Professional Documents
Culture Documents
BY:
181346
SUPERVISED BY:
SUBMITTED TO:
DECEMBER, 2022
1
DEDICATION
2
ACKNOWLEDGEMENT
My sincere gratitude goes to our supervisor in person of Prof.(Mrs) O.D FENWAwho has been the back
bone for this project. I also appreciate our lovely parent for their financial support towards the success of this
program, also like to extend our profound gratitude to the Department of Computer, LAUTECH for the
privilege given to us
3
ABSTRACT
This project discusses the realization of mandatory access control in role-based protection systems. Starting
from the basic definitions of roles, their application in security and the basics of the concept of mandatory
access control, we develop a scheme of role-based protection that realizes mandatory access control. The
basis of this formulation develops from the recognition that roles can be seen as facilitating access to some
given information context. By handling each of the role contexts as independent security levels of
information, we simulate mandatory access by imposing the requirements of mandatory access control.
Among the key considerations, we propose a means of taming Trojan horses’ by imposing acyclic
information among contexts in role-based protection systems. The acyclic information own and suitable
access rules incorporate secrecy which is an essential component of mandatory access control.
4
Contents
DEDICATION................................................................................................................................................2
ACKNOWLEDGEMENT..............................................................................................................................3
ABSTRACT...................................................................................................................................................4
CHAPTER ONE.............................................................................................................................................6
INTRODUCTION..........................................................................................................................................6
CHAPTER TWO............................................................................................................................................8
CONCLUSIONS..........................................................................................................................................15
REFERENCES.............................................................................................................................................16
5
CHAPTER ONE
INTRODUCTION
Mandatory access control (MAC) model is an important security model. Based on the lattice model of
security level and Bell-LaPadula model the definition of MAC security model is formally described in detail.
The equivalent MAC security model described by colored Petri nets (CPN) is proposed. According to the
state reach ability graph, four security properties of MAC security model, i.e. the access temporal relations,
the reach ability of objects when subject accesses them, hidden security holes due to the dynamic security
level, the indirect reasoning of confidential information flow between different objects, are explored at
length.
In addition, an example of the security model is illustrated and the conclusions show that the security model
based on Petri nets is not only a concise graphic analysis method, but also suited to be formally verified. This
model can efficiently improve the whole security policies during the system security design and
implementation. system's security policy controls where a process can attach channels in the path space,
defines which abilities to assign to its processes, and controls which processes can connect to which others.
Access control is a mechanism used to secure a system by limiting the actions available to a
process. Sandboxing, in contrast, constrains code with virtual walls (to protect it from being accessed and
damaged). These security measures work well together. A security policy sets out the conditions for access
6
Mandatory access control (MAC) is policy-driven, with rules to enforce relationships between processes,
channels, and paths. For example, rules control which processes can connect to a channel, as well as which
Role-based security provides a flexible means of managing large numbers of access rights, especially for
large database systems. A role is defined in terms of privileges where a privilege is a unit of access to system
information. A role is a named collection of such privileges (Baldwin (1990), Krishnamurthy &Mc Gu_n
(1994a)). User-role authorization grants the user access to the role's privileges.
Role-based protection eases the administration of privileges due to the edibility with which roles can be
7
CHAPTER TWO
Simulation of mandatory access control (MAC) and lattice base access control (LBAC) Information Security
2.2 SOLUTION
Objects mainly include passive entities (file, storage area) While Subjects mainly contain active entities
MAC model has an evident peculiarity that each subject Or object is assigned a security level. System
By comparing the security level of a subject with that of an Object. Unlike DAC model, subjects have no
Multi-Level Security (MLS) has a long tradition in Military environments and is a basic requirement for A
and B security classes in the TCSEC. MAC model is Based on security class, which is involved in two
concepts, i.e. security domains and security levels. For convenience, we firstly introduce the concept of
The pair (R, ≤) is a partially order set if defines a reflective, anti-symmetric, and transitive Relations on set
R. A partial order set (R, ≤) is called Lattice if for every x, y R there exists a least upper bound
8
LR and a greatest lower R.
Security domain denotes the legal active range of Information. If D0 denote a finite set of all domains and
According to the lattice model of MLS and BellLaPadula model, we introduce the formal definition of MAC
i. No-read-up
ii. No-write-down
Which demands that low-level subjects are not allowed to read high-level objects, and high level Objects are
only written by low-level subjects? These rules keep information flow from low to high.
R is a set of security rules to prescribe the Constraints conditions when subjects access objects.
Petri Net, as a formal tool, has a well-defined rigorous Semantics and can be efficiently used to model and
Colored Petri Nets (CPN) extends Petri Nets by allowing tokens to be associated with colors, i.e., data types
E is an arc expression function, It is defined from arc set A into expressions, such that: aA,
I is an initialization function, it is defined from P into closed expressions, such that: pP,
[Type(I(p))=C(p)MS].
10
Var(t): b(v) Type(v) and G(t)<b>
where expr<b> denotes the evaluation of the expression expr in the binding b. Let B(t) mean the set of all
token element is a pair (p, c) where pP and cC(p), while a binding elements is a pair (t, b),
denoted by BE.
=M1[>Y1M1[>Y2…Mn[Yn>Mn+1 such that nN, and Mi[>Mi+1 for all i1…n. A marking
M is reachable from a marking M iff there exists a finite occurrence sequence, e.g. iff for some nN
The set of markings which are reachable from M is denoted by [M>, and M[Y1Y2 … Yn>M could
For describing the MAC model with CPN, we firstly introduce the concept of Entity Security Model
(ESM).Similar to the concept of Entity Model in Database; the ESM is close to the realistic MAC model
while MAC model described by CPNs is more abstract. As shown in Fig.1, the ESM is the intermediate
output to convert
11
MAC model
CPN model Equivalent
semantics.
As an example, an ESM is shown in Fig.2. The elements of this ESM can be listed as follows:
12
R = (member, research, attend, subject, director);
The security class is assigned to every object by system administrator. They obey the relations U<C<S<TS,
After modeling the system with CPN, it is possible to use existing analysis techniques to verify the security
Access_mode is access mode when subjects access objects; PR is the product of L×L×Access_mode.
Variables maxL and curL denote the maximal and current security class of subjects respectively; objL
t3
1000 0100
0 0
t4
t1 t2
0000
1
t6
13
t5
0010 0001
Fig. 3 Reachability graph for a trusted subject
t3
100 010
00 00
t4
t1 t2
000
01
t6
t5
001 000
00 10
CONCLUSIONS
We have presented in this paper an emulation of mandatory access control using role-based protection. We
made the key observation that in MAC we are interested both inthe integrity and secrecy of information.
14
Thus in MAC, information own must be acyclic.We also observed that MAC requires subject and object
attributes as the basis for grantingauthorization. Moreover, such authorizations must observe the reference
monitor principle.
Consequently, to realize MAC using role-based protection, we view each role context asa security level and
ensure that information ows, caused either by role execution oruser-role authorization will be acyclic. We
proposed a number of access constraints that could realize the equivalent of Bell and LaPadula no read-up
and no write-down rules.Moreover, user labels will be determined by authorization while subject labels are
REFERENCES
Large Databases. In Proc. 1990 Symposium on Res. in Security & Privacy, pages 116{
15
32. IEEE Computer Society Press, May 1990.
Policies. In Proc. 1987 Symposium on Res. in Security & Privacy, pages 184{94. IEEE
Database Systems. In Proc. 1985 Symposium on Res. in Security & Privacy. IEEE
editor, Database Security II: Status & Prospects, pages 1{39. North-Holland, 1989.
D. E. Denning and W. Shockley. Discussion: Pros and Cons of the Various Approaches.
16
17