Mô hình Biba

  • Published on
    04-Aug-2015

  • View
    417

  • Download
    8

Embed Size (px)

Transcript

<p>M Hnh Ton Vn BibaNhm thc hin: Bi Xun Quang Vit Hng Nguyn Vit Tip Nguyn Kin Thit Nguyn Xun Tun</p> <p>AT4b</p> <p>Biba Model</p> <p>1</p> <p>Computer Security An ninh my tnh c lin quan n 3 kha cnh: Confidentiality(Bo Mt): Ngn chn,pht hin,rn e nhng yu t khng ph hp thng tin. Integrity(Ton vn):Ngng chn,pht hin,rng e nhng sa i khng ph hp thng tin. Availability(Sn sng): Ngn chn,pht hin,rn e t chi khng ng dch v c cung cp bi h thng.AT4b Biba Model 2</p> <p>Security Model Mt chnh sch an ton iu chnh mt b quy tc v mc tiu bi mt t chc. Mt m hnh bo mt c th c s dng bi mt t chc gip th hin cc chnh sch hay quy tc kinh doanh s c s dng trong h thng my tnh. C 2 loi m hnh c th s dng:iu khin truy nhp ty v iu khin truy nhp bt buc(discretionary access control and mandatory access control).AT4b Biba Model 3</p> <p>Bell-LaPadula Model The Bell-LaPadula model is one of the first models that was created to control access to data. The properties of the Bell-LaPadula model are: The simple security property which is no read up</p> <p> The star property which is no write down.</p> <p> A problem with this model is it does not deal with the integrity of data. The star property makes it is possible for a lower level subject to write to a higher classified object.AT4b Biba Model 4</p> <p>Biba Integrity Model M hnh ton vn Biba c a ra nm 1977 ti tng cng ty MITRE.Mt nm sau khi m hnh Bell-LaPadula c xut bn. Cc ng lc chnh cho vic to m hnh ny l s bt lc ca m hnh Bell-LaPadula i ph vi tnh ton vn ca d liu .AT4b Biba Model 5</p> <p>Integrity(Tnh ton vn) Tnh ton vn cp n s tin cy ca d liu hay ti nguyn. Tnh ton vn thng c xc nh trong iu khon ngn chn thay i khng ph hp ca d liu. C ba mc tiu tnh ca tnh ton vn:1. Ngn chn ngi s dng tri php sa i d liu hay chng trnh. 2. Ngn chn ngi dng c y quyn sa i khng ph hp hay tri php. 3. Duy tr tnh thng nht ni b v bn ngoi ca d liu v chng trnh.Biba Model</p> <p>AT4b</p> <p>6</p> <p>Mc ton vn Mc ton vn c quy nh bi cc nhn, bao gm hai phn : a classification (Phn loi). a set of categories(tp hp cc loi).</p> <p> Mc ton vn c p dng cho cc i tng v ch th trong h thng.</p> <p>AT4b</p> <p>Biba Model</p> <p>7</p> <p>Phn Loi Ton Vn Vic phn loi bao gm cc yu t: Crucial (c) Very Important (VI) Important (I)</p> <p> Mi quan h gia cc yu t:C &gt; VI &gt; IAT4b Biba Model 8</p> <p>Set Categories Tp cc loi cha trong nhn s l mt tp hp con ca tt c cc b trong h thng Vic phn loi tp hp cc loi l khng theo thc bc.</p> <p>AT4b</p> <p>Biba Model</p> <p>9</p> <p>V d Set Categories Mt v d v hai loi l loi X = (Detroit, Chicago, New York th loi) v Y = (Detroit, Chicago). Trong trng hp ny X Y (X dominates Y), v Y l mt tp hp con ca X. Nu c loi Z (Detroit, Chicago, Miami).Z v X trong trng hp ny l khng th so snh bi v cc yu t th ba ca b ny l khc nhau .AT4b Biba Model 10</p> <p>Integrity Levels Mi cp ton vn s c i din bi L(C,S),trong : L l mc ton vn. C l phn loi. S is the set of categories.</p> <p> Cc mc ton vn sau hnh thnh mt mi quan h thng tr . Mc ton vn L = (C, S) tri hn() mc ton vn L = (C, S) nu v ch nu:C C and S SAT4b Biba Model 11</p> <p>Ch th v i tng Cng ging nh cc m hnh khc, m hnh Biba h tr kim sot truy cp ca ch th v cc i tng . Subjects(ch th) l nhng yu t hot ng trong h thng c th truy cp thng tin. Objects(i tng) l nhng yu t th ng m truy nhp c th c yu cu(files, programs, etc.).</p> <p> Mi ch th v i tng trong m hnh Biba s c mt mc ton vn gn vi n.AT4b Biba Model 12</p> <p>Access Modes M hnh Biba bao gm cc phng thc truy cp sau : Modify(Sa i):Cho php mt ch th ghi mt i tng. Observe(Quan st):Cho php mt ch th c mt i tng. Invoke(Triu gi):Cho php mt ch th giao tip vi ch th khc. Execute(Thc hin):Cho php mt ch th thc hin mt i tng.</p> <p>AT4b</p> <p>Biba Model</p> <p>13</p> <p>Biba Policies M hnh Biba thc s l mt nhm cc chnh sch khc nhau c th c s dng . M hnh ny c h tr c chnh sch bt buc v chnh sch ty (mandatory and discretionary policies). The Mandatory Policies: Strict Integrity Policy Low-Watermark Policy for Subjects Low-Watermark Policy for Objects Low-Watermark Integrity Audit Policy Ring Policy Access Control Lists Object Hierarchy Ring</p> <p>The Discretionary Policies: </p> <p>AT4b</p> <p>Biba Model</p> <p>14</p> <p>Strict Integrity Policy The Strict Integrity Policy(chnh sch ton vn chnh xc) l phn u tin ca m hnh Biba,bao gm: 1. Simple Integrity Condition: s S c th quan st o O nu v ch nu i(s) i(o)(no read-down). 2. Integrity Star Property: s S can sa i o O nu v ch nu i(o) i(s) (no write-up). 3. Invocation Property: s S c th triu gi s S nu v ch nu i(s) i(s).Biba Model</p> <p>AT4b</p> <p>15</p> <p>Simple Integrity Condition No Read-Down</p> <p>Read Read Read</p> <p>circle = subject, square = objectAT4b Biba Model 16</p> <p>Integrity Star Property No Write-Up</p> <p>Write Write Write</p> <p>circle = subject, square =objectAT4b Biba Model 17</p> <p>Strict Integrity Policy Chnh sch ny l chnh sch ph bin nht c s dng t m hnh . no write-up and no read-down trn d liu trong h thng,iu ny i lp vi m hnh Bell LaPadula. Chnh sch ny hn ch nhim ca cc d liu mc cao hn, v i tng l ch c php sa i d liu cp ca h hoc mc thp hnAT4b Biba Model 18</p> <p>Strict Integrity Policy No Write Up" l iu cn thit, v n hn ch thit hi m c th c thc hin bi cc i tng nguy him trong h thng .V d,No Write Up" hn ch s thit hi m c th c thc hin bi mt Trojan trong h thng. Cc trojan s ch c th ghi ti cc i tng cp n nguyn vn hoc thp hn. iu ny quan trng bi v n hn ch nhng thit hi m c th c gy ra cho H iu hnh No read-down ngn nga mt ch th khng b nhim bi mt i tng t tin cy .AT4b Biba Model 19</p> <p>Low-Watermark Policy for SubjectsThe low-watermark policy: Khng c xung c s linh hot. The low-watermark policy gm cc quy tc sau: 1. Cho php 1 ch th c xung nhng trc tin,phi gim mc ton vn ca n xung mc ca i tng ang c. ch th S c th c(quan st) i tng O ti bt k mc ton vn no,Mc ton vn mi ca i tng l Inf(i(s),i(o)) trong i(s) v i(o) l cc mc ton vn trc khi thao tc c thc hin. 2. Invocation Property: s S c th triu gi s S nu v ch nu i(s) i(s). </p> <p>AT4b</p> <p>Biba Model</p> <p>20</p> <p>Low-watermark Policy for Subjects</p> <p>circle = subject, square = objectAT4b Biba Model 21</p> <p>Low-Watermark Policy for Subjects The low-watermark policy for Subjects l khng hn ch mt ch th c i tng. The low-watermark policy for Subjects: l mt chnh sch nng ng, v n s lm gim mc ton vn ca mt ch th da trn cc i tng c quan st . Chnh sch ny vn c thiu st.Mt vn vi chnh sch ny l nu 1 ch th quan st mt i tng tin cy t hn,n s lm gim mc ton vn ca ch th.Sau ,nu ch th cn quan st cc i tng khc,iu ny c th s khng c v mc ton vn ca ch th b h xung.H qu ca vic ny l t chi dch v ty thuc vo thi gian giAT4b Biba Model 22</p> <p>Low-Watermark Policy for Objects The low-watermark policy for objects l khng ghi ln c tnh linh hot Quy tc: Gim mc i tng xung cng mc vi ch th ang ghi. Ch th s c th sa (bin i) i tng o ti bt k mc ton vn no.Mc ton vn mi ca i tng l inf(i(s),i(o)), trong i(s) v i(o) l cc mc ton vn trc khi thao tc c thc hin.AT4b Biba Model 23</p> <p>Low-Watermark Policy for Objects</p> <p>circle = subject, square = objectAT4b Biba Model 24</p> <p>Low-Watermark Policy for Objects The low-watermark policy for objects cng l mt dynamic policy, Tng t nh low-watermark policy for subjects. Bt li ca chnh sch ny l khng lm g ngn chn mt ch th khng tin cy sa i mt i tng tin cy. Chnh sch ny cung cp vic bo v khng thc t trong h thng. Nu mt chng trnh c hi c np vo h thng my tnh n c th sa i bt k i tng trong h thng .M hnh ny s lm gim mc ton vn ca i tng.AT4b Biba Model 25</p> <p>Low-Watermark Integrity Audit PolicyThe low-watermark integrity audit policy bao gm cc quy tc: 1. Bt k ch th no cng c th sa i bt k i tng no,bt k mc ton vn. 2. Nu mt ch th sa i mt i tng mc ton vn cao hn(i tng ng tin cy hn).kt qu s c lu li trong nht k kim tra Hn ch cho chnh sch ny l n khng c g ngn chn mt sa i khng ng i tng .Chnh sch ny cng tng t nh Low-Watermark Integrity For Objects ,ngoi tr trong trng hp ny,mc ton vn ca i tng khng b h xung,n c ghi li. Chnh sch ny n gin l lu li mt sa i din ra khng ng. </p> <p>AT4b</p> <p>Biba Model</p> <p>26</p> <p>Ring Policy The ring policyl chnh sch bt buc cui cng ca m hnh biba.Nhn ton vn s dng cho ring policy l c nh tng t nh trong strict integrity policy. The Ring Policy bao gm cc quy nh:1. Bt c ch th no cng c th quan st bt k i tng, bt k mc ton vn . 2. Integrity Star Property: s S c th sa i o O nu v ch nu i(o) i(s) (no write up). 3. Invocation Property: s S c th triu gi s S nu v ch nu i(s) i(s).AT4b Biba Model 27</p> <p>Ring Policy The Ring Policy: cho php bt k ch th quan st bt k i tng. Chnh sch ny ch lin quan n sa i trc tip . Hn ch cho chnh sch ny l n cho php sa i khng ph hp gin tip. Mt ch th c th c mt i tng t tin cy.Sau n c th sa i cc d liu m n quan st c mc ton vn ring.AT4b Biba Model 28</p> <p>Thun li v Bt li Thun Li: M hnh Biba n gin v d thc hin. M hnh Biba cung cp mt s chnh sch khc nhau c th la chn da trn nhu cu.</p> <p> Bt Li: M hnh ny khng thc thi tnh bo mt. M hnh Biba khng h tr vic cp v thu hi quyn. s dng m hnh ny,tt c cc my tnh tron h thng phi h tr ghi nhn ton vn cho c ch th v i tng.n ny,khng c giao thc mng h tr vic ghi nhn ny.</p> <p>AT4b</p> <p>Biba Model</p> <p>29</p> <p>Kt Lun Biba thc s l nhm cc m hnh khc nhau la chn . M hnh nn c kt hp vi cc m hnh khc v n khng cung cp tnh bo mt.Mt m hnh nh Bell LaPadula nn c s dng b sung cho n M hnh Lipner l mt trong nhng m hnh c pht trin p ng cc yu cu ny, n kt hp c Bell-LaPadula v Biba m hnh vi nhau .AT4b Biba Model 30</p> <p>Cm n cc bn theo di</p> <p>AT4b</p> <p>Biba Model</p> <p>31</p>