Chapter 3 - CISSP Flashcards
State Machine Model
Evaluates all systems of a state showing all possible interactions between a user and the objects. If every state is secure, the system is secure.
Bell-LaPadula Model
Maintain CONFIDENTIALITY
Simple Security Property = No Read Up
+Star Security Property = No Write Down
Keeps things secure by not letting pion see more than he’s allowed and a boss not to tell peons anything.
Lattice-Based Access Control
Defines a Least Upper Bound (LUB) and Greatest Lower Bound (GLB) access. Creates distinct level of access.
Biba Model
Maintain INTEGRITY
Simple Integrity Axiom = No Read Down
*Integrity Axiom = No Write Up
Keeps information integrity so that a higher classification doesn’t read low level bullshit and think it’s real. Doesn’t let an amateur write up to a top secret holder.
Clark Wilson
Means because the computer is restricted to certain actions, you are also restricted. - Limits abilities of subject Two Concepts: 1) Well Formed Transactions 2) Separation of Duties
Clark Wilson: Well Formed Transactions
Compromised of the “Access Triple Control.”
- Transformation Procedure (TP) - A well formed transaction
- Constrained Data Item (CDI) - Data that requires integrity
- Unconstrained Data Items (UDI) - Data that does not require integrity
For each TP - an audit is kept. Provides both detective and recovery controls.
Clark Wilson: Separation of Duties
Means within this system, two people are necessary to do two duties, like AP/AR. Both can’t be doing it.
Clark Wilson: General
Users must be authorized.
All transactions must be reconstructible.
Must meet the requirements of separation of duties.
Chinese Wall (aka Brewer Nash)
Consultants must disclose Conflict of Interest (COI) categories so that if they work for another company they can’t access sensitive information in direct conflict with each company.
Noninterference Model
Means that data can’t cross over from different security levels can’t cross over to the other security domains. It’s impossible!
Take-Grant Model
Complex rules that govern interaction between subjects, objects and permissions.
Rules Include: Take, Grant, Create and Remove.
Subjects and objects represented on a graph.
Access Control Matrix
Table that describes users and their access rights to items.
Somedumbfile1.txt Somedumbfile2.txt
Daniel Read Read/Write
Kye None Write
Jack Read/Write Read
Zachman Framework for Enterprise Architecture
Provides six frameworks for providing information security, asking what, how, where, where, when and why and mapping those frameworks across rules including planner, owner, designer, builder, programmer and user. These frameworks and roles are mapped to a matrix (table)
Graham Denning Model
The Graham-Denning Model has three parts: objects, subjects and rules. It provides a more granular approach for interaction between subjects and objects. There are eight rules.
R1: Transfer Access R2: Grant Access R3: Delete Access R4: Read Object R5: Create Object R6: Destroy Object R7: Create Subject R8: Destroy Subject
Harrison-Ruzz-Ullman-Model
The HRU model maps subjects and objects and access rights to an access matrix. It is considered a variation to the Graham Denning Model. It has six primitive operations and considers subjects to be objects.
Create Object Create Subject Destroy Subject Destroy Object Enter right into access matrix Delete right from access matrix
Modes of Operation
Classifying a system based on what type of security classification the files on it are.
There are four:
Dedicated - All items are the same security level. You must have that access or higher to get one. eg. All files are “Secret” and you have “Top Secret” access - Bingo you are in. Or, you have “Secret” access. Bingo you are in.
- Note: You need Formal Access Approval, and Need to Know for all files on the system.
System High - Various types of file security levels but you need to have the same or higher to access.
Compartmentalized - Various files of security levels and you have to have specific access to each file.
Multi Level - Research this one
The Orange Book
Part of NIST (National Institute of Standards and Technology) with help from NSA:
- Trusted Computer System Evaluation Criteria (TSEC) aka The Orange Book
- First attempt to define differing security levels and access control implementations within an IT system.
- No longer used but as a reference.
The Orange Book: Classes
From Worst to Best . . .
D. Minimal Protection (does not meet requirements)
C. Discretionary Protection (Linux/Windows, etc)
B. Mandatory Protection (Top secret, secret etc)
A. Verified Protection
The Red Book
Brings Orange Book concepts to networks.
The Orange Book: Classes In Detail
Level
Items to Remember
A1
Built, installed, and delivered in a secure manner
B1
Security labels (MAC)
B2
Security labels and verification of no covert channels (MAC
B3
Security labels, verification of no covert channels, and must stay secure during startup (MAC)
C1
Weak protection mechanisms (DAC
C2
Strict login procedures (DAC)
D1
Failed or was not tested
The Orange Book: Classes In Detail
A1 Built, installed, and delivered in a secure manner
B1 Security labels (MAC)
B2 Security labels and verification of no covert channels (MAC
B3 Security labels, verification of no covert channels, and must stay secure during startup (MAC)
C1 Weak protection mechanisms (DAC
C2 Strict login procedures (DAC)
D1 Failed or was not tested
European Information Technology Security Evaluation Criteria (ITSEC)
European Information Technology Security Evaluation Criteria (ITSEC). It refers to the TCSEC Orange book levels separating functionality from assurance. There are two types of assuranceL effectiveness (Q) and Correctness (E). Assurance ratings range from E0 (inadequate) to E6 (formal model of security policy); Functionality ratings range include TCSEC equivalent ratings (F-C1, F-C2 etc.). The equivalent ITSEC/TCSEC ratings are:
E0: D F-C1,E1: C1 F-C2,E2: C2 F-B1,E3: B1 F-B2,E4: B2 F-B3,E5: B3 F-B3,E6: A1
Additional functionality ratings include:
F-IN: High Integrity requirements
AV: High Availability requirements
DI: High Integrity requirements for networks
DC: High Confidentiality requirements for networks
DX: High Integrity and confidentiality requirements for networks
The International Common Criteria
An internationally agreed upon standard for describing and testing the security of IT products.
- For governments and private
Common Criteria Items
Target of Evaluation (ToE): What is being evaluated?
Security Target (ST): Documentation describing ToE and security requirements
Protection Profile (PP): Independent set of security requirements for a specific category of objects
Evaluation Assurance Level (EAL): the evaluation score of the tested product
EALs
EAL1: Functionality Tested
EAL2: Structurally Tested
EAL3: Methodically Testing and checked
EAL4: Methodically designed, tested and reviewed
EAL5: Semi-formally designed and tested
EAL6: Semi-formally verified, designed and tested
EAL7: Formally verified, designed and tested
Layering
Separates hardware and software functionality into four tiers. Means, doing something in one layer won’t effect the other layers.
Layering Tiers
1) Hardware
2) Kernel and Device Drivers
3) Operating System
4) Applications
Abstraction
Means the computer hides all the crazy stuff from the users. All the crazy computer stuff that happens when you say hit .mp3 is hidden. Manages complexity to make computer more secure.
Security Domains
A security domain is a list of objects a subject is allowed to access. Ex. Confidential, Secret and Top secret are security domains used by DoD. Ex. Modern OS – Kernel mode and user mode separates domains where users interactions in the user mode should not affect processes in the kernel mode.
Kernel Mode
Most trusted part of the OS: Allows low level access to the memory, CPU, Disk, etc.
- Most trusted and powerful part of the system.
Ring Model
The ring model is a form of CPU hardware layering that separates and protects domains (such as Kernel mode and user mode) from each other.
Rings of the Ring Model
Ring 0 : Kernel
Ring 1: Other OS components that do not fit into Ring 0
Ring 2: Device Drivers
Ring 3: User Applications
Processes communicate between the rings via system calls, which allow processes to communicate with the kernel and provide a window between the rings.
While x86 CPUs have four rings – the usage is theoretical. Linux and Windows users rings 0 and 3 only opting for simplicity and speed. A new mode called hypervisor mode (informally called “ring -1” allows virtual guests to operate in ring 0 controlled by the hypervisor one ring below.
Open and Closed Systems
An “open” system uses hardware from various sources. like an IBC compatible PC. A “closed” system uses hardware from only proprietary sources, like a Mac.
The System Unit and Motherboard
The System Unit is the case that holds everything, the motherboard, disk drives, power supply.
The Motherboard contains CPU, memory slots, firmware, etc.
Computer BUS
Primary point of communication on a computer between the CPU and Memory Display, Keyboard, CD etc.
Northbridge and Southbridge
A computer that uses two BUSes.
Northbridge (faster): Connects the CPU to to RAM and video memory
Southbridge: Connects the Hard Disk, USB, CD to Northbridge
CPU
The central processing unit CPU is the brains of the computer, performs mathematical calculations, logical operations, accessing memory locations by address etc.
Arithmetic Logic and Control Unit
ALU performs mathematical calculations “it computes”. It is fed instructions by the control unit CU which acts as a traffic cop sending instructions to the ALU.
Fetch & Execute
Fetches machine language instructions and executes in four steps:
1) Fetch
2) Decode
3) Execute
4) Write
NB: These four steps take one clock cycle to complete
Pipelining
Pipelinig combines multiple steps into one combined process, allowing simultaneous fetch, decode, execute and write steps for different instructions increasing throughput.
Interrupt
An interrupt indicates that an asynchronous event has occurred. CPU interrupts are a form of hardware interrupt that cause the CPU to stop processing it’s current task, save the state and being processing a new request. When the new task is complete the CPU will complete the prior task.