356140
Description
Mind Map by Craig Parker, updated more than 1 year ago
|
Created by Craig Parker
about 11 years ago
|
|
U4. Security Models & Policy
- Policy
- Policy= captures the requirements and describes
the steps to be taken to achieve security
- Organisatonal
Security Policy
- Rules that regulate how an
organisation manages security
- Must be well defined
- Must be well defined
- Rules that regulate how an
organisation manages security
- Automated
Security Policy
- Restrictions & properties that specify how a computing
system prevents violations of the organisational security
policy
- Restrictions & properties that specify how a computing
system prevents violations of the organisational security
policy
- Policy= captures the requirements and describes
the steps to be taken to achieve security
- Models
- Models = an 'idealised' implementation of an
organisation’s security policy.
- Models enforce the Access Control
Structure policy and ensure "need to know"
- Models allow formal validation of your implementation
against the security policy. Benchmarking
- Models allow formal validation of your implementation
against the security policy. Benchmarking
- Can be used to illustrate the
Fundamental Design Principles
- Models enforce the Access Control
Structure policy and ensure "need to know"
- State Machine Model (automaton)
- an abstract model that records relevant features of a
system (IE: its security) at a particular point in tim
- A state may change to another state at some later point in
time, triggered possibly by a clock or some input event
- movement from one state to another is known as a transition
- the more states you try capture, the more complicated
the model will become (more difficult to analyse).
- the more states you try capture, the more complicated
the model will become (more difficult to analyse).
- movement from one state to another is known as a transition
- A state may change to another state at some later point in
time, triggered possibly by a clock or some input event
- an abstract model that records relevant features of a
system (IE: its security) at a particular point in tim
- Models = an 'idealised' implementation of an
organisation’s security policy.
- Basic Security Theorem
- If we can do these 3 things then we know that
'security' is preserved by all transitions and so
the system will always be secure
- 1. Define the State Set so that it captures some aspect of 'security
- 2. Check that every state transition that begins
in a 'secure' state ends in a 'secure' state
- 3. Check that the initial state of the system is 'secure'.
- Ensure you define what "secure" is!
- 1. Define the State Set so that it captures some aspect of 'security
- If we can do these 3 things then we know that
'security' is preserved by all transitions and so
the system will always be secure
Want to create your own Mind Maps for free with GoConqr? Learn more.