Introduction to Computer Security - Section 5.1. Goals of Confidentiality Policies

Introduction to Computer Security

Introduction to Computer Security

Table of Contents

Differences Between this Book and Computer Security: Art and Science

Special Acknowledgment

Acknowledgments

Chapter 1. An Overview of Computer Security

Section 1.1. The Basic Components

Section 1.2. Threats

Section 1.3. Policy and Mechanism

Section 1.4. Assumptions and Trust

Section 1.5. Assurance

Section 1.6. Operational Issues

Section 1.7. Human Issues

Section 1.8. Tying It All Together

Section 1.9. Summary

Section 1.10. Further Reading

Section 1.11. Exercises

Chapter 2. Access Control Matrix

Section 2.1. Protection State

Section 2.2. Access Control Matrix Model

Section 2.3. Protection State Transitions

Section 2.4. Summary

Section 2.5. Further Reading

Section 2.6. Exercises

Chapter 3. Foundational Results

Section 3.1. The General Question

Section 3.2. Basic Results

Section 3.3. Summary

Section 3.4. Further Reading

Section 3.5. Exercises

Chapter 4. Security Policies

Section 4.1. Security Policies

Section 4.2. Types of Security Policies

Section 4.3. The Role of Trust

Section 4.4. Types of Access Control

Section 4.5. Example: Academic Computer Security Policy

Section 4.6. Summary

Section 4.7. Further Reading

Section 4.8. Exercises

Chapter 5. Confidentiality Policies

Section 5.1. Goals of Confidentiality Policies

Section 5.2. The Bell-LaPadula Model

Section 5.3. Summary

Section 5.4. Further Reading

Section 5.5. Exercises

Chapter 6. Integrity Policies

Section 6.1. Goals

Section 6.2. Biba Integrity Model

Section 6.3. Clark-Wilson Integrity Model

Section 6.4. Summary

Section 6.5. Further Reading

Section 6.6. Exercises

Chapter 7. Hybrid Policies

Section 7.1. Chinese Wall Model

Section 7.2. Clinical Information Systems Security Policy

Section 7.3. Originator Controlled Access Control

Section 7.4. Role-Based Access Control

Section 7.5. Summary

Section 7.6. Further Reading

Section 7.7. Exercises

Chapter 8. Basic Cryptography

Section 8.1. What Is Cryptography?

Section 8.2. Classical Cryptosystems

Section 8.3. Public Key Cryptography

Section 8.4. Cryptographic Checksums

Section 8.5. Summary

Section 8.6. Further Reading

Section 8.7. Exercises

Chapter 9. Key Management

Section 9.1. Session and Interchange Keys

Section 9.2. Key Exchange

Section 9.3. Cryptographic Key Infrastructures

Section 9.4. Storing and Revoking Keys

Section 9.5. Digital Signatures

Section 9.6. Summary

Section 9.7. Further Reading

Section 9.8. Exercises

Chapter 10. Cipher Techniques

Section 10.1. Problems

Section 10.2. Stream and Block Ciphers

Section 10.3. Networks and Cryptography

Section 10.4. Example Protocols

Section 10.5. Summary

Section 10.6. Further Reading

Section 10.7. Exercises

Chapter 11. Authentication

Section 11.1. Authentication Basics

Section 11.2. Passwords

Section 11.3. Challenge-Response

Section 11.4. Biometrics

Section 11.5. Location

Section 11.6. Multiple Methods

Section 11.7. Summary

Section 11.8. Further Reading

Section 11.9. Exercises

Chapter 12. Design Principles

Section 12.1. Overview

Section 12.2. Design Principles

Section 12.3. Summary

Section 12.4. Further Reading

Section 12.5. Exercises

Chapte 13. Representing Identity

Section 13.1. What Is Identity?

Section 13.2. Files and Objects

Section 13.3. Users

Section 13.4. Groups and Roles

Section 13.5. Naming and Certificates

Section 13.6. Identity on the Web

Section 13.7. Summary

Section 13.8. Further Reading

Section 13.9. Exercises

Chapter 14. Access Control Mechanisms

Section 14.1. Access Control Lists

Section 14.2. Capabilities

Section 14.3. Locks and Keys

Section 14.4. Ring-Based Access Control

Section 14.5. Propagated Access Control Lists

Section 14.6. Summary

Section 14.7. Further Reading

Section 14.8. Exercises

Chapter 15. Information Flow

Section 15.1. Basics and Background

Section 15.2. Compiler-Based Mechanisms

Section 15.3. Execution-Based Mechanisms

Section 15.4. Example Information Flow Controls

Section 15.5. Summary

Section 15.6. Further Reading

Section 15.7. Exercises

Chapter 16. Confinement Problem

Section 16.1. The Confinement Problem

Section 16.2. Isolation

Section 16.3. Covert Channels

Section 16.4. Summary

Section 16.5. Further Reading

Section 16.6. Exercises

Chapter 17. Introduction to Assurance

Section 17.1. Assurance and Trust

Section 17.2. Building Secure and Trusted Systems

Section 17.3. Building Security In or Adding Security Later

Section 17.4. Summary

Section 17.5. Further Reading

Section 17.6. Exercises

Chapter 18. Evaluating Systems

Section 18.1. Goals of Formal Evaluation

Section 18.2. TCSEC: 19831999

Section 18.3. FIPS 140: 1994Present

Section 18.4. The Common Criteria: 1998Present

Section 18.5. SSE-CMM: 1997Present

Section 18.6. Summary

Section 18.7. Further Reading

Section 18.8. Exercises

Chapter 19. Malicious Logic

Section 19.1. Introduction

Section 19.2. Trojan Horses

Section 19.3. Computer Viruses

Section 19.4. Computer Worms

Section 19.5. Other Forms of Malicious Logic

Section 19.6. Defenses

Section 19.7. Summary

Section 19.8. Further Reading

Section 19.9. Exercises

Chapter 20. Vulnerability Analysis

Section 20.1. Introduction

Section 20.2. Penetration Studies

Section 20.3. Vulnerability Classification

Section 20.4. Frameworks

Section 20.5. Summary

Section 20.6. Further Reading

Section 20.7. Exercises

Chapter 21. Auditing

Section 21.1. Definitions

Section 21.2. Anatomy of an Auditing System

Section 21.3. Designing an Auditing System

Section 21.4. A Posteriori Design

Section 21.5. Auditing Mechanisms

Section 21.6. Examples: Auditing File Systems

Section 21.7. Audit Browsing

Section 21.8. Summary

Section 21.9. Further Reading

Section 21.10. Exercises

Chapter 22. Intrusion Detection

Section 22.1. Principles

Section 22.2. Basic Intrusion Detection

Section 22.3. Models

Section 22.4. Architecture

Section 22.5. Organization of Intrusion Detection Systems

Section 22.6. Intrusion Response

Section 22.7. Summary

Section 22.8. Further Reading

Section 22.9. Exercises

Chapter 23. Network Security

Section 23.1. Introduction

Section 23.2. Policy Development

Section 23.3. Network Organization

Section 23.4. Availability and Network Flooding

Section 23.5. Anticipating Attacks

Section 23.6. Summary

Section 23.7. Further Reading

Section 23.8. Exercises

Chapter 24. System Security

Section 24.1. Introduction

Section 24.2. Policy

Section 24.3. Networks

Section 24.4. Users

Section 24.5. Authentication

Section 24.6. Processes

Section 24.7. Files

Section 24.8. Retrospective

Section 24.9. Summary

Section 24.10. Further Reading

Section 24.11. Exercises

Chapter 25. User Security

Section 25.1. Policy

Section 25.2. Access

Section 25.3. Files and Devices

Section 25.4. Processes

Section 25.5. Electronic Communications

Section 25.6. Summary

Section 25.7. Further Reading

Section 25.8. Exercises

Chapter 26. Program Security

Section 26.1. Introduction

Section 26.2. Requirements and Policy

Section 26.3. Design

Section 26.4. Refinement and Implementation

Section 26.5. Common Security-Related Programming Problems

Section 26.6. Testing, Maintenance, and Operation

Section 26.7. Distribution

Section 26.8. Conclusion

Section 26.9. Summary

Section 26.10. Further Reading

Section 26.11. Exercises

Chapter 27. Lattices

Section 27.1. Basics

Section 27.2. Lattices

Section 27.3. Exercises

Chapter 28. The Extended Euclidean Algorithm

Section 28.1. The Euclidean Algorithm

Section 28.2. The Extended Euclidean Algorithm

Section 28.3. Solving ax mod n = 1

Section 28.4. Solving ax mod n = b

Section 28.5. Exercises

Chapter 29. Virtual Machines

Section 29.1. Virtual Machine Structure

Section 29.2. Virtual Machine Monitor

Section 29.3. Exercises

Bibliography

Index

A

E

F

I

L

T

5.1. Goals of Confidentiality Policies

A confidentiality policy, also called an information flow policy, prevents the unauthorized disclosure of information. Unauthorized alteration of information is secondary. For example, the navy must keep confidential the date on which a troop ship will sail. If the date is changed, the redundancy in the systems and paperwork should catch that change. But if the enemy knows the date of sailing, the ship could be sunk. Because of extensive redundancy in military communications channels, availability is also less of a problem.

The term "governmental" covers several requirements that protect citizens' privacy. In the United States, the Privacy Act requires that certain personal data be kept confidential. Income tax returns are legally confidential and are available only to the Internal Revenue Service or to legal authorities with a court order. The principle of "executive privilege" and the system of nonmilitary classifications suggest that the people working in the government need to limit the distribution of certain documents and information. Governmental models represent the policies that satisfy these requirements.