cissp chapter 05.ppt
Post on 30-Apr-2015
4.481 Views
Preview:
DESCRIPTION
TRANSCRIPT
The CISSP Prep GuideChapter 5
Security Architecture and Models
The CISSP® Prep Guide: Mastering the Ten Domains of Computer Security by Ronald L. Krutz, Russell Dean Vines (August 24, 2001), John Wiley & Sons. ISBN: 0471413569
Topics in Chapter 5
• Computer Organization
• Hardware Components
• Software/Firmware Components
• Open Systems
• Distributed Systems
• Protection Mechanism
• Evaluation Criteria
Topics in Chapter 5
• Certification and Accreditation
• Formal Security Models
• Confidentiality Models
• Integrity Models
• Information Flow Models
Computer Architecture
• CPU – ALU and Control Unit
• Memory – Cache, RAM, PLD, ROM, Real/Primary and
Secondary memory, Sequential and Random Access Memory, Virtual Memory
– Addressing: Register, Direct, Absolute, Implied, Indirect Addressing
– Memory Protection
Instruction Execution Cycle
• Privileged Instructions
• Pipelining
• CISC versus RISC
• Multiprogramming
• Multitasking
• Multiprocessing
Input/Output Structures
• Instruction Fetch-Decode-Execute Cycle
• Direct Memory Access
• Interruption
Software
• 1GL - Machine language
• 2GL - Assembly language
• 3GL - High Level Programming language
• 4GL - NATURAL, FOCUS, SQL
• 5GL – Natural Language
Distributed Architecture
• Client-Server Model
• Security Concerns– Email– Telnet, FTP– Encryption
Distributed ArchitectureSecurity Concerns
• Desktop Systems may be at risk of being exposed, and as entry for critical information
• Users may lack security awareness• Modem and dial-up access to corporate
network• Download or Upload of critical information• Lack of proper backup or disaster recovery
For Protection Mechanisms
• Email and download/upload policies
• Robust access control and biometrics
• Graphical user interface mechanism
• File encryption
• Separation of privileged process and others
• Protection domain, disks, systems, laptops
• Labeling and classification
For Protection Mechanisms
• Centralized backup for desktop systems
• Security awareness and regular training
• Control of software on desktop systems
• Encryption
• Logging of transaction and transmission
• Appropriate access controls
• Protection of applications and database
For Protection Mechanisms
• Security Formal methods in Software Development, Change Control, Configuration Management, and Environmental Change
• Disaster Recovery and Business Continuity Planning, for all systems including desktop, file system and storages, database and applications, data and information
Protected Mechanisms
• Trusted Computing Base (TCB)
• Security Perimeter
• Trusted Path
• Trusted Computer System
• Abstraction, Encapsulation, and Information Hiding
Rings
• Protection Rings
• Security Kernel
• Reference Model
• MULTICS
Security Modes
• Dedicated
• Compartmented
• Controlled
• Limited Access
Additional Considerations
• Covert Channel
• Lack of Parameter Checking
• Maintenance Hook and Trapdoor
• Time of Check to Time of Use (TOC/TOU) Attack
Assurance
• Evaluation Criteria– TCSEC by NCSC
Trusted Computer System Evaluation Criteria
– Classes of Security• D – Minimal protection• C – Discretionary protection (C1 and C2)• B – Mandatory protection (B1, B2, B3)• A – Verified protection; formal methods (A1)
– ITSEC
Certification and Accreditation
• Certification– The comprehensive evaluation of the technical
and non-technical security features of an information system and the other safeguards, which are created in support of the accreditation process, to establish the extent in which a particular design and implementation meets the set of specified security
Certification and Accreditation
• Accreditation– A formal declaration by a Designated
Approving Authority (DAA) where an information system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk
Certification and Accreditation
• DITSCAP– Defense Information Technology Security
Certification and Accreditation Process– Phase 1 Definition– Phase 2 Verification– Phase 3 Validation– Phase 4 Post Accreditation
• NIACAP– National Information Technology Security
Certification and Accreditation Process– Site Accreditation– Type Accreditation for Application or System– System Accreditation for major application or
general support system
Information Security Models• Access Control Models
– The Access Matrix– Take-Grant Model– Bell-LaPadula Model
• Integrity Models– The Biba Integrity Model– The Clark-Wilson Integrity Model
• Information Flow Models– Non-interference Model– Composition Theories
Bell-LaPadula Model
• DoD, Multilevel security policy– Individual’s Need-to-Know Basis– Security-labeled Materials and – Clearance of Confidential, Secret, or Top Secret– Thus dealing only with confidentiality of
classified material, but not with integrity or availability
– Input, State, Function and State Transition
Bell-LaPadula Model
1. The Simple Security Property
(ss Property).
States that reading of information by a subject at a lower sensitivity level from an object at a higher level is not permitted (No Read Up)
Bell-LaPadula Model
2. The * (star) Security Property
States that writing of information by a subject at a higher level of sensitive to an object at a lower level of sensitivity is not permitted.
(No Write Down)
Bell-LaPadula Model
3. The Discretionary Security Property
Uses an access matrix to specify discretionary access control
But Write-Up, Read-Down are OK.
• Authorization
• Control– Content-Dependent, Context-Dependent
Integrity Model
• Goals1. The data is protected from modification by
unauthorized users2. The data is protected from unauthorized
modification by authorized users3. The data is internally and externally
consistent – the data held in a database must balance internally and must correspond to the external, real-world situation.
Biba Integrity Model
• In 1977, lattice-based model
• Using “less than” or “equal to” relationship
• least upper bound (LUB) and greatest lower bound (GLB)
• The Lattice as a set of integrity classes (IC) and an ordered relationship among classes
• A Lattice as (IC, <=, LUB, GUB)
Biba Integrity Model
1. The Simple Integrity Axiom
States that a subject at one level of integrity is not permitted to observe (read) an object of a lower integrity
No Read Down
Biba Integrity Model
2. The * (Star) Integrity Axiom,
States that an object at one level of integrity is not permitted to modify (write to) an object of a higher level of integrity.
No Write Up
Biba Integrity Model
3. A subject at one level of integrity cannot invoke a subject at a higher level of integrity
Clark-Wilson Integrity Model
• Clark-Wilson, 1987• Constrained Data Item (CDI)
– A Data item whose integrity is to be preserved
• Integrity Verification Procedure (IVP)– Confirms that all CDIs through a well-formed
transaction, which transforms a CDI from one valid integrity state to another valid integrity state
• Unconstrained Data Item (UDI)– Data items outside of the control area of the modeled
environment such as input information
top related