Outline for February 5, 2003
Reading: text, §5.2.2, 5.3, 6.1-6.2
Discussion Problem
We discussed the Bell-LaPadula Model, and noted that subjects could read and write objects only if the subjects were in the same compartment as objects. This leads to a notion of confinement, and raises the issue of leaking information among compartments. Such leakage led one security expert to speculate that, as the need for secure computing continued to climb, people would gradually shift from multi-user computing systems to single-user computer systems, because then information could not leak among compartments (as there are no other processes on the system to leak information to).
- How do single-user systems connected by a network (such as the Internet) differ from multi-user systems?
- Do you agree or disagree with the expert?
Outline for the Day
- DG/UX B2 UNIX System
- Hierarchy of levels
- Labels, explicit and implicit
- MAC tuples
- Tranquility
- Strong tranquility
- Weak tranquility
- Integrity models
- Requirements
- Users won't write their own programs, but will use existing programs, databases, etc.
- Programmers develop and test programs on non-production systems
- Installing a program from the development system requires a special process
- This process must be controlled and auditable
- System managers must be able to access the system state and the system logs
- Separation of duty
- Separation of function
- Auditing
- Biba: mathematical dual of BLP
- P may read O if L(P) ≤ L(O) and C(P) ⊆ C(O)
- P may write O if L(O) ≤ L(P) and C(O) ⊆ C(P)
- Combined with BLP: continue example