work together to form a trusted base, to enforce your security policy.
Trusted Computing Based (TCB)
State Machine Model
- It is based on the Computer Science definition of a Finite State Machine (FSM).
Take Grant Model (1)
- The Take-Grant model employs a directed graph to dictate how rights can be
passed from one subject to another or from a subject to an object.
- Simply put, a
subject with the grant right can grant another subject or another Take Grant Model (2)
Access Control Matrix (1)
- An access control matrix is
a table of
subjects and objects that indicates the
actions or functions that each subject can perform on each object.
- Each column of the matrix is an
access control list (ACL). Each row of the matrix Access Control Matrix (2)
Bell-LaPadula Model (1)
- The U.S. Department of Defense (DoD) developed the Bell-LaPadula model in the 1970s to address concerns about protecting classified information .
Bell-LaPadula Model (2)
- There are
: Three Basic Properties he Simple Security Property states that a subject
- – T
may Not Read Information at a Higher Sensitivity Level (no read up).
- – The * (star) Security Property states that a subject
may Not Write Information to an Object at a Lower Sensitivity Level (no write down). This is also known as the confinement property .
Bell-LaPadula Model (3)
Biba Model (1)
- For many nonmilitary organizations
, in this case integrity is more important than confidentiality.
- The Biba model was designed after the Bell-LaPadula model.
Bell-LaPadula model addresses
- – Where the
confidentiality , the Biba model addresses
Biba Model (2)
- Here are the
Basic Properties of the
Biba model state machine:
states that a
- – The Simple Integrity Property
subject cannot read an object at a lower
integrity level (no read down).- – The * (star) Integrity Property states that a
subject cannot modify an object at a higher
Biba Model (3)
Clark-Wilson Model (1)
- Although the Biba model works in commercial applications, another model was designed in 1987 specifically for the commercial environment.
- The
Clark-Wilson model uses a Multifaceted Approach to enforcing data
Clark-Wilson Model (2)
- Clark-Wilson defines the following
items and procedures :
1. A constrained data item (CDI) is any data item
whose integrity is protected by the security
model.2. An unconstrained data item (UDI) is any data item that is not controlled by the security model.
Clark-Wilson Model (3)
- Clark-Wilson defines the following items and procedures:
only procedures that are allowed to modify a CDI. The limited access to CDIs through TPs forms the backbone of the Clark-Wilson integrity model.
Brewer and Nash Model (1)
- This model was created to permit access
controls to change dynamically based on a user’s previous activity.
- Individuals are only allowed to access data that is not in conflict with data they accessed previously.
Brewer and Nash Model (2)
Objects and Subjects Systems • Closed and Open System
- Technique for Ensuring Confidentiality, Integrity, and Availability.
- Trust and Assurance.
Objects and Subjects Systems
- Systems are designed and built according to one of two differing philosophies:
and .
- –Closed Open Systems
- A Closed System is designed to work
well with a narrow range of other systems, generally all from the same manufacturer.
Closed System (1)
- Closed systems are
Harder To Integrate
with unlike systems, but they can be more secure.
- – A Closed System often comprises proprietary hardware and software that does not incorporate industry standards.
Closed System (2)
- In many cases,
attacking a closed system is harder than launching an attack on an open system.
- – In addition to the lack of known vulnerable components on a closed system, it is often
necessary to possess more in-depth
knowledge of the specific target system to
Open System (1)
• Open Systems , on the other hand, are
designed using agreed-upon industry standards.
- Open systems are much easier to
integrate with systems from different
manufacturers that support the same
Open System (2)
- Open systems are generally
far easier to integrate with other open systems.
- – The openness makes them more
vulnerable to attack , and their widespread availability makes it possible for attackers to find plenty of potential targets.
Techniques for Ensuring Confidentiality, Integrity, and Availability.
- Confinement.
- Bounds.
- Isolation.
Confinement
- Process confinement
allows a process to read from and write to only certain memory locations and resources .
- – If a process attempts to initiate an action beyond its granted authority, that action
will be denied .
Bounds
- Each Process
that runs on a system is
assigned an authority level that tells the
operating system what the process can do.
- The bounds of a
Process Consist of Limits Set on the memory addresses and
Isolation
- When a process is confined through enforcing access bounds, that process runs in isolation .
- – These three concepts (
confinement, ) make designing bounds, and isolation secure programs and operating systems more difficult, but they also make it possible to
Trust and Assurance (1)
- A Trusted System
is one in which all protection mechanisms Work Together to process sensitive data for many types of users while maintaining a stable and secure computing environment.
- Assurance
is simply defined as the
Continually
Maintained, Updated, and Reverified
.
Trust and Assurance (2)
- Assurance must be
End of Slides
- Available at