We have looked at protocols for distributing and establishing keys used for authentication and confidentiality But who should you give these keys to? Who should you trust? What are the rules governing when to and not to give out security credentials In this lecture, we will look at the broad area of secure and trusted systems We will focus on access control models These methods are often used to abstract the requirements for a computer system But, they hold for general systems where security is a concern (. networks, computers, companies ) . | Access Control Models: From the real-world to trusted computing Lecture Motivation We have looked at protocols for distributing and establishing keys used for authentication and confidentiality But who should you give these keys to? Who should you trust? What are the rules governing when to and not to give out security credentials In this lecture, we will look at the broad area of secure and trusted systems We will focus on access control models These methods are often used to abstract the requirements for a computer system But, they hold for general systems where security is a concern (. networks, computers, companies ) Lecture Outline Some generic discussion about security Objects that require protection Insights from the real-world Access control to memory and generic objects Discretionary Methods: Directory Lists, Access Control Lists, and the Access Control Matrix, Take-Grant Model Failures of DACs: Trojan Horses Dominance and information flow, Multilevel security and lattices Bell-LaPadula and Biba’s Model What is a trusted system? Trusted Computing Base System-security vs. Message-security In the cryptographic formulation of security, we were concerned with the confidentiality, authenticity, integrity, and non-repudiation of messages being exchanged This is a message-level view of security A system-level view of security has slightly different issues that need to be considered Confidentiality: Concealment of information or resources from those without the right or privilege to observe this information Integrity: Trustworthiness of data (has an object been changed in an unauthorized manner?) Availability: Is the system and its resources available for usage? Confidentiality in Systems Many of the motivations behind confidentiality comes from the military’s notion of restricting access to information based on clearance levels and need-to-know Cryptography supports confidentiality: The scrambling of data makes it incomprehensible. Cryptographic keys control . | Access Control Models: From the real-world to trusted computing Lecture Motivation We have looked at protocols for distributing and establishing keys used for authentication and confidentiality But who should you give these keys to? Who should you trust? What are the rules governing when to and not to give out security credentials In this lecture, we will look at the broad area of secure and trusted systems We will focus on access control models These methods are often used to abstract the requirements for a computer system But, they hold for general systems where security is a concern (. networks, computers, companies ) Lecture Outline Some generic discussion about security Objects that require protection Insights from the real-world Access control to memory and generic objects Discretionary Methods: Directory Lists, Access Control Lists, and the Access Control Matrix, Take-Grant Model Failures of DACs: Trojan Horses Dominance and information flow, Multilevel security and lattices
