Unit-2:- Confidentiality Policies

Introduction- A confidentiality policy, also called an information flow policy, prevents the
unauthorized disclosure of information. Unauthorized alteration of information is secondary.

For example, the navy must keep confidential the date on which a troop ship will sail. If the date
is changed, the redundancy in the systems and paperwork should catch that change. But if the
enemy knows the date of sailing, the ship could be sunk. Because of extensive redundancy in
military communications channels, availability is also less of a problem.

The term “governmental” covers several requirements that protect citizens’ privacy. In the
United States, the Privacy Act requires that certain personal data be kept confidential. Income tax
returns are legally confidential and are available only to the Internal Revenue Service or to legal
authorities with a court order. The principle of “executive privilege” and the system of
nonmilitary classifications suggest that the people working in the government need to limit the
distribution of certain documents and information. Governmental models represent the policies
that satisfy these requirements.

A confidentiality policy is intended to protect secrets; specifically, it is intended to prevent

unauthorized disclosure of information. One model (general purpose template) of a
confidentiality policy is the Bell–LaPadula (BLP) security model.

The Bell–LaPadula Model (BLP) is a state machine model used for enforcing access control in
government and military applications. The model is a formal state transition model of computer
security policy that describes a set of access control rules which use security labels on objects
and clearances for subjects.
Five major components of security policies: confidentiality, integrity, availability,
authenticity, and non-repudiation.

Different types of policies in computer system security-

Policies are divided in two categories −

❖ User policies
❖ IT policies.

User policies generally define the limit of the users towards the computer resources in a
workplace. For example, what are they allowed to install in their computer, if they can use
removable storages. Whereas, IT policies are designed for IT department, to secure the
procedures and functions of IT fields.

• General Policies − This is the policy which defines the rights of the staff and access level
to the systems. Generally, it is included even in the communication protocol as a
preventive measure in case there are any disasters.
• Server Policies − This defines who should have access to the specific server and with
what rights. Which software’s should be installed, level of access to internet, how they
should be updated.
• Firewall Access and Configuration Policies − It defines who should have access to the
firewall and what type of access, like monitoring, rules change. Which ports and services
should be allowed and if it should be inbound or outbound.
• Backup Policies − It defines who is the responsible person for backup, what
should be the backup, where it should be backed up, how long it should be kept and the
frequency of the backup.
• VPN Policies − These policies generally go with the firewall policy, it defines those
users who should have a VPN access and with what rights. For site-to-site connections
with partners, it defines the access level of the partner to your network, type of
encryption to be set.

Confinement principle- Confinement is a mechanism for enforcing the principle of least

privilege. The problem is that the confined process needs to transmit data to another process. The
confinement mechanism must distinguish between transmission of authorized data and the
transmission of unauthorized data.

CONFINEMENT TECHNIQUES-

Method confinement – hide access within local scope, including hand-offs. Thread
confinement – confine objects to sequence of operations (session).
Detour UNIX user ids- It defines which files that this process has access to.

Effective user ID: it is normally the same as a real user ID, but sometimes it is changed to
enable a non-privileged user to access the file that can only be accessed by root.

1. Detour is defined as few words about Unix user IDs and IDs associated with UNIX processes.

2. Every user in Unix like operating system is identified by different integer number, this unique
number is called as User-ID.

3. There are three types of UID defined for a process, which can be dynamically changed as per
the privilege of task.

4. The three different types of UIDS defined are:

À). Real UserID: It is account of owner of this process. It defines which files that this process
has access to.

B). Effective UserID: It is normally same as real UserID, but sometimes it is changed to enable a
non-privileged user to access files that can only be accessed by root.
C). Saved UserID: It is used when a process is running with elevated privileges (Generally root)
needs to do some under-privileged work; this can be achieved by temporarily switching to non-
privileged account.

5. A subject is a program (application) executing on behalf of some principal (s).

6. A principal may at any time be idle, or have one or more subjects executing on its behalf. An
object is anything on which a subject can perform operations (mediated by rights) usually objects
are passive, for example :

a. File

b. Directory (or folder)

c. Memory segment.

7. Each user account has a unique UID. The UID 0 means the super user (System admin). A user
account belongs to multiple groups. Subject are processes, associated with uid/gid pairs.

System call interposition- System call interposition is a powerful method for regulating and
monitoring program behavior. A wide variety of security tools have been developed which use
this technique. A system call correlating method is proposed to identify the coherent system calls
belonging to the same process from the system call sequence.

• System call interposition: • Isolates a process in a single operating system.

• Isolating threads sharing same address space:

• Software Fault Isolation (SFI), e.g., Google Native Code.

• Interpreters for non-native code.

Example- The actual system call does transfer control to the kernel (and is more
implementation-dependent and platform-dependent than the library call abstracting it). For
example, in Unix-like systems, fork and exec are C library functions that in turn execute
instructions that invoke the fork and exec system calls.

There are 5 different categories of system calls: process control, file manipulation, device
manipulation, information maintenance, and communication.
Error 404 digital hacking in India part 2 chases- Some attacks discuss in error 404 digital
hacking India part 2 chase are: India's biggest data breach, (the SBI debit card breach) when this
happened Bank was initially in a state of denial but subsequently they had to own up the cyber
security breach that took place in Indian history.

VM based isolation- A VM is an isolated environment with access to a subset of physical

resources of the computer system. Each VM appears to be running on the bare hardware, giving
the appearance of multiple instances of the same computer, though all are supported by a single
physical system.
A virtual machine (VM) is a virtual environment that works like a computer within a computer.
It runs on an isolated partition of its host computer with its own resources of CPU power,
memory, an operating system (e.g. Windows, Linux, macOS), and other resources.

Purpose-The main purpose of VMs is to operate multiple operating systems at the same time,
from the same piece of hardware. Without virtualization, operating multiple systems — like
Windows and Linux — would require two separate physical units.

Software fault isolation-

Software-based Fault Isolation (SFI) is a software-instrumentation technique at the machine-code
level for establishing logical protection domains within a process. In SFI, protection domains
stay within the same process, incurring low overhead when switching between domains.

Software-based Fault Isolation (SFI) establishes a logical protection domain by inserting

dynamic checks before memory and control-transfer instructions.
Rootkits- A rootkit is a clandestine computer program designed to provide continued
privileged access to a computer while actively hiding its presence.
Today rootkits are generally associated with malware – such as Trojans, worms, viruses – that
conceal their existence and actions from users and other system processes.

The main purpose of rootkits is to mask malware payloads effectively and preserve their
privileged existence on the system. For that reason, a rootkit will conceal files, malware
processes, injected modules, registry keys, user accounts or even system registries running on
system boot.
How to remove a rootkit
Step 1: Run rootkit removal software. Don't rely on Windows Defender or other inbuilt security
software, since most rootkits can subvert basic protections.

Step 2: Perform boot-time scan.

Step 3: Wipe device and reinstall OS.

Intrusion detection system- An intrusion detection system (IDS) is a device or software

application that monitors a network for malicious activity or policy violations. Any malicious
activity or violation is typically reported or collected centrally using a security information and
event management system.

Types- The four types of IDS and how they can protect your business

• Network intrusion detection system.

• Host-based intrusion detection system.
• Perimeter intrusion detection system.
• VM-based intrusion detection system.

Top 10 BEST Intrusion Detection Systems (IDS) [2021 Rankings]

#1) Solar Winds Security Event Manager.

#2) Bro.
#3) OSSEC.

#4) Snort.

#5) Suricata.

#6) Security Onion.

#7) Open WIPS-NG.