Abstract

Security systems for IT infrastructures can be separated according to the type of access control they use. The most frequently used security systems support discretionary access control (DAC). Mandatory access control is very seldom used (mainly for military purposes).

DAC based security systems do not explicitly support the control of the information flow. This is the main advantage of MAC based security systems. In DAC finding the possible information flow paths is usually done by a manual analysis of the access rights which are assigned to users. There are two disadvantages with this procedure: it is highly prone to errors and quite often there is no exact defintion which information flow paths are allowed and which are disallowed.

The first part of this thesis gives a thorough introduction to the most important aspects of computer security systems including cryptography.

In the second part of this thesis I develop a method for detecting the allowed information flow paths within an organization. Such information flow paths are defined for organizational units as well as for users. Users are treated as members of organizational units.

Information flow paths between elements of the IT infrastructure are covered as well. These elements usually form a network. Information flow paths are determined by the assignment of access rights for users and by the topology of the network.

Both kind of information flow paths (organizational and technical paths) are mapped to each other and examined for contradictions. A contradiction means that there is a technical information flow path without a corresponding organizational information flow path.

All this is done by creating models for the organization and for the IT infrastructure. These models are compared with each other what means that there is a mapping between the IT infrastructure to the elements of the organization.

This procedure which is named SecSim1, an abbreviation of Security Simulator Version 1 - allows to adjust the access rights assigned to the users until the technical possibilities meet the organizational needs.

There are mathematically exact definitions for the used models and for the different kind of contradictions which are considered in this procedure. All models are based on graph theory and the information flow is modelled as a boolean flow within a graph.

With SecSim1 it is possible to manage information flows even in DAC supporting security systems. Contrary to MAC supporting systems this has to be done when (or before) the access rights are assigned to the users and not at run time.

Finally a prototypical implementation of SecSim1 is presented and the very first outcomes of this implementation are discussed.

Back