Information Flow and Access Control Policies

Information Flow and Access Control Policies
Slide Note
Embed
Share

In this lecture on information flow in CS, we delve into authentication, authorization, audit mechanisms, access control policies, and the concepts of DAC and MAC. Exploring how policies are defined and enforced, the session also touches upon access control for computed data, scaling to many pieces of data and users, and information flow between principals through different channels. The content provides insights into information security practices and policy implementations.

  • Information Flow
  • Access Control
  • Authentication
  • Authorization
  • Audit
yashasac
yashasac Follow

Uploaded on Apr 04, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Lecture 17: Information Flow CS 181S November 12, 2018

  2. Where we were Authentication: mechanisms that bind principals to actions Authorization: mechanisms that govern whether actions are permitted Audit: mechanisms that record and review actions

  3. Access Control Policy An access control policy specifies which of the operations associated with any given object each subject is authorized to perform Expressed as a relation ??? : Objects ???? dac.tex dac.pptx r,w r r ebirrell clarkson student r,w r subject

  4. Who defines Policies? Discretionary access control (DAC) Philosophy: users have the discretion to specify policy themselves Commonly, information belongs to the owner of object Access control lists, privilege lists, capabilities Mandatory access control (MAC) Philosophy: central authority mandates policy Information belongs to the authority, not to the individual users MLS and BLP, Chinese wall, Clark-Wilson, etc.

  5. 5 Access control for computed data Can read: Alice Bob Doc computation Can read: Alice Bob Can read: Alice Bob Doc Doc

  6. 6 Scaling to many pieces of data

  7. 7 Scaling to many users

  8. 8 Scaling to many interactions ? ? ? ? ? Need to assign restrictions in an automatic way.

  9. 9 Information flow policies Can flow to: Alice Doc Automatic deduction of policies! computation Can flow to: Alice Can flow to: Alice Doc Doc

  10. Information Flows between Principals Channel: means to communicate information Storage channel: written by one program and read by another Legitimate channel: intended for communication between programs Covert channel: not intended for information transfer yet exploitable for that purpose

  11. 11 Information Flow (IF) Policies Focus on information not objects An IF policy specifies restrictions on the associated data, and on all its derived data. IF policy for confidentiality: Value ?and all its derived values are allowed to be read only by Alice Different from the access control policy: Value ? is allowed to be read at most by Alice. The enforcement mechanism automatically deduces the restrictions for derived data.

  12. 12 Policy Granularity Objects can be system principles (files, programs, sockets ) Objects can be program variables

  13. 13 Scaling to many interactions

  14. 14 Scaling to many interactions

  15. Labels represent policies Secret, {nuc, crypto} Secret, {nuc} Conf, {nuc,crypto} Secret, {crypto} Conf, {nuc} Secret, {} Conf, {crypto} Conf, {}

  16. Labels represent policies High Low

  17. 17 Labels represent policies H Doc H H Doc Doc

  18. 18 Noninterference [Goguen and Meseguer 1982] An interpretation of noninterference for a program: Changes on H inputs should not cause changes on L outputs. H H L L Outputs Inputs Program

  19. 19 Noninterference: Example 1 3 H H + ?; ? ? + 1 2 3 L L ? ? 3 5 H H + ?; ? ? + 1 2 3 L L ? ? The program satisfies noninterference!

  20. 20 Noninterference: Example 1 H H ? 2 2 2 L L ? 3 H H ? 2 2 6 L L ? The program does not satisfy noninterference!

  21. 21 Noninterference: Example 1 H H if( == 1){ ? 1 } else { ? 0 } 2 1 L L ? 3 H H if( == 1){ ? 1 } else { ? 0 } 2 0 L L ? The program does not satisfy noninterference!

  22. 22 Noninterference Consider a program ?. Consider two memories ?1 and ?2, such that they agree on values of variables tagged withL: ?1=L?2. ?1 and ?2 might not agree on values of variables tagged withH. ?(??) are the observations produced by executing ? to termination on initial memory ??: final outputs, or intermediate and final outputs. Then, observations tagged with L should be the same: ? ?1 =L? ?2.

  23. 23 Noninterference For a program ? and a mapping from variables to labels in L,H : ?1, ?2: if ?1=L?2, then ? ?1 =L? ?2.

  24. Examples P outputs (??,??) where ??= ??||?? and ??= ?? || denotes string concatenation. P outputs ?? where ??= ?? if ?? is even ??||?? if ?? is odd

  25. Examples P := while ??> 5 do skip; ?? 4 P outputs ??= ?? ? where ? is a freshly generated, uniformly random number 32-bit binary string Assume ?? is always a 32-bit binary string. P outputs ??= Enc ??;?? Assume ?? is an RSA public key

  26. 26 Less restrictive than necessary 2 H H while > 5 do skip; ? 4 4 2 L L ? 9 H H while > 5 do skip; ? 4 2 L L ?

  27. 27 Termination sensitive noninterference If ?1=L?2, then ? terminates on ?? iff ? terminates on ??, and ? ?1 =L? ?2.

  28. Probabilistic Randomness Probabilistic Noninterference: For a program ? and a mapping from variables to labels in L,H , the output distribution HI= ?(??,??) is independent of ?? Computational Probabilistic Noninterference

  29. 29 Computational Probabilistic Noninterference Required to be H. H H H x := Enc( v; k ) Wanted to be L!

  30. Examples P takes a list of ballots is ?? and returns ??, the results of the election (which candidate receives a plurality of the vote) P takes a list of students at Pomona ??,1 and a list of dorm rooms ??,2 and returns a ??, a list of room assignments

  31. 31 More restrictive than necessary Required to be H. H H H H x := maj( v1, v2, , vn ) Wanted to be L!

  32. 32 Less restrictive than necessary Required to be L. L L L m := Match(students; rooms) Wanted to be H!

  33. Declassification What: specify what information may be declassified e.g., LastFourDigits(credit card number) should be low Partial Equivalence Relation (PER) Model, Reactive NI Who: specify who may declassify information e.g., high object owner can write to low objects Decentralized Label Model, robust declassification Where: specify which pieces of code may declassify e.g., encryption function can write to low objects Intransitive Noninterference, Constrained Noninterference When: specify when information may be declassified e.g., software key may be shared after payment has been received Temporal, Relative, Probabilistic

  34. Enforcement Mechanisms Static Information Flow Control: type checking Dynamic Information Flow Control: taint-tracking runtime monitoring

Related


Pest control in Kolkata

Pest control in Kolkata

socspl
The Psychology of Flow: Achieving Total Focus and Optimal Performance

The Psychology of Flow: Achieving Total Focus and Optimal Performance

till
Runoff in Hydrology

Runoff in Hydrology

khalil
Fire Flow Requirements and Calculation Methods

Fire Flow Requirements and Calculation Methods

taylan
Importance of Cash Flow Analysis in Financial Management

Importance of Cash Flow Analysis in Financial Management

georgina
Introduction to Database Security and Countermeasures

Introduction to Database Security and Countermeasures

ailbe
Database Security Measures and Controls

Database Security Measures and Controls

aristotle
Flow Monitoring in OVS for Efficient Network Management

Flow Monitoring in OVS for Efficient Network Management

andreea
Marketing Control and Its Importance in Business

Marketing Control and Its Importance in Business

rebekah
Control Plans in Process Management

Control Plans in Process Management

iga
Flow Chemistry for Efficient Chemical Reactions

Flow Chemistry for Efficient Chemical Reactions

fcry
Open Channel Flow and Mannings Equation

Open Channel Flow and Mannings Equation

zhu_yl
Information-Agnostic Flow Scheduling: Minimizing FCT in Data Centers

Information-Agnostic Flow Scheduling: Minimizing FCT in Data Centers

jam_sti
Virginia Department for Aging and Rehabilitative Services Cyber Security Policies

Virginia Department for Aging and Rehabilitative Services Cyber Security Policies

pnie
Fanno and Rayleigh Lines in Adiabatic Flow

Fanno and Rayleigh Lines in Adiabatic Flow

jazzmarie
Cash Flow Forecasts in Business Finance

Cash Flow Forecasts in Business Finance

emi_h
Role-based Access Control Policies and Security Properties Overview

Role-based Access Control Policies and Security Properties Overview

shma570
Computer System Protection and Security

Computer System Protection and Security

gmar
Basic Hydraulic Flow Control Valves Overview: Types and Functions

Basic Hydraulic Flow Control Valves Overview: Types and Functions

kery833
Control Plans in Process Management

Control Plans in Process Management

alek_172
Fluid Flow and Measurement Devices

Fluid Flow and Measurement Devices

leingang_n
Flow Cytometry: Measuring Cell Properties

Flow Cytometry: Measuring Cell Properties

medidoc

More Related Content