1 isa 562 internet security theory and practice midterm exam review
Post on 04-Jan-2016
213 Views
Preview:
TRANSCRIPT
1
ISA 562 Internet Security
Theory and Practice
Midterm Exam Review
2
Review for the Mid-term First five chapters + Cryptography The nature of the exam:
4-5 questions Similar to the homework May have some modeling, some policy,
some descriptions
3
Review Chapter 1 + Transparency
CIA of Information Security What they are Given a set of requirements, can we categorize them?
Access control matrix Safe state Safe state written as a (pre-condition, post
condition) pair of read, write and access operations
Add/delete rights Add/delete subjects, objects and operations
4
Review Chapter 1 Continued … Mono Operational Commands
Single operations like add “make P the owner of file Q”
Written formally as make.owner(p,q) Conditional commands
“If p owns f, then let p give r rights to q” How to write them formally
Multiple conditions…
5
Review of Chapter 2: Foundations
ACM, ACL and capabilities Turing machines
Un-decidability HRU Result:
Is there an algorithm, that given an initially safe state halts and say yes/no to the safety after granting a generic right r ?
Method: Encode safety, granting rights etc as Turing machine instructions
Special cases are decidable: Take-grant model
6
Review of Chapter 2: Foundations
Capability based systems Lock and key model
Lock=object, key=subject Object carries permissions = subject presents key to
unlock object
7
Review of Chapter 3: Policies Formalization of security policy using
precise policy languages DAC, MAC and RBAC Specification of DAC using subjects
objects and access rights
8
Review: MAC Review and background
Lattices Military systems and Denning’s Axioms
Bell-LaPadula (BLP) Policy Step 1 – clearance/classification Step 2 – categories Example System – DG/UX
Tranquility Controversy at a glance
9
Supremas and Infimas of POsets Definition: (A,<) is a POset and B A
Say that b0A is a Least upper bound (aka Supemum) of B iff (1) b0is an upper bound and (2) b0<b for all other upper bounds b of B
B1, B2,
B3 B4 B5 B6
b1,b2, b3b0Upper bounds
Lower boundsc0
c2, c3, c4
The set B
Say that c0A is a greatest lower bound (Infimum) iff (1) c0 is an upper bound (2)c0<b for all other lower bounds c of B
10
Example Lattices – Power Set Lattice
S = {a,b,c} 2S = { ,{a},{b},{c},{a,b},{b,c},{a,c},
{a,b,c} } Arrows mean (informally, included by)
a,b,c
a,b
a
a,b,c
a,b
a
b,c
c
a,b,c
a,b
a
b,c
b
a,c
c
Special case: Total order
Partial order
Special case: Lattice
11
Example Product Lattice
2
1
ab
a
b
Lattice 1
(arrow means )
Lattice 2 Lattice 1
x,y x’,y’ means
y’ y and x x’
ab,2
a,2
,2
b,2
ab,1
a,1
,1
b,1
Lattice 2
(arrow means )
12
BLP Rules Simple Security Policy
No Read up * Security Property
No write down
13
Cryptography Major uses:
Confidentiality Nonrepudiation Authentication Access Control
The major types: Substitution Symmetric Asymmetric
RSA Diffie Hellman
top related