2. 22
Trusted Systems
๏ฎ Systems used to enhance the ability to
defend against intruders and malicious
programs.
๏ฎ based on levels of security .
3. 33
Multilevel Security
๏ฎ When multiple categories or levels of data are
defined, the requirement is referred to as
multilevel security.
๏ฎ Typically use Mandatory Access Control.
๏ฎ Primary Security Goal: Confidentiality (ensures
that information do not flow to those not cleared
for that level).
4. 4
Security Goal of MLS
๏ฎ There are security classifications or security
levels
๏ฎ Subjects have security clearances
๏ฎ Objects have security classifications
๏ฎ Example of security levels
๏ฎ Top Secret
๏ฎ Secret
๏ฎ Confidential
๏ฎ Unclassified
๏ฎ In this case Top Secret > Secret > Confidential
> Unclassified
5. 555
Data Access Control
๏ฎ Through the user access control
procedure (log on), a user can be
identified to the system.
๏ฎ Associated with each user, there can be
a profile that specifies permissible
operations and file accesses.
๏ฎ The operating system can enforce rules
based on the user profile.
6. 666
Data Access Control
๏ฎ General models of access control:
๏ฎ Access matrix
๏ฎ Access control list
๏ฎ Capability list
7. 777
Data Access Control
๏ฎ Access Matrix: Basic elements of the model
๏ฎ Subject
๏ฎ Object
๏ฎ Access right
10. 101010
Data Access Control
๏ฎ Access Control List
๏ฎ For each object, An access control list lists
users and their permitted access right.
๏ฎ The list may contain a default or public
entry.
12. 121212
Data Access Control
๏ฎ Capability list
๏ฎ A capability ticket specifies authorized
objects and operations for a user.
๏ฎ Each user have a number of tickets.
๏ฎ Capabilities are not forgeable.
13. 131313
The Concept of
Trusted Systems
๏ฎ Multilevel security
๏ฎ Definition of multiple categories or levels of data
๏ฎ A multilevel secure system must enforce:
๏ฎ No read up
๏ฎ No write down
15. 151515
The Concept of
Reference monitor
๏ฎ Reference Monitor
๏ฎ Controlling element in the hardware and
operating system of a computer that
regulates the access of subjects to objects
on basis of security parameters
๏ฎ The monitor has access to a file (security
kernel database)
๏ฎ The monitor enforces the security rules (no
read up, no write down)
16. 161616
The Concept of
Reference Monitor
๏ฎ Properties of the Reference Monitor
๏ฎ Complete mediation
๏ฎ Isolation
๏ฎ Verifiability
17. 1717
Trojan Horse
๏ฎ It is a type of malware (malicious
software) designed to provide
unauthorized, remote access to a userโs
computer.
๏ฎ Trojan horses do not have the ability to
replicate themselves like viruses.
๏ฎ With the help of Trojan, an user can get
access to the Trojan horse infected
computer and would be able to access the
data.
20. 2020
Indications of Trojan Attack
๏ฎ Browser redirects to unknown pages.
๏ฎ Anti virus is disabled.
๏ฎ Strange pop ups or chat messages appear
on the system.
๏ฎ The computer shuts down automatically.
๏ฎ Ctl+Alt+Del stops working.
๏ฎ Printer prints documents automatically.
21. 2121
Examples of Trojan
๏ฎ Net bus
๏ฎ Sub seven
๏ฎ Y3K remote administration tool
๏ฎ Back Orifice
๏ฎ Beast
๏ฎ Zeus
๏ฎ The Black hole Exploit kit
๏ฎ Flashback Trojan
22. 2222
How to avoid being infected ?
๏ฎ Do not surf or download anything from
stranger website.
๏ฎ Do not open the unexpected attachments
on emails.
๏ฎ We need an antivirus to protect our
computer from being infected.
23. 2323
References
๏ฎ Cryptography And Network Security, 4th
Edition by William Stallings.
๏ฎ Computer Security, 2nd edition by Dieter
Gollman.
๏ฎ Specifications of multi-level security
research by Daryl McCullough.