Information Flows and Covert Channels
|
|
- Randolph O’Neal’
- 7 years ago
- Views:
Transcription
1 Information Flows and Covert Channels Attila Özgit METU, Dept. of Computer Engineering Based on: Mike McNett s presentation slides CENG-599 Data Security and Protection
2 Objectives Understand the purpose of modeling information access Understand information flow principles Understand how information flows can be identified Understand covert channels and how to prevent them CENG-599 Data Security and Protection AÖ - 2
3 Why Model? What is an Information Security Model? Why use one? A security policy is a statement that partitions the states of the system into a set of authorized, or secure,, states and a set of unauthorized,, or nonsecure,, states (Bishop) A security model is a model that represents a particular policy or set of policies. (Bishop) A security mechanism is an entity or procedure that enforces some part of the security policy. (Bishop) CENG-599 Data Security and Protection AÖ - 3
4 Examples Security Policy e.g. Those described for use in the military Security Model e.g. BLP Model Security Mechanism e.g. Fenton s Data Mark Machine CENG-599 Data Security and Protection AÖ - 4
5 Why Formal Models? Regulations are generally descriptive rather than prescriptive, so they don t tell you how to implement Systems must be secure security must be demonstrable --> proofs therefore, formal security models For real systems this is not easy to do so. CENG-599 Data Security and Protection AÖ - 5
6 Categories of InfoSec Models Two major categories of information security models: Access Control models: protect access to data* Integrity Control models: verify that data* is not changed * applies to data in storage or in transit CENG-599 Data Security and Protection AÖ - 6
7 Traditional Models Chinese Wall Prevent conflicts of interest Clark-Wilson (An( Informal Model) Commercial focus on data integrity Bell-LaPadula (BLP) Biba Addresses confidentiality Addresses integrity with static/dynamic levels Information flow Close some covert channels CENG-599 Data Security and Protection AÖ - 7
8 Bell-LaPadula Security Model The Bell-LaPadula (BLP) model is about information confidentiality,, and this model formally represents the long tradition of attitudes to the flow of information concerning national secrets. More information found in Bishop, Chapter 5. CENG-599 Data Security and Protection AÖ - 8
9 Bell LaPadula (BLP)... Earliest formal model (Lattice) Each user (subject) and information (object) has a fixed security class labels Use the notation to indicate dominance The model identifies paths that could lead to inappropriate disclosure of information. What about Integrity? Biba A model for preventing inappropriate modification of data CENG-599 Data Security and Protection AÖ - 9
10 Bell LaPadula (BLP)... Simple Security (ss) property: the no read-up property A subject has read access to an object iff the class of the subject C(s) is greater than or equal to the class of the object C(o) i.e. Subjects can read Objects iff C(o) C(s) Military interpretation: the security class (clearance) of someone receiving a piece of information must be at least as high as the class (classification) of the information. CENG-599 Data Security and Protection AÖ - 10
11 Access Control: Bell-LaPadula... Top Secret Read OK Top Secret Read OK Read Read OK OK Secret Secret Unclassified Unclassified CENG-599 Data Security and Protection AÖ - 11
12 Access Control: Bell-LaPadula... Top Secret Secret Read Forbidden Read OK Top Secret Secret Read OK Unclassified Unclassified CENG-599 Data Security and Protection AÖ - 12
13 Access Control: Bell-LaPadula... Top Secret Top Secret Secret Unclassified Read Read Forbidden Forbidden Read Forbidden Read OK Secret Unclassified CENG-599 Data Security and Protection AÖ - 13
14 Bell - LaPadula... *-property (star-property -property): the no write-down property While a subject has read access to an object O, the subject can only write to an object P if C(O) C (P) Military interpretation: The contents of a sensitive object can be written only to objects at least as high. Leads to concentration of irrelevant detail at upper levels Discretionary Security (ds) property If discretionary policies are in place, accesses are further limited to this access matrix Although all users in the personnel department can read all [personnel] documents, the personnel manager would expect to limit the readers of a document that dealt with redundancies in the personnel department! Fig 7.7 (Pfleeger) CENG-599 Data Security and Protection AÖ - 14
15 Access Control: Bell-LaPadula... Top Secret Write OK Top Secret Write Forbidden Write Write Forbidden Forbidden Secret Secret Unclassified Unclassified CENG-599 Data Security and Protection AÖ - 15
16 Access Control: Bell-LaPadula... Top Secret Top Secret Write OK Secret Write OK Secret Write Forbidden Unclassified Unclassified CENG-599 Data Security and Protection AÖ - 16
17 Access Control: Bell-LaPadula... Top Secret Top Secret Secret Unclassified Write Write OK OK Write OK Write OK Secret Unclassified CENG-599 Data Security and Protection AÖ - 17
18 Security Models - Biba Based on the Cold War experiences, information integrity is also important, and the Biba model, complementary to Bell-LaPadula, is based on the flow of information where preserving integrity is critical. A model for preventing inappropriate modification of data The dual of BLP CENG-599 Data Security and Protection AÖ - 18
19 Integrity Control: Biba Designed to preserve integrity, not to limit access Three fundamental concepts: Simple Integrity Property no read down Star Integrity Property (*) no write up No execute up Integrity classification scheme Integrity classification scheme I(s) and I(o) CENG-599 Data Security and Protection AÖ - 19
20 Integrity Control: Biba... Simple Integrity Property no read down Subject s can modify (have write access to) object o only if I(o) I(s) Star Integrity Property (*) no write up If subject s has read access to an object o with integrity level I(o), subject s can have write access to an object p only if I(p) I(o) No execute up CENG-599 Data Security and Protection AÖ - 20
21 Integrity Control: Biba... High Integrity Read OK High Integrity Read Forbidden Read Read Forbidden Forbidden Medium Integrity Medium Integrity Low Integrity Low Integrity CENG-599 Data Security and Protection AÖ - 21
22 Integrity Control: Biba... High Integrity High Integrity Medium Integrity Low Integrity Write Write Forbidden Forbidden Write Forbidden Write OK Medium Integrity Low Integrity CENG-599 Data Security and Protection AÖ - 22
23 Integrity Control: Biba... Untrustworthy subjects An untrusted subject who has write access to an object reduces the integrity of that object. CENG-599 Data Security and Protection AÖ - 23
24 Basic Security Theorem A state transition is secure if both the initial and the final states are secure, so... If all state transitions are secure and the initial system state is secure, then every subsequent state will also be secure, regardless of which inputs occur. This is information flow! CENG-599 Data Security and Protection AÖ - 24
Access Control Intro, DAC and MAC. System Security
Access Control Intro, DAC and MAC System Security System Security It is concerned with regulating how entities use resources in a system It consists of two main phases: Authentication: uniquely identifying
More informationCS 665: Computer System Security. Designing Trusted Operating Systems. Trusted? What Makes System Trusted. Information Assurance Module
CS 665: Computer System Security Designing Trusted Operating Systems Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Trusted? An operating system is
More informationPart III. Access Control Fundamentals
Part III Access Control Fundamentals Sadeghi, Cubaleska @RUB, 2008-2009 Course Operating System Security Access Control Fundamentals 105 / 148 10 3.1 Authentication and Access Control 11 Examples for DAC
More informationSecurity Architecture and Design
IT Networks and Security & CERIAS CISSP Luncheon Series Security Architecture and Design Presented by Rob Stanfield Domain Overview Identify key principles and concepts critical to securing the infrastructure
More informationAccess Control Models Part I. Murat Kantarcioglu UT Dallas
UT DALLAS Erik Jonsson School of Engineering & Computer Science Access Control Models Part I Murat Kantarcioglu UT Dallas Introduction Two main categories: Discretionary Access Control Models (DAC) Definition:
More informationMandatory Access Control
CIS/CSE 643: Computer Security (Syracuse University) MAC: 1 1 Why need MAC DAC: Discretionary Access Control Mandatory Access Control Definition: An individual user can set an access control mechanism
More information... Lecture 3 Access Control. Information & Communication Security (WS 14/15) Prof. Dr. Kai Rannenberg
Lecture 3 Access Control Information & Communication Security (WS 14/15) Prof. Dr. Kai Rannenberg Deutsche Telekom Chair of Mobile Business & Multilateral Security Goethe-University Frankfurt a. M. Introduction
More informationInformation Security Information & Network Security Lecture 2
1 Information Security Information & Network Security Lecture 2 David Weston Birkbeck, University of London Autumn Term 2 Security Policies 3 Introduction So you ve succeeded as SO in convincing people
More informationComputer security Lecture 3. Access control
Computer security Lecture 3 Access control Access control, the basic problem: Efficient representation of access rights Simply listing, per subject and object, what access is allowed and/or denied is very
More informationDatabase Security Part 7
Database Security Part 7 Discretionary Access Control vs Mandatory Access Control Elisa Bertino bertino@cs.purdue.edu Discretionary Access Control (DAC) No precise definition Widely used in modern operating
More informationBell & LaPadula Model Security Policy Bell & LaPadula Model Types of Access Permission Matrix
1 Security Policy A document that expresses clearly and concisely what the protection mechanisms are to achieve A statement of the security we expect the system to enforce Bell & LaPadula Model Formalization
More informationCSE543 - Introduction to Computer and Network Security. Module: Access Control
CSE543 - Introduction to Computer and Network Security Module: Access Control Professor Trent Jaeger 1 Policy A policy specifies the rules of security Some statement of secure procedure or configuration
More informationLecture 14 Towards Trusted Systems Security Policies and Models
Lecture 14 Towards Trusted Systems Security Policies and Models Thierry Sans 15-349: Introduction to Computer and Network Security domains Definition of MAC MAC (Mandatory Access Control) A set of access
More informationDAC vs. MAC. Most people familiar with discretionary access control (DAC)
DAC vs. MAC Most people familiar with discretionary access control (DAC) - Example: Unix user-group-other permission bits - Might set a fileprivate so only groupfriends can read it Discretionary means
More informationAccess Control. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Access Control.
ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 10 October 2013 its335y13s2l04, Steve/Courses/2013/s2/its335/lectures/access.tex,
More informationHow To Model Access Control Models In Cse543
CSE543 - Introduction to Computer and Network Security Module: Access Control Models Professor Patrick McDaniel Fall 2008 1 Access Control Models What language should I use to express policy? Access Control
More informationRole Based Access Control: Adoption and Implementation in the Developing World
Role Based Access Control: Adoption and Implementation in the Developing World By Loy A.K. Muhwezi Master s Thesis in Computer Science Thesis number: Supervised By Dr. Martijn Oostdijk Radboud University
More informationAccess Control Matrix
Access Control Matrix List all proceses and files in a matrix Each row is a process ( subject ) Each column is a file ( object ) Each matrix entry is the access rights that subject has for that object
More informationSecurity Models: Past, Present and Future
Security Models: Past, Present and Future Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio August 2010 ravi.sandhu@utsa.edu www.profsandhu.com
More informationAccess Control: Policies, Models, and Mechanisms
Access Control: Policies, Models, and Mechanisms Pierangela Samarati 1 and Sabrina De Capitani di Vimercati 2 1 Dipartimento di Tecnologie dell Informazione Università di Milano Via Bramante 65 263 - Crema
More informationImplementation of Mandatory Access Control in Role-based Security System with Oracle Snapshot Skill
Implementation of Mandatory Access Control in Role-based Security System with Oracle Snapshot Skill CSE 367 Independent Study Final Project Report Prof. Steve Demurjian December, 13 2001 Hui Wang Lisa
More informationReference Guide for Security in Networks
Reference Guide for Security in Networks This reference guide is provided to aid in understanding security concepts and their application in various network architectures. It should not be used as a template
More informationDocument Management System Security
Document Management System Security Jonas Birmé birme@cs.umu.se January 24, 2005 20 credits Umeå University Department of Computing Science SE-901 87 UMEÅ SWEDEN Abstract A common demand today is that
More informationSecurity Model and Enforcement for Data-Centric Pub/Sub with High Information Assurance Requirements
Security Model and Enforcement for Data-Centric Pub/Sub with High Information Assurance Requirements Sebastian Staamann, Director Security Products, PrismTech OMG's Eighth Workshop on Distributed Object
More informationFirewalls. Mahalingam Ramkumar
Firewalls Mahalingam Ramkumar Evolution of Networks Centralized data processing LANs Premises network interconnection of LANs and mainframes Enterprise-wide network interconnection of LANs in a private
More informationA Security Model for Military Message Systems: Retrospective
A Security Model for Military Message Systems: Retrospective Carl E. Landwehr Constance L. Heitmeyer John D. McLean Mitretek Systems, Inc. Naval Research Laboratory Naval Research Laboratory Carl.Landwehr@mitretek.org
More informationCOSC344 Database Theory and Applications. Lecture 23 Security and Auditing. COSC344 Lecture 23 1
COSC344 Database Theory and Applications Lecture 23 Security and Auditing COSC344 Lecture 23 1 Overview Last Lecture Indexing This Lecture Database Security and Auditing Security Mandatory access control
More informationAccess Control: Policies, Models, and Mechanisms
Access Control: Policies, Models, and Mechanisms Pierangela Samarati and Sabrina de Capitani di Vimercati 2 Dipartimento di Tecnologie dell Informazione, Università di Milano Via Bramante 65, 263 Crema
More informationDatabase Security. Soon M. Chung Department of Computer Science and Engineering Wright State University schung@cs.wright.
Database Security Soon M. Chung Department of Computer Science and Engineering Wright State University schung@cs.wright.edu 937-775-5119 Goals of DB Security Integrity: Only authorized users should be
More informationITM661 Database Systems. Database Security and Administration
ITM661 Database Systems Database Security and Administration Outline Introduction to Database Security Issues Types of Security Threats to databases Database Security and DBA Access Protection, User Accounts,
More informationVerifying Security Policies using Host Attributes
Verifying Security Policies using Host Attributes 34 th IFIP International Conference on Formal Techniques for Distributed Objects, Components and Systems Cornelius Diekmann 1 Stephan-A. Posselt 1 Heiko
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationAccess Control Fundamentals
C H A P T E R 2 Access Control Fundamentals An access enforcement mechanism authorizes requests (e.g., system calls) from multiple subjects (e.g., users, processes, etc.) to perform operations (e.g., read,,
More informationSECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E)
SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E) 2 LECTURE OUTLINE Threats and countermeasures Access control mechanisms SQL s grant and revoke Role of views 3 THREATS What are the threats? Loss of integrity
More informationVALLIAMMAI ENGINEERING COLLEGE
VALLIAMMAI ENGINEERING COLLEGE (A member of SRM Institution) SRM Nagar, Kattankulathur 603203. DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING Year and Semester : I / II Section : 1 Subject Code : NE7202
More informationMULTILATERAL SECURITY. Based on chapter 9 of Security Engineering by Ross Anderson
MULTILATERAL SECURITY Based on chapter 9 of Security Engineering by Ross Anderson עומר פפרו Paparo Presenter: Omer Outline Introduction Motivation Data flow models Compartmentation and the lattice model
More informationSecurity Enhanced Linux and the Path Forward
Security Enhanced Linux and the Path Forward April 2006 Justin Nemmers Engineer, Red Hat Agenda System security in an insecure world Red Hat Enterprise Linux Security Features An overview of Discretionary
More informationREMOTE POLICY ENFORCEMENT USING JAVA VIRTUAL MACHINE SRIJITH K. NAIR
REMOTE POLICY ENFORCEMENT USING JAVA VIRTUAL MACHINE SRIJITH K. NAIR COPYRIGHT 2009 BY SRIJITH K. NAIR CONTENTS 1 INTRODUCTION 1 1.1 Trust Model......................... 2 1.2 Our Approach........................
More informationDomain 9 Security Architecture and Design
Domain 9 Security Architecture and Design Common Architecture Frameworks An architecture framework is a structure that can be used to develop a broad range of architectures, which typically provides a
More information83-10-35 A New Security Model for Networks and the Internet Dan Thomsen Payoff
83-10-35 A New Security Model for Networks and the Internet Dan Thomsen Payoff Computer security is a matter of controlling how data is shared for reading and modifying. Type enforcement is a new security
More informationSecTor 2009 October 6, 2009. Tracy Ann Kosa
SecTor 2009 October 6, 2009 Tracy Ann Kosa Privacy versus Security Un enforced Privacy Privacy Requirements that Work People Process Technology Territorial Privacy Setting boundaries on intrusion into
More informationSecurity and Cryptography 1. Stefan Köpsell, Thorsten Strufe. Module 8:Access Control and Authentication
Security and Cryptography 1 Stefan Köpsell, Thorsten Strufe Module 8:Access Control and Authentication Disclaimer: large parts from Stefan Katzenbeisser, Günter Schäfer Dresden, WS 14/15 Reprise from the
More informationUniversity of Cambridge
University of Cambridge Computer Laboratory ESSAYS ABOUT COMPUTER SECURITY Prof. E. Stewart Lee Director Centre for Communications Systems Research Cambridge Cambridge, 1999 Preface The purpose of these
More informationWeighted Total Mark. Weighted Exam Mark
CMP4103 Computer Systems and Network Security Period per Week Contact Hour per Semester Weighted Total Mark Weighted Exam Mark Weighted Continuous Assessment Mark Credit Units LH PH TH CH WTM WEM WCM CU
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationINFO/CS 330: Applied Database Systems
INFO/CS 330: Applied Database Systems Introduction to Database Security Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Introduction to DB Security Secrecy:Users should not be
More informationCS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University
CS377: Database Systems Data Security and Privacy Li Xiong Department of Mathematics and Computer Science Emory University 1 Principles of Data Security CIA Confidentiality Triad Prevent the disclosure
More informationWhat is a secret? Ruth Nelson
What is a Secret - and - What does that have to do with Computer Security? Ruth Nelson Information System Security 48 Hardy Avenue, Watertown, MA 02172 Abstract This paper questions some of the basic assumptions
More informationOverview of Information Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Information Security Murat Kantarcioglu Pag. 1 Purdue University Outline Information Security: basic concepts Privacy: basic
More informationThe Specification and Modeling of Computer Security
The Specification and Modeling of Computer Security John McLean Center for High Assurance Computer Systems Naval Research Laboratory Washington, D.C. 20375 Computer security models are specifications designed,
More informationWhat is Auditing? Auditing. Problems. Uses. Audit System Structure. Logger. Reading: Chapter 24. Logging. Slides by M. Bishop are used.
Reading: Chapter 24 Auditing Slides by M. Bishop are used What is Auditing? Logging» Recording events or statistics to provide information about system use and performance Auditing» Analysis of log records
More informationSELinux Policy Management Framework for HIS
SELinux Policy Management Framework for HIS by Luis Franco Marin (05592763) BSc., MIT This thesis is presented in fulfilment of the requirements of the degree of Master of Information Technology (Research)
More informationBest Practices, Procedures and Methods for Access Control Management. Michael Haythorn
Best Practices, Procedures and Methods for Access Control Management Michael Haythorn July 13, 2013 Table of Contents Abstract... 2 What is Access?... 3 Access Control... 3 Identification... 3 Authentication...
More informationTrusted RUBIX TM. Version 6. Multilevel Security in Trusted RUBIX White Paper. Revision 2 RELATIONAL DATABASE MANAGEMENT SYSTEM TEL +1-202-412-0152
Trusted RUBIX TM Version 6 Multilevel Security in Trusted RUBIX White Paper Revision 2 RELATIONAL DATABASE MANAGEMENT SYSTEM Infosystems Technology, Inc. 4 Professional Dr - Suite 118 Gaithersburg, MD
More informationProtection and Security [supplemental] 1. Network Firewalls
Protection and Security [supplemental] 1 Network Firewalls How to connect a trusted computer system to an untrusted network? Put a firewall between the trusted (system or systems) and the untrusted. All
More informationEnhancing UML to Model Custom Security Aspects
Enhancing UML to Model Custom Security Aspects [Position Paper] Jaime Pavlich-Mariscal, Laurent Michel, and Steven Demurjian Department of Computer Science & Engineering, The University of Connecticut,
More informationSecurity and Authorization. Introduction to DB Security. Access Controls. Chapter 21
Security and Authorization Chapter 21 Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke 1 Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed
More informationSECURITY ARCHITECTURE
Chapter 9........................................ Shih planned to make a great wall by extending and enlarging preexisting walls made by previous rulers. This great wall would serve as a barricade to keep
More informationA Structured Approach to Computer Security *
1 A Structured Approach to Computer Security * Tomas Olovsson Department of Computer Engineering Chalmers University of Technology S-412 96 Gothenburg SWEDEN Technical Report No 122, 1992 ABSTRACT Security
More informationGoal-Oriented Auditing and Logging
1. Introduction Goal-Oriented Auditing and Logging Matt Bishop Christopher Wee Jeremy Frank Department of Computer Science University of California at Davis Davis, CA 95616-8562 This paper presents a technique
More informationDatabase security. André Zúquete Security 1. Advantages of using databases. Shared access Many users use one common, centralized data set
Database security André Zúquete Security 1 Advantages of using databases Shared access Many users use one common, centralized data set Minimal redundancy Individual users do not have to collect and maintain
More informationNAVAL POSTGRADUATE SCHOOL DISSERTATION
NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA DISSERTATION AN APPLICATION OF ALLOY TO STATIC ANALYSIS FOR SECURE INFORMATION FLOW AND VERIFICATION OF SOFTWARE SYSTEMS by Alan B. Shaffer December 2008
More informationWhat is Auditing? IT 4823 Information Security Administration. Problems. Uses. Logger. Audit System Structure. Logging. Auditing. Auditing November 7
IT 4823 Information Security Administration Auditing November 7 What is Auditing? Logging Recording events or statistics to provide information about system use and performance Auditing Analysis of log
More informationDatabase Security. Chapter 21
Database Security Chapter 21 Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed to. E.g., A student can t see other students grades. Integrity: Users should
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 6
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 6 Announcements Reminder: Send in project groups TODAY If you don't have a group, let us know. If you haven't started on the project
More information1 INTRODUCTION The need for information security was recognized with the advent of the rst multi-user computer systems. This need has become more and
IEEE Computer, Volume 26, Number 11, November 1993, pages 9-19 (Cover article). Lattice-Based Access Control Models 1 Ravi S. Sandhu Center for Secure Information Systems & Department of Information and
More informationUSER ACCESS CONTROL AND SECURITY MODEL
102 USER ACCESS CONTROL AND SECURTY MODEL Cahyo Crysdian, Harihodin b. Selamat, Mohd. Noor b. Md. Sap (crysdian@yahoo.com, harihodn@itp.utm.my, mohdnoor@fsksm.utm.my) Faculty of Computer Science and nformation
More informationImplementation of Mandatory Access Control in Role-based Security System. CSE367 Final Project Report. Professor Steve Demurjian. Fall 2001.
Implementation of Mandatory Access Control in Role-based Security System CSE367 Final Project Report Professor Steve Demurjian Fall 2001 Jin Ma Computer Science & Engineering The University of Connecticut
More informationSecure Hypervisors. Sebastian Vogl. Fakultät für Informatik, Technische Universität München vogls@in.tum.de
Secure Hypervisors Sebastian Vogl Fakultät für Informatik, Technische Universität München vogls@in.tum.de Abstract. Nowadays, more and more companies tend to use virtual machines instead of physically
More informationSimulation of a Two-Category Secured Access Database
Communications of the IIMA Volume 9 Issue 3 Article 1 2009 Simulation of a Two-Category Secured Access Database Marn Ling Shing Taipei Municipal University of Education Chen-Chi Shing Radford University
More informationIdentity Management and Access Control
and Access Control Marek Rychly mrychly@strathmore.edu Strathmore University, @ilabafrica & Brno University of Technology, Faculty of Information Technology Enterprise Security 7 December 2015 Marek Rychly
More informationProtecting Privacy & Security in the Health Care Setting
2013 Compliance Training for Contractors and Vendors Module 3 Protecting Privacy & Security in the Health Care Setting For Internal Training Purposes Only. After completing this training, learners will
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 7
CIS 551 / TCOM 401 Computer and Network Security Spring 2006 Lecture 7 Announcements Reminder: First Midterm is one week from today. (2/9/2006) In class, closed notes Example exam from last year will be
More informationTHE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK
THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction
More informationFirewalls CSCI 454/554
Firewalls CSCI 454/554 Why Firewall? 1 Why Firewall (cont d) w now everyone want to be on the Internet w and to interconnect networks w has persistent security concerns n can t easily secure every system
More informationCovert Channel Data Leakage Protection
i Covert Channel Data Leakage Protection A model for detecting and preventing data leakage through covert channels. ADAM CORNELISSEN ii MASTER OF SCIENCE THESIS (647) Supervisors: prof. dr. B.P.F. Jacobs
More informationChapter 8 A secure virtual web database environment
Chapter 8 Information security with special reference to database interconnectivity Page 146 8.1 Introduction The previous three chapters investigated current state-of-the-art database security services
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationA Security Domain Model for Static Analysis and Verification of Software Programs
A Security Domain Model for Static Analysis and Verification of Software Programs Alan B. Shaffer Naval Postgraduate School Computer Science Dept Monterey, CA, USA abshaffe@nps.edu Abstract- Unauthorized
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationSecure Networking Configuration
Secure Networking Configuration Release 6.x Contents 1 Preface 1 1.1 About The Secure Networking Configuration Guide........................ 1 1.2 Intended Audience..........................................
More informationSession objectives. Access control. Subjects and objects. The request. Information Security
The session Session objectives Access Control Information Security Dr Hans Georg Schaathun Introduce fundamental terminology of access control Understand principles of privilege management and identity
More informationSecuring Commercial Operating Systems
C H A P T E R 7 Securing Commercial Operating Systems Since the discovery of the reference monitor concept during the development of Multics, there have been many projects to retrofit existing commercial
More informationFoundations of Computer Security
Foundations of Computer Security Lecture 19: Dr. Bill Young Department of Computer Sciences University of Texas at Austin Lecture 19: 1 Meaning of Computer Security Recall that computer security is described
More informationExamples oflattices in Computer Security Models
~-~p~pr~o~v~ed~fo-r-r""'el""e-a-s e...,...by...,...n"""s,..."a-o-n... 1 2..._... 0..,.1...,-2... 0,...,1...,.1"""",T=r-a-n-sp-a-r-e-n-cy-C="""a-se""""#"""""63""'8~5:a Examples oflattices in Computer Security
More informationMathematical finance and linear programming (optimization)
Mathematical finance and linear programming (optimization) Geir Dahl September 15, 2009 1 Introduction The purpose of this short note is to explain how linear programming (LP) (=linear optimization) may
More informationAtlas Capital Financial Services Limited. Conflicts of Interest
Atlas Capital Financial Services Limited (Regulated by the Cyprus Securities & Exchange Commission) Conflicts of Interest 10th of February 2015 1 P a g e Contents 1. Introduction... 3 2. Scope of the policy...
More informationHIPAA Security. assistance with implementation of the. security standards. This series aims to
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationA Compositional Framework for the. Development of Secure Access Control. Systems
A Compositional Framework for the Development of Secure Access Control Systems PhD Thesis François Siewe Software Technology Research Laboratory Faculty of Compting Sciences and Engineering De Montfort
More informationALTERNATIVE JAVA SECURITY POLICY MODEL
FRÉDÉRIC SAMSON ALTERNATIVE JAVA SECURITY POLICY MODEL Mémoire présenté à la Faculté des études supérieures de l Université Laval dans le cadre du programme de maîtrise en informatique pour l obtention
More informationTitus and Cisco IronPort Integration Guide Improving Outbound and Inbound Email Security. Titus White Paper
Titus and Cisco IronPort Integration Guide Improving Outbound and Inbound Email Security Titus White Paper Information in this document is subject to change without notice. Complying with all applicable
More informationThere are many examples of sensitive information falling into the wrong hands. What s the worst that can happen? The worst has already happened.
Data Spills Short Introduction There are many examples of sensitive information falling into the wrong hands. What s the worst that can happen? The worst has already happened. When data spills occur, they
More informationSecure Virtual Machine Systems
C H A P T E R 11 Secure Virtual Machine Systems A problem in building a new, secure operating system is that existing applications may not run on the new system. Operating systems define an application
More informationHIPAA Compliance for Students
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
More informationA Presentation of Access Control Methods
Chapter 2 A Presentation of Access Control Methods Those who are enamored of practice without theory are like a pilot who goes into a ship without rudder or compass and never has any certainty where he
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security- Perspective for Management Information Security Management Program Concept
More informationKKIO2002 1 DRAFT. full paper published in: proc. of 4th National Conference on Software Engineering
KKIO2002 1 DRAFT full paper published in: proc. of 4th National Conference on Software Engineering October 15-18, 2002 Poznań - Tarnowo Podgórne, Poland Paper published in the proceedings and presented
More informationNetwork Security Project Management: A Security Policy-based Approach
Network Security Project Management: A Security Policy-based Approach Jihene Krichene and Noureddine Boudriga Abstract Managing security projects is a delicate activity due to the evolution of attacks.
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More information