Mandatory Access Control: Multi-property Security Models

This lecture covers the Chinese Wall model, which addresses conflicts of interest by combining confidentiality and integrity. It explains how entities with different properties may oppose each other and the role of Trusted 3rd parties, Trusted Hardware, and Advanced Cryptography in securing the Trusted Computing Base. The Chinese Wall Security Policy, inspired by UK financial sector rules, enforces a separation between conflicting activities within the same firm. It introduces the concept of conflict sets, labels denoting object origins, and access rules based on information flow restrictions. The lecture also discusses indirect flows within conflict sets and the necessity of sanitization to prevent information leakage. Additionally, it summarizes security models like BLP and BIBA, emphasizing declassification, integrity, and the trade-offs between confidentiality and availability.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related lectures (32)

Related concepts (18)

COM-301: Computer security and privacy

This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.

In physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization. Locks and login credentials are two analogous mechanisms of access control. Physical security Geographical access control may be enforced by personnel (e.g. border guard, bouncer, ticket checker), or with a device such as a turnstile.

The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1975, is a formal state transition system of computer security policy describing a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users, and to implementing mandatory access control (MAC) or discretionary access control (DAC). Role-based access control is a policy-neutral access control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments.

A computer security model is a scheme for specifying and enforcing security policies. A security model may be founded upon a formal model of access rights, a model of computation, a model of distributed computing, or no particular theoretical grounding at all. A computer security model is implemented through a computer security policy. For a more complete list of available articles on specific security models, see . Access control list (ACL) Attribute-based access control (ABAC) Bell–LaPadula model Biba mo

In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object or facility). An ACL specifies which users or system processes are granted access to resources, as well as what operations are allowed on given resourcess. Each entry in a typical ACL specifies a subject and an operation. For instance, If a file object has an ACL that contains , this would give Alice permission to read and write the file and give Bob permission only to read it.

Principles II: Complete Mediation, Open Design, Separation of Privilege COM-301: Computer security and privacy

Discusses the 'complete mediation', 'open design', and 'separation of privilege' principles to enhance system security.

Password Security

Emphasizes the importance of safeguarding passwords and avoiding sharing them.

Mandatory Access Control: Principles and Security Models COM-301: Computer security and privacy

Explores Mandatory Access Control principles, security models, the Chinese Wall model, covert communication channels, and the importance of sanitization in business.

Protecting Work: Threats

Discusses the importance of protecting work and EPFL through laws, regulations, threat identification, data protection, risk prevention, and security controls.

Security Design Principles: Preliminaries COM-301: Computer security and privacy

Covers basic security concepts, adversarial thinking, security mechanisms, and responsible conduct in security design principles.