Principles of Info Security
Principles of Info Security CS 5323
Popular in Course
Popular in ComputerScienence
verified elite notetaker
This 3 page Class Notes was uploaded by Mireya Heidenreich on Thursday October 29, 2015. The Class Notes belongs to CS 5323 at University of Texas at San Antonio taught by Staff in Fall. Since its upload, it has received 7 views. For similar materials see /class/231401/cs-5323-university-of-texas-at-san-antonio in ComputerScienence at University of Texas at San Antonio.
Reviews for Principles of Info Security
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 10/29/15
Principles of Information Security CS 5323 Lecture 22 Prof William Winsborough November 29 2007 7 http vvvvvv irsa guysellnuXgagErs askrabs cfln 2y mm mm Business Final Exam Thursday 6 December B1030pm in regular lecture room The nal is not compre material since hensive but will cover the last exam 7 Material preserrted by guest lecturers yyill rrcit pe cciyered Today we will continue to s e Flask Security Architecture System Suppertrcrr Diyerse Security F39ElllElES yummy cssm team Flask A securityarchite ure 7 lmplemehtatieh A micreherhelhased eperatihg system arrismstci suppert ayyide range at a R epuned implemehtatieh supperts utstaeiitaradula rypeehinrcemeh ldem v39basedm DVnamlcREAC Architectu iscretinhary access cnmml re addresses issues such as crcaticrh cu permissicms a Atemicity ih lMEllEang pipelicy updates and cehtrelled crperaticrhs 3 2y mm mm yummy cssm uaymz Atomicity requires that once a permission has been revoked the 39 corresponding service must no longer be provided caticrh ch ccmhe luns upelatlunsalleadylnplugless e lrr prugress ciperat bun R estan tuvcln Walt ehly sate when knDWn Will her black lndEhlltElyi 2y mm mm Revocation Prublern permissicirrs migrate Eg uhiyiile permissiehs are checked eh upEn nutun rea Mme similar preplems arise With capabilities access vlghts in page tables crpeh lhterPrecess cemmuhi eck er the vevuked permissieh i utherwlsethe reycrcaticrh maynuttake eiiect yummy cssm uaymz Flask Architecture Flask implementation uses a microkernelbased 08 derived from Fluke Flask architecture requires only that the rlying OS in eference monitor and provide separation between processes 2y mm mm yummy cssm uaymz hsi rrt decisicrrrs 2y mm mm Thepvlmav gual crithe architecture istcr preyideierileyipilty securgypei cu e ys haye yieweipelicy ecisicrhsregardlesseihewthese a e unjm lvhnlgcl sum Flask Architecture in the cyhyehsurih thatthe subsystems alwa a re madeuvhuwthey may Chang cryertime Sammy Szwet rule searquot lvlw yummy cs 5123 uaymz What the Object Manager Gets Interfaces for retrieving from a security server 7 Ae s deersruns 7 Lapelrng seeunty attnputes pr dpjeets 7 Pulyrnstantratrdn deersruns Access Vector Cache AVC 7 Mrnrrnrze pendrrnanee dyernead 7 Managed by tne seeunty server The abilityto register callbacks to receive noti cations of policy changes 2v mm mm lllnsbamuvh essm mm 7 What Object Managers Must Do Mechanism for assigning labels to objects Provide callbacks routines to handle policy changes Will be called by the security service when policy change occurs 2v mm mm ynmmuyr es 5123 mm x Object Labeling Each object has a set of security attributes 7 Tvvu representatruns yanaplelengtn string securty contexa Secumy rdentmer s D Lightweight When an object is created 7 ltrs assrgned an SD represented tne dpjeet s seeunty cuntext 7 That seeunty edntext depends un tne elrent that reduestedtne dpjeet s ereatrdn and tne enyrrdnrnent e g directury rn yynren a he rs ereated 2v mm mm ynmmuyr essm damn it cuem ism c 0mm Muir mmv m7 n w new r r n t ltm W MW mu Marat Mn il r n n sn e r r mnwr rmahl n m rm n dun mm mm r rm m an arm trunk llir menu in n L7 mm mm mm gm mm M rthilm m dummy n r t m rt mm who m t 2v mm mm ynmmuyr essm mm m AVC Access vector cache AVC module Common library shared by object managers Coordinates policy between object manager and security server Requests rrdrn ElbjEEt manager rdr pullcy deersrdns Requests rrdrn seednty server rdr pullcy enanges 2v mm mm lllnsbamuvh essm damn n cum is c rlgm luv nun mm d r mm nmrm ii n trim rnermm my t pm mm mm d n mm mm Writ mnmmwm tumquot 2v mm mm ynmmuyr essm damn u Revocation Support Mechanisms Object managers keep local copies of security decisions 7 Explrcrtlyrntne Avc Atomicity is achieved by r Wnen policy cnange rs complete ooiect managerbenavror reriectstne cnan e r ooiect managers complete policy cnange in a timely rnanner Protocol 7 Security server notifies all object servers or policy cnange r oorectservers update tne ly rrstate according r oorectrnanagernotrnestnesecdntysewertnatcnangers complete allowing subsequent policy cnanges to tnen be oerrorrned in order 29 November 2mm Wnsoumudn cs 5323 Lecture 22 Security Server Must Provide security policy decisions Maintain mapping between SIDs and security contexts Provide SIDs for newly created objects Manage AVCs 2a Nuverrher 2mm Wnsoumudn cs 5323 Lecture 22