Principles of Security Model Slide ke-12 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki

(1)

Principles of Security Model

Slide ke-12 Mata Kuliah: Keamanan Jaringan

(2)

Course Objectives

Security Models, Subjects and

Objects, Understanding System

Security and Evaluation, Common

(3)

Security Models

• In information security, models provide a

way to formalize security policies.

– Provide an explicit set of rules that a computer can follow to implement the

fundamental security concepts, processes,

and procedures that make up a security policy.

• In this way, developers can be sure their security implementation supports the

(4)

Security Models (Cont.)

• You’ll explore several security models in the following sections:

1. Trusted computing base. 2. State machine model.

3. Take-Grant model.

(5)

Security Models (Cont.)

• You’ll explore several security models in the following sections:

6. Biba.

7. Clark-Wilson.

(6)

Trusted Computing Based

(TCB)

• Trusted computing base (TCB) as a

Combination

of hardware, software, and controls that work together to form a trusted base, to enforce your security

(7)

(8)

State Machine Model

• It is based on the Computer Science

(9)

Take Grant Model (1)

• The Take-Grant model employs a directed graph to dictate how rights can be

passed from one subject to another or from a subject to an object.

(10)

(11)

Access Control Matrix (1)

• An access control matrix is a table of

subjects and objects that indicates the actions or functions that each subject can perform on each object.

(12)

(13)

Bell-LaPadula Model (1)

• The U.S. Department of Defense (DoD) developed the Bell-LaPadula model in the 1970s to address concerns about

(14)

Bell-LaPadula Model (2)

• There are Three Basic Properties:

– The Simple Security Property states that a subject may Not Read Information at a Higher Sensitivity

Level (no read up).

– The * (star) Security Property states that a subject may Not Write Information to an Object at a Lower Sensitivity Level (no write down). This is also known as the confinement property .

– The Discretionary Security Property states that the system uses an access matrix to enforce

(15)

(16)

Biba Model (1)

• For many nonmilitary organizations, in

this case integrity is more important than conﬁdentiality.

• The Biba model was designed after the Bell-LaPadula model.

(17)

Biba Model (2)

• Here are the

Basic Properties

of the Biba model state machine:

– _{The Simple Integrity Property}_{states that a}

subject cannot read an object at a lower integrity level (no read down).

(18)

(19)

Clark-Wilson Model (1)

• Although the Biba model works in

commercial applications, another model was designed in 1987 speciﬁcally for the commercial environment.

• The Clark-Wilson model uses a

(20)

Clark-Wilson Model (2)

• Clark-Wilson deﬁnes the following items and

procedures:

1. A constrained data item (CDI) is any data item whose integrity is protected by the security

model.

2. An unconstrained data item (UDI) is any data item that is not controlled by the security model. 3. An integrity verification procedure (IVP) is a

(21)

Clark-Wilson Model (3)

• Clark-Wilson deﬁnes the following items and procedures:

4. Transformation Procedures (TPs) are the only procedures that are allowed to modify a CDI. The limited access to CDIs through

(22)

Brewer and Nash Model (1)

• This model was created to permit access controls to change dynamically based on a user’s previous activity.

• Individuals are only allowed to access data that is not in conflict with data they

accessed previously.

• It allows controls to be put into place to

(23)

(24)

Objects and Subjects Systems

• Closed and Open System.

• Technique for Ensuring Confidentiality, Integrity, and Availability.

(25)

Objects and Subjects Systems

• Systems are designed and built according to one of two differing philosophies:

–

_Closed

and

Open Systems

.

• _{A Closed System}_{is designed to work}

well with a narrow range of other systems, generally all from the same manufacturer. • The standards for closed systems are

(26)

Closed System (1)

• Closed systems are Harder To Integrate with unlike systems, but they can be more secure.

– A Closed System often comprises proprietary hardware and software that does not

(27)

Closed System (2)

• In many cases, attacking a closed system is harder than launching an attack on an open system.

– In addition to the lack of known vulnerable components on a closed system, it is often necessary to possess more in-depth

(28)

Open System (1)

• Open Systems

, on the other hand, are designed using agreed-upon industry

standards.

(29)

Open System (2)

• Open systems are generally far easier to integrate with other open systems.

– The openness makes them more

(30)

Techniques for Ensuring

Confidentiality, Integrity, and

Availability.

• Confinement.

• Bounds.

(31)

Confinement

• Process conﬁnement allows a process to

read from and write to only certain memory locations and resources.

– If a process attempts to initiate an action

beyond its granted authority, that action will

(32)

Bounds

• Each Process that runs on a system is assigned an authority level that tells the operating system what the process can

do.

• The bounds of a Process Consist of

(33)

Isolation

• When a process is conﬁned through

enforcing access bounds, that process runs in

isolation

.

– These three concepts (conﬁnement,

bounds, and isolation) make designing secure programs and operating systems more difﬁcult, but they also make it possible to

(34)

Trust and Assurance (1)

• A Trusted System is one in which all

protection mechanisms Work Together to process sensitive data for many types of users while maintaining a stable and

secure computing environment.

(35)

Trust and Assurance (2)

• Assurance must be

Continually

(36)

End of Slides

• Available at