Mandatory Access Control: Confidentiality Models

This lecture covers the Bell La Padula model for confidentiality, covert channels, and the challenges of declassification. It explains security models as design patterns for specific security properties, focusing on the Bell-La Padula model's protection of confidentiality. The classification of objects and subjects, dominance relationships, and the importance of clearance levels are discussed. The lecture also delves into the properties of the BLP system, including the ss-property, *-property, and ds-property. It concludes with the Basic Security Theorem and the limitations of the Bell La Padula model, emphasizing the need for dynamic systems to address changing security needs.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related lectures (33)

Related concepts (27)

COM-301: Computer security and privacy

This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.

Biba Model

The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1975, is a formal state transition system of computer security policy describing a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

Computer security model

A computer security model is a scheme for specifying and enforcing security policies. A security model may be founded upon a formal model of access rights, a model of computation, a model of distributed computing, or no particular theoretical grounding at all. A computer security model is implemented through a computer security policy. For a more complete list of available articles on specific security models, see . Access control list (ACL) Attribute-based access control (ABAC) Bell–LaPadula model Biba mo

Mandatory access control

In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In the case of operating systems, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices, etc. Subjects and objects each have a set of security attributes.

Discretionary access control

In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria (TCSEC) as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).

Airport security

Airport security includes the techniques and methods used in an attempt to protect passengers, staff, aircraft, and airport property from malicious harm, crime, terrorism, and other threats. Aviation security is a combination of measures and human and material resources in order to safeguard civil aviation against acts of unlawful interference. Unlawful interference could be acts of terrorism, sabotage, threat to life and property, communication of false threat, bombing, etc. Large numbers of people pass through airports every day.

Mandatory Access Control: Principles and Security Models COM-301: Computer security and privacy

Explores Mandatory Access Control principles, security models, the Chinese Wall model, covert communication channels, and the importance of sanitization in business.

Mandatory Access Control: Multi-property Security Models COM-301: Computer security and privacy

Explores the Chinese Wall model for combining confidentiality and integrity, addressing conflicts of interest and multilateral security.

Security Design Principles: Preliminaries COM-301: Computer security and privacy

Covers basic security concepts, adversarial thinking, security mechanisms, and responsible conduct in security design principles.

Protecting Work: Threats

Discusses the importance of protecting work and EPFL through laws, regulations, threat identification, data protection, risk prevention, and security controls.

Password Security

Emphasizes the importance of safeguarding passwords and avoiding sharing them.