![]() ![]() In particular, we focused on discretionary access control (DAC), whereby the user who creates a resource is the owner of that resource and can choose to give access to other users. In the last lesson we talked about access control. Mandatory Access Control Discretionary Access Control ![]() ![]() Cost Benefit Certification Tradeoffs Quiz Solution.Cost Benefit Certification Tradeoffs Quiz.Earning an EAL4 Certification Quiz Solution.Policies for Commercial Environments Part 2.Policies for Commercial Environments Part 1.But then a subject able to read Market would not be able to write table Stolen and hence Trojan horse would not be able to complete its function. 4, if Tom is not allowed read access to table Market, under MAC control, table Market will have an access class that is either higher than or incomparable to the access class given to Tom. MAC models are not vulnerable to Trojan horse attacks: Consider fig. The effect of these rules can be diagrammatically represented as shown in fig. Write down - A subject's integrity level must dominate the integrity level of the object being written. Read up - A subject's integrity level must be dominated by the integrity level of the object being read. The principles that are required to hold are as follows. The integrity level associated with a user reflects the user's trustworthiness for inserting, modifying, or deleting data programs at that level. The integrity level associated with an object reflects the degree of trust that can be placed in the information stored in the object, and the potential damage that could result from unauthorized modification of the information. For example, the integrity levels could be Crucial (C), Important (I)Īnd Unknown (U). ![]() MAC can as well be applied for the protection of information integrity. 5.įig 5: Controlling information flow for secrecy Satisfaction of these principles prevents information that is more sensitive to flow to objects at lower levels hence prevents the confidentiality of sensitive information. No write-down/Write up: A subject can write only those objects whose access class dominates the access class of the subject. No read-up/Read down: A subject can read only those objects whose access class is dominated by the access class of the subject. The security level of the access class associated with a user is called clearance, which reflects the users trustworthiness not to disclose sensitive information to users not cleared to it.Īccess control in mandatory protection systems is based on the following two principles: The security level of the access class associated with an object reflects the sensitivity of the information contained in the object which means the potential damage which could result from unauthorized disclosure of information. The set of categories is an unordered set, for example, NATO, Nuclear, Army etc. The levels often considered are Top Secret (TS), Secret (S), Confidential (C) and Unclassified (U), where TS>Sgt C>U. The security level is an element of a hierarchically ordered set. Subjects are active entities that access the objects, usually, active processes operating on behalf of users.Īn access class consists of two components: a security level and a set of categories. Objects are the passive entries storing information for example relations, tuples in a relation etc. MAC security policies govern the access on the basis of the classifications of subjects and objects in the system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |