Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
8Activity

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
Computer Security 1

Computer Security 1

Ratings:

4.5

(2)
|Views: 1,392 |Likes:
Published by ranjithmahesh8417

More info:

Published by: ranjithmahesh8417 on Feb 17, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF or read online from Scribd
See more
See less

05/01/2013

 
University o
Cambridge
Computer Laboratory
E
SSAYS ABOUT
C
OMPUTER
S
ECURITY
Prof. E. Stewart LeeDirectorCentre for Communications Systems ResearchCambridge
©
Cambridge, 1999
 
Preface
The purpose of these essays is to present some of the material thatis the basis of security in computer systems. An attempt has been made toinclude examples in order to make the difficulty of many of the conceptsapparent. It is all too easy to state glibly that a system is required toinclude a reference monitor, or that controls on covert channels will beenforced, or that the network will be secure against unauthorisedobservation of traffic, or a myriad of other requirements. Usually, suchthings imply a major development issue, because always the devil hides inthe details.No attempt has been made to include everything. Notable missingareas are security protocols
1
, database security
2
, the least privilegeprinciple
3
, modern work on cryptography and cryptographic algorithms
4
,public key cryptosystems
5
and the recent work on the compositionproblem
6
. There are many other subjects that might have been covered,but it is felt that these essays provide sufficient background so that peoplewho are developing an interest in computer security can appreciate manyof the follow-on issues that are the focus of present research activity.These essays were originally conceived as some handouts to acourse in computer security that was started in 1993 in the Department oElectrical and Computer Engineering at the University of Toronto. Theseessays were drawn from the handouts for the spring of 1995.In all cases an attempt has been made to include references tooriginal material. However, much of this material is not easily accessible.In these cases rather more detail is included that might be otherwisestrictly necessary.Great thanks must go to those authors who developed the materialupon which the essays are based. Several hundred students also meritthanks. Without their attention and probing questions the essays wouldcontain many more absurdities and errors than they still do. 
1
Bruce Schneier, Applied Cryptography, 2
nd
ed., Wiley, 1996.
2
S. Castano, M.G. Fugini, G. Martella, P. Samarati, Database Security,Addison-Wesley, 1995.
3
See for example Aris Zakinthinos & E. Stewart Lee, "A Least Privilege Mechanismfor User Processes"
Fifth International Working Conference on DependableComputing for Critical Applications
, IFIP Working Group 10.4 on DependableComputing and Fault-Tolerance, September 1995, pp. 56-67.
4
See citation 1.
5
See citation 1.
6
Aris Zakinthinos & E. Stewart Lee, "Composing Secure Systems that haveEmergent Properties",
11th IEEE Computer Security Foundations Workshop
,IEEE Computer Society, June 1998. A series of papers by these authors, of whichthis is the latest, discuss the problem.
 
Table of Contents
1.T
HE
S
ECURITY
V
OCABULARY
.................................................................1
1.1.Security Policies, Principles, and Mechanisms..................................11.1.1.Security Policy11.1.2.Security Principles21.1.3.Security Mechanisms21.2.Access Control......................................................................................21.2.1.Discretionary Access Control (DAC)31.2.2.The Access Matrix31.2.3.Capabilities41.2.4.Profiles41.2.5.Access Control Lists51.2.6.Mandatory Access Control (MAC)51.3.Common Attack Techniques...............................................................71.3.1.Search for Stupidity71.3.2.Trojan Horse81.3.3.Trapdoor91.3.4.Spoofing101.3.5.Virus101.3.6.Worm111.3.7.Overt Channel111.3.8.Covert Channel111.4.Safety Critical Systems.....................................................................12
2.G
LOSSARY OF
T
ERMS
............................................................................153.O
PERATING
S
YSTEM
S
ECURITY
...........................................................21
3.1.Confidentiality Security Policy.........................................................223.1.1.U.S. Confidentiality Policy223.1.2.
CLASS ONE POLICY223.1.3.CLASS TWO ACCOUNTABILITY243.1.4.CLASS THREE ASSURANCE263.2.The Orange Book...............................................................................283.2.1Summary of Evaluation Criteria Classes283.2.2Requirement Directory293.2.3Summary of the TCSEC453.3.A Formal Model of Access Systems...................................................463.3.1.The Trusted Subjects473.3.2.Command Semantics493.3.3.Access Control503.3.4.Delegated Ownership513.3.5.Avoiding Confinement Problems513.3.6.DAC Assessed52
4.B
UILDING
A
SSURANCE
..........................................................................53
4.1.The Reference Monitor......................................................................534.2.The Mechanisms That Must be Trusted..........................................534.3.Single Level Operation......................................................................544.4.System High......................................................................................55

Activity (8)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Aditi Rumde liked this
Pradeep Subedi liked this
Bharti Goyal liked this
Kaushik Chauhan liked this
manmca1986 liked this
manmca1986 liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->