CSE 227: Lecture 7
The topics covered in this lecture are
SFI efficiency,
Mandatory vs Discretionary Access Control,
forming into groups for reading and presenting research papers,
and, as promised, a new paper.
The big distinction of SFI is the ability to implement the security
policies efficiently: we could very simply (conceptually)
perform per-memory reference access checks by having an interpreter
for the native processor architecture, but that would lead to an
unacceptable performance loss.
For write accesses, SFI does not ``check'' the access; rather, it
only enforces that the access is within the memory region where writes
are allowed. Correctly written programs that do not violate the
memory access policy are unaffected; programs that violate policy
won't run as ``designed'', but that's okay as long as they don't
violate system integrity. The enforcement is extremely cheap: about
two addition machine instructions per original memory write
instruction (depends on instruction set architecture whether obtaining
the constants needed requires more instructions).
Mandatory Access Control (MAC) refers to having a mandatory security
policy that is enforced by the underlying operating system, as opposed
to having access controls that are up to the users to enforce.
Standard Unix provides only Discretionar Access Control (DAC).
MAC systems are used in high security applications (often military)
and generally implement the Bell-LaPadula security model. Here,
objects (files) are labelled with confidentiality labels, and subjects
(users and their processes) are labelled with clearance labels. The
policy can be summarized as "read down; write up" -- a process with
"secret" clearance may not read "top secret" files but may read
"secret", "sensitive", "public", etc files. Such a process may only
write "secret" and "top secret" files. Thus, nobody can declassify
data by reading it a top secret file and writing to a public file,
violating confidentiality.
You should form into groups of 3. We'll be reading research papers
soon where groups of students will be assigned to make presentations
to the rest of the class. All students will also be required to write
summaries of the papers (main technical points, the thesis of the
paper, etc) to turn in to me by email. The class web page will have
the papers and the presentation assignments.
Read Mobile
Agents: Are they a good idea? [pdf]. Email me a summary of the main ideas
/ theses of this paper, no more than 2 pages of plain ASCII 80-column
text, by Monday, Jan 28.
[
search CSE |
CSE |
bsy's home page |
links |
webster |
MRQE |
google |
yahoo |
citeseer |
certserver
]
bsy+cse227w02@cs.ucsd.edu, last updated Mon Apr 8 20:19:52 PDT 2002. Copyright 2002 Bennet Yee.
email bsy.