cissp chapter 05.ppt
DESCRIPTION
TRANSCRIPT
![Page 1: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/1.jpg)
The CISSP Prep GuideChapter 5
Security Architecture and Models
The CISSP® Prep Guide: Mastering the Ten Domains of Computer Security by Ronald L. Krutz, Russell Dean Vines (August 24, 2001), John Wiley & Sons. ISBN: 0471413569
![Page 2: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/2.jpg)
Topics in Chapter 5
• Computer Organization
• Hardware Components
• Software/Firmware Components
• Open Systems
• Distributed Systems
• Protection Mechanism
• Evaluation Criteria
![Page 3: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/3.jpg)
Topics in Chapter 5
• Certification and Accreditation
• Formal Security Models
• Confidentiality Models
• Integrity Models
• Information Flow Models
![Page 4: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/4.jpg)
Computer Architecture
• CPU – ALU and Control Unit
• Memory – Cache, RAM, PLD, ROM, Real/Primary and
Secondary memory, Sequential and Random Access Memory, Virtual Memory
– Addressing: Register, Direct, Absolute, Implied, Indirect Addressing
– Memory Protection
![Page 5: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/5.jpg)
Instruction Execution Cycle
• Privileged Instructions
• Pipelining
• CISC versus RISC
• Multiprogramming
• Multitasking
• Multiprocessing
![Page 6: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/6.jpg)
Input/Output Structures
• Instruction Fetch-Decode-Execute Cycle
• Direct Memory Access
• Interruption
![Page 7: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/7.jpg)
Software
• 1GL - Machine language
• 2GL - Assembly language
• 3GL - High Level Programming language
• 4GL - NATURAL, FOCUS, SQL
• 5GL – Natural Language
![Page 8: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/8.jpg)
Distributed Architecture
• Client-Server Model
• Security Concerns– Email– Telnet, FTP– Encryption
![Page 9: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/9.jpg)
Distributed ArchitectureSecurity Concerns
• Desktop Systems may be at risk of being exposed, and as entry for critical information
• Users may lack security awareness• Modem and dial-up access to corporate
network• Download or Upload of critical information• Lack of proper backup or disaster recovery
![Page 10: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/10.jpg)
For Protection Mechanisms
• Email and download/upload policies
• Robust access control and biometrics
• Graphical user interface mechanism
• File encryption
• Separation of privileged process and others
• Protection domain, disks, systems, laptops
• Labeling and classification
![Page 11: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/11.jpg)
For Protection Mechanisms
• Centralized backup for desktop systems
• Security awareness and regular training
• Control of software on desktop systems
• Encryption
• Logging of transaction and transmission
• Appropriate access controls
• Protection of applications and database
![Page 12: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/12.jpg)
For Protection Mechanisms
• Security Formal methods in Software Development, Change Control, Configuration Management, and Environmental Change
• Disaster Recovery and Business Continuity Planning, for all systems including desktop, file system and storages, database and applications, data and information
![Page 13: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/13.jpg)
Protected Mechanisms
• Trusted Computing Base (TCB)
• Security Perimeter
• Trusted Path
• Trusted Computer System
• Abstraction, Encapsulation, and Information Hiding
![Page 14: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/14.jpg)
Rings
• Protection Rings
• Security Kernel
• Reference Model
• MULTICS
![Page 15: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/15.jpg)
Security Modes
• Dedicated
• Compartmented
• Controlled
• Limited Access
![Page 16: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/16.jpg)
Additional Considerations
• Covert Channel
• Lack of Parameter Checking
• Maintenance Hook and Trapdoor
• Time of Check to Time of Use (TOC/TOU) Attack
![Page 17: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/17.jpg)
Assurance
• Evaluation Criteria– TCSEC by NCSC
Trusted Computer System Evaluation Criteria
– Classes of Security• D – Minimal protection• C – Discretionary protection (C1 and C2)• B – Mandatory protection (B1, B2, B3)• A – Verified protection; formal methods (A1)
– ITSEC
![Page 18: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/18.jpg)
Certification and Accreditation
• Certification– The comprehensive evaluation of the technical
and non-technical security features of an information system and the other safeguards, which are created in support of the accreditation process, to establish the extent in which a particular design and implementation meets the set of specified security
![Page 19: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/19.jpg)
Certification and Accreditation
• Accreditation– A formal declaration by a Designated
Approving Authority (DAA) where an information system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk
![Page 20: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/20.jpg)
Certification and Accreditation
• DITSCAP– Defense Information Technology Security
Certification and Accreditation Process– Phase 1 Definition– Phase 2 Verification– Phase 3 Validation– Phase 4 Post Accreditation
![Page 21: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/21.jpg)
• NIACAP– National Information Technology Security
Certification and Accreditation Process– Site Accreditation– Type Accreditation for Application or System– System Accreditation for major application or
general support system
![Page 22: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/22.jpg)
Information Security Models• Access Control Models
– The Access Matrix– Take-Grant Model– Bell-LaPadula Model
• Integrity Models– The Biba Integrity Model– The Clark-Wilson Integrity Model
• Information Flow Models– Non-interference Model– Composition Theories
![Page 23: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/23.jpg)
Bell-LaPadula Model
• DoD, Multilevel security policy– Individual’s Need-to-Know Basis– Security-labeled Materials and – Clearance of Confidential, Secret, or Top Secret– Thus dealing only with confidentiality of
classified material, but not with integrity or availability
– Input, State, Function and State Transition
![Page 24: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/24.jpg)
Bell-LaPadula Model
1. The Simple Security Property
(ss Property).
States that reading of information by a subject at a lower sensitivity level from an object at a higher level is not permitted (No Read Up)
![Page 25: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/25.jpg)
Bell-LaPadula Model
2. The * (star) Security Property
States that writing of information by a subject at a higher level of sensitive to an object at a lower level of sensitivity is not permitted.
(No Write Down)
![Page 26: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/26.jpg)
Bell-LaPadula Model
3. The Discretionary Security Property
Uses an access matrix to specify discretionary access control
But Write-Up, Read-Down are OK.
• Authorization
• Control– Content-Dependent, Context-Dependent
![Page 27: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/27.jpg)
Integrity Model
• Goals1. The data is protected from modification by
unauthorized users2. The data is protected from unauthorized
modification by authorized users3. The data is internally and externally
consistent – the data held in a database must balance internally and must correspond to the external, real-world situation.
![Page 28: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/28.jpg)
Biba Integrity Model
• In 1977, lattice-based model
• Using “less than” or “equal to” relationship
• least upper bound (LUB) and greatest lower bound (GLB)
• The Lattice as a set of integrity classes (IC) and an ordered relationship among classes
• A Lattice as (IC, <=, LUB, GUB)
![Page 29: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/29.jpg)
Biba Integrity Model
1. The Simple Integrity Axiom
States that a subject at one level of integrity is not permitted to observe (read) an object of a lower integrity
No Read Down
![Page 30: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/30.jpg)
Biba Integrity Model
2. The * (Star) Integrity Axiom,
States that an object at one level of integrity is not permitted to modify (write to) an object of a higher level of integrity.
No Write Up
![Page 31: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/31.jpg)
Biba Integrity Model
3. A subject at one level of integrity cannot invoke a subject at a higher level of integrity
![Page 32: cissp chapter 05.ppt](https://reader036.vdocuments.us/reader036/viewer/2022081419/55420190550346bb2f8b45bf/html5/thumbnails/32.jpg)
Clark-Wilson Integrity Model
• Clark-Wilson, 1987• Constrained Data Item (CDI)
– A Data item whose integrity is to be preserved
• Integrity Verification Procedure (IVP)– Confirms that all CDIs through a well-formed
transaction, which transforms a CDI from one valid integrity state to another valid integrity state
• Unconstrained Data Item (UDI)– Data items outside of the control area of the modeled
environment such as input information