Latticebased Access Control Models 基于格的访问控制模型1.pptVIP

BLP - Secure states system modeled as a finite state machine (set of states and transition of states) a state contains information about the current authorizations and security labels a transition transforms a state into another state (adding or removing authorizations) a state is secure if the current authorizations satisfy the simple and * security properties a system is secure if every state reachable by executing a finite sequence of transitions is secure BLP + tranquility Assume that when a subject request access to a resource the security levels of all subjects and objects are downgraded to the lowest level and access is granted secure by BLP…but not secure in a meaningful sense!!! Tranquility property strong: security labels never change during system operation ? TOO STRONG! weak: labels never change in such a way as to violate a defined security policy e.g. dynamic upgrade of labels ? principle of least privilege Exceptions to properties Data association and aggregation: a set of values seen together is to be classified higher than the single values (e.g. name and salary) Sanitization and downgrading: a process may produce data less sensitive than those it has read; data may need to be downgraded after some time (embargo) TRUSTED SUBJECTS! MAC weaknesses MAC policies remain vulnerable to covert channels Examples a low level subject requires a resource (e.g. CPU) that is busy by a high level subject a high level process can lock shared resources and modify the response times of processes at lower levels (timing channels) non-interference: the activity of a high level process must have no detectable effect on processes at lower or incomparable level Outline Review: DAC and the access matrix Mandatory Access Control and the lattice The Bell-LaPadula (BLP) model Applications of BLP Real world examples MULTICS for the Air Force Data Services Centre (time-sharing OS) MITRE brassboard kernel SIGMA message system KSOS (Kernelized Secure Operating System) SCOMP