U4. Further Aspects of BLP

Descripción

Masters Comp Sec Mapa Mental sobre U4. Further Aspects of BLP, creado por Craig Parker el 30/11/2013.
Craig Parker
Mapa Mental por Craig Parker, actualizado hace más de 1 año
Craig Parker
Creado por Craig Parker hace más de 10 años
45
0

Resumen del Recurso

U4. Further Aspects of BLP
  1. Covert Channel
    1. A communications channel that allows transfer of information in a manner that violates the system’s security policy
      1. Storage Channel
        1. Information is leaked by operating system messages, file names, etc
          1. The existence of a document called 'topsecretplansforinvasionofIguanaland .doc' conveys quite a lot of information, even if you cannot actually read the document! Even a simple 'access denied' message can give you some information.
            1. Increases in amount of traffic on communications channels can be a sign of activity. Traffic flow analysis is a useful weapon
          2. Timing Channel
            1. Information is leaked by observing system performance
          3. covert channels are not detected by BLP modelling.
            1. even if BLP correctly models the stated security policy (in terms of 'no read-up, no write-down') there may well be ways, such as covert channels, by which the policy may be violated
          4. Limitations
            1. Confidentiality
              1. BLP relates only to confidentiality
                1. However, there are many cases where a security policy relates to integrity. IE Biba
              2. Tranquility
                1. BLP assumes that security levels are static
                  1. Subjects access / document classification both subject to change
                2. Covert channels
                  1. Sometimes, it is not sufficient to hide only the contents of objects. Their very existence may need to be hidden
                Mostrar resumen completo Ocultar resumen completo

                Similar

                U2.1 Comp Sec: deals with prevention & detection of unauthorised actions by users of a comp system
                Craig Parker
                U3.2 Access Control Structures
                Craig Parker
                U3. Labels & Access Control
                Craig Parker
                U2.2 Fundamentals
                Craig Parker
                U3.1 Access Control
                Craig Parker
                U3.3 Administration
                Craig Parker
                U4. Security Models & Policy
                Craig Parker
                U4. Bell-LaPladula
                Craig Parker
                U4. Biba
                Craig Parker
                U4. Harrison–Ruzzo–Ullman
                Craig Parker
                U4. Chinese Wall
                Craig Parker