•Policy
partitions system states into:
–Authorized (secure)
•These are states the system can
enter
–Unauthorized (nonsecure)
•If the system enters any of these
states, it’s a security violation
•Secure
system
–Starts in authorized state
–Never enters unauthorized state
Confidentiality
•X set of entities, I information
•I has confidentiality property with respect to X if no x Î X can obtain information
from I
•I can be disclosed to
others
•Example:
–X set of students
–I final exam answer key
–I is confidential with respect to X if students cannot obtain final
exam answer key
Integrity
•X set of entities, I information
•I has integrity property with respect to X if all x Î X trust information in I
•Types of integrity:
–trust I, its
conveyance and protection (data integrity)
–I information about origin of something or an identity (origin
integrity, authentication)
–I resource: means resource functions as it should (assurance)
Availability
•X set of entities, I resource
•I has availability property with respect to X if all x Î X can access I
•Types of availability:
–traditional: x gets
access or not
–quality of service: promised a level of access (for example, a
specific level of bandwidth) and not meet it, even though some access is
achieved
No comments:
Post a Comment