Principles of Info Security
Principles of Info Security CS 5323
Popular in Course
verified elite notetaker
Popular in ComputerScienence
This 1 page Class Notes was uploaded by Mireya Heidenreich on Thursday October 29, 2015. The Class Notes belongs to CS 5323 at University of Texas at San Antonio taught by William Winsborough in Fall. Since its upload, it has received 24 views. For similar materials see /class/231368/cs-5323-university-of-texas-at-san-antonio in ComputerScienence at University of Texas at San Antonio.
Reviews for Principles of Info Security
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 10/29/15
Principles of Information Security CS 5323 Lecture 19 Prof William Winsborough November 13 2007 Business ForThursday 1115 please read The Flask Security Architecture System Support for Diverse Security Policies httpMMANhsa govlselin uxgagers ask abscfm is Nuverrhei 2mm Winsbuiuuuh cs 5323 Lecture is 2 Practical Domain and Type Enforcement for UNIX DTE is a mandatory access control MAC mechanism that enforces policies that are quite different from BellLaPa u a Good for Con ning applications Restricting information ow Based on earlier design simple type enforcemen Enhancements are designed to Simplifythe use ofthe mechanism Provide compatibility with other systems is Nuvembei 2mm Winsbui uuh cs 5323 Lecture ia Context of Contribution There was recognition that various forms of MAC were needed Very few were commercially available High costs Corn lex administration Application incompatibiiiiy Usertrairiirig Can security enhancement be added to mainstream 08 s in a way h tis Understandable Effective Unobtrusive is Nuverrhei 2mm Winsbuiuuuh cs 5323 Lecture is 6 DTE Enhancements to Simple Type Enforcement Policies are expressed in highlevel language DTEL Allows DTE to be superimposed on applications that are not aware of DTE During system execution configuration information is maintained in a small policy database Much con guration information is given implicitly by the location of les in the directory hierarchy Facilitates compatibility with systems that are not Eaware is Nuvembei 2mm Winsbui uuh cs 5323 Lecture ia Type Enforcement Background Invariant AC attributes A domain is associated with each subject n 2 m a e m a a 1 vpeS A Domain Definition Table DDT specifies access modes available based on domain and type Subjectto Subject access control is based on a Domain Interaction Table DIT Example access modes Signal create destroy is Nuverrhei 2mm Winsbuiuuuh cs 5323 Lecture ia a