Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Foundation of Computer Security Lecture 22

    Загружено:

    Linh Đan Trần
    15 просмотров6 страниц
    Foundation of Computer Security

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    Foundation of Computer Security

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    15 просмотров6 страниц

    Foundation of Computer Security Lecture 22

    Загружено:

    Linh Đan Trần
    Foundation of Computer Security

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 6

    Foundations of Computer Security

    Lecture 22: Biba’s Other Policies

    Dr. Bill Young


    Department of Computer Sciences
    University of Texas at Austin

    Lecture 22: 1 Biba’s Other Policies


    Biba’s Integrity Models

    Ken Biba (1977) proposed three different integrity access control


    policies.
    1 The Low Water Mark Integrity Policy
    2 The Ring Policy
    3 Strict Integrity

    One difference among them is the amount of trust invested in


    subjects.

    Strict Integrity places very little trust in subjects and constrains all
    reads and writes to ensure that information never flows up in
    integrity.

    Lecture 22: 2 Biba’s Other Policies


    Biba’s Low Water Mark Integrity Policy

    In general, a water mark policy is one where an attribute


    monotonically floats up (high water mark) or down (low water
    mark), but may be “reset” at some point.

    Biba’s Low Water Mark Policy has the following two rules:
    1 If s reads o, then i ′ (s) = min(i(s), i(o)), where i ′ (s) is the
    subject’s new integrity level after the read.
    2 Subject s can write to object o only if i(o) ≤ i(s).

    What is the underlying assumption about subjects in this policy?


    Are they considered at all trustworthy?

    Lecture 22: 3 Biba’s Other Policies


    Low Water Mark Policy

    A potential of the LWM Integrity policy is to monotonically


    decrease the integrity level of a subject unnecessarily.

    This sort of problem is called label creep and may result in an


    overly conservative analysis.

    Lecture 22: 4 Biba’s Other Policies


    Ring Policy

    This focuses on direct modification and solves some problems of


    the LWM Policy.
    1 Any subject can read any object, regardless of integrity levels.
    2 Subject s can write to object o only if i(o) ≤ i(s).

    Does the Ring policy make some assumption about the subject
    that the LWM policy does not?

    Lecture 22: 5 Biba’s Other Policies


    Lessons

    In Biba’s Low Water Mark policy, a subject’s integrity level


    falls if it ever reads low integrity information.
    The Ring Policy is more trusting of the subject, assuming that
    a subject can properly filter the information it receives.
    All of Biba’s three policies preclude a subject from writing up
    in integrity.

    Next lecture: Lipner’s Model

    Lecture 22: 6 Biba’s Other Policies

    Вам также может понравиться