Professional Documents
Culture Documents
ITEC 106: Systems Security: Eden May T. Terte
ITEC 106: Systems Security: Eden May T. Terte
ITEC 106: Systems Security: Eden May T. Terte
Systems Security
Contents
Security Models ....................................................................................................... 3-4
Assignment No. 6
Capability-based security
Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a
key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. A user program on a
capability-basedoperating system must use a capability to access an object. Capabilitybased security refers to the principle of designing user programs such that they directly
share capabilities with each other according to the principle of least privilege, and to the
operating system infrastructure necessary to make such transactions efficient and secure.
Capability-based security is to be contrasted with an approach that uses hierarchical protection domains.
Clark-Wilson modell
The Clark-Wilson security model is based on preserving information integrity
against the malicious attempt of tampering data. The security model maintains that only
authorized users should make and be allowed to change the data, unauthorized users
should not be able to make any changes, and the system should maintain internal and
external data consistency.
state of a given TCP or UDP session. This means, as multiple channels are created or
used by applications such as SQL*Net, FTP, and RPC, CBAC can respond by creating
temporary openings in the firewall access lists to allow return traffic and additional data
connections for specified sessions that originated from within the protected network. This
application-layer awareness and capability to evolve with the traffic is beyond the capabilities of access list technologies.
Graham-Denning model
The Graham-Denning Model is a computer security model that shows how subjects and objects should be securely created and deleted. It also addresseshow to assign
specific access rights. It is mainly used in access controlmechanisms for distributed systems.
Non-interference (security)
Non-interference is a strict multilevel security policy model, first described by
Goguen and Meseguer in 1982, and amplified further in 1984. The noninterference model
ensures that actions that take place at a higher security level do not affect actions that take
place at a lower level. The goal of a noninterference model is to strictly separate differing
security levels to assure that higher-level actions do not determine what lower-level users
can see. This is in contrast to other security models that control information flows between
differing levels of users, By maintaining strict separation of security levels, a noninterference model minimizes leakages that might happen through a covert channel.
4
Object-capability model
The object-capability model is a computer security model based on the Actor
model of computation. The name object-capability model is due to the idea that the
capability to perform an operation can be obtained by the following combination: The security model relies on not being able to forge references; see Synthesizing addresses of
actors.