|
Low Water Mark Policy: If S reads O, then I(S) = min(I(S), I(O))
|
| trang | 15/15 | | Chuyển đổi dữ liệu | 01.03.2024 | | Kích | 2.19 Mb. | | #56689 |
| Lecture 04 Access control new (1)Low Water Mark Policy: If S reads O, then I(S) = min(I(S), I(O)) BLP vs Biba
l
e
v
e
l
high
low
L(O)
L(O)
L(O)
Confidentiality
BLP
I(O)
I(O)
I(O)
Biba
l
e
v
e
l
high
low
Integrity
Compartments Compartments - Multilevel Security (MLS) enforces access control up and down
- Simple hierarchy of security labels is generally not flexible enough
- Compartments enforces restrictions across
- Suppose TOP SECRET divided into TOP SECRET {CAT} and TOP SECRET {DOG}
- Both are TOP SECRET but information flow restricted across the TOP SECRET level
Compartments - Why compartments?
- Why not create a new classification level?
- May not want either of
- TOP SECRET {CAT} TOP SECRET {DOG}
- TOP SECRET {DOG} TOP SECRET {CAT}
- Compartments designed to enforce the need to know principle
Compartments - Arrows indicate “” relationship
- Not all classifications are comparable, e.g.,
TOP SECRET {CAT} vs SECRET {CAT, DOG}
TOP SECRET {CAT, DOG}
TOP SECRET {CAT}
TOP SECRET
SECRET {CAT, DOG}
SECRET {DOG}
SECRET
TOP SECRET {DOG}
SECRET {CAT}
MLS vs Compartments - MLS can be used without compartments
- But, MLS almost always uses compartments
- Example
- MLS mandated for protecting medical records of British Medical Association (BMA)
- AIDS was TOP SECRET, prescriptions SECRET
- What is the classification of an AIDS drug?
- Everything tends toward TOP SECRET
- Defeats the purpose of the system!
- Compartments-only approach used instead
Chia sẻ với bạn bè của bạn: |
|
|
