CHAPTER 4_Security Architecture and Design Flashcards
Bullets: Stack
Memory segment used by processes to communicate instructions and data to each other.
Bullets: Packages—EALs
Functional and assurance requirements are bundled into packages for reuse. This component describes what must be met to achieve specific EAL ratings.
Bullets: The *-property rule
A subject cannot write to an object at a lower security level (no write down).
Bullets: Rationale
Justifies the profile and gives a more detailed description of the real-world problem to be solved. The environment, usage assumptions, and threats are illustrated along with guidance on the security policies that can be supported by products and systems that conform to this profile.
Bullets: Noninterference model
This formal multilevel security model states that commands and activities performed at one security level should not be seen by, or affect, subjects or objects at a different security level.
Bullets: Unconstrained data items (UDIs)
Can be manipulated by users via primitive read and write operations
Bullets: Transformation procedures (TPs)
Programmed abstract operations, such as read, write, and modify
Emphasis: Isn’t the Orange Book Dead?
Isn’t the Orange Book Dead?We have moved from the Orange Book to the Common Criteria in the industry, so a common question is, “Why do I have to study this Orange Book stuff?” The Orange Book was the first evaluation criteria and was used for 20 years. Many of the basic terms and concepts that have carried through originated in the Orange Book. And we still have several products with these ratings that eventually will go through the Common Criteria evaluation process.
Explanations: Clark-Wilson Model
The Clark-Wilson model was developed after Biba and takes some different approaches to protecting the integrity of information. This model uses the following elements:
Emphasis: Bell-LaPadula vs. Biba
Bell-LaPadula vs. BibaThe Bell-LaPadula model is used to provide confidentiality. The Biba model is used to provide integrity. The Bell-LaPadula and Biba models are informational flow models because they are most concerned about data flowing from one level to another. Bell-LaPadula uses security levels, and Biba uses integrity levels. It is important for CISSP test takers to know the rules of Biba and Bell-LaPadula. Their rules sound similar: simple and * rules—one writing one way and one reading another way. A tip for how to remember them is that if the word “simple” is used, the rule is talking about reading. If the rule uses * or “star,” it is talking about writing. So now you just need to remember the reading and writing directions per model.
Bullets: Monolithic
All operating system processes run in kernel mode.
Explanation Bullets: The following list shows the different types of functionalities and assurance items tested during an evaluation:
- Security functional requirements
- Identification and authentication
- Audit
- Resource utilization
- Trusted paths/channels
- User data protection
- Security management
- Product access
- Communications
- Privacy
- Protection of the product’s security functions
- Cryptographic support
- Security assurance requirements
- Guidance documents and manuals
- Configuration management
- Vulnerability assessment
- Delivery and operation
- Life-cycle support
- Assurance maintenance
- Development
- Testing
Explanations: Programmable I/O
If an operating system is using programmable I/O, this means the CPU sends data to an I/O device and polls the device to see if it is ready to accept more data. If the device is not ready to accept more data, the CPU wastes time by waiting for the device to become ready. For example, the CPU would send a byte of data (a character) to the printer and then ask the printer if it is ready for another byte. The CPU sends the text to be printed one byte at a time. This is a very slow way of working and wastes precious CPU time. So the smart people figured out a better way: interrupt-driven I/O.
Emphasis: Programmable read-only memory (PROM)
Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured. PROM can be programmed only one time because the voltage that is used to write bits into the memory cells actually burns out the fuses that connect the individual memory cells. The instructions are “burned into” PROM using a specialized PROM programmer device.
Bullets: Stakeholder
Individual, team, or organization (or classes thereof) with interests in, or concerns relative to, a system.
Explanations: Compartmented Security Mode
Our system has various classifications of data, and each individual has the clearance to access all of the data, but not necessarily the need to know.
Emphasis: Memory Protection Techniques
Memory Protection TechniquesSince your whole operating system and all your applications are loaded and run in memory, this is where the attackers can really do their damage. Vendors of different operating systems (Windows, Unix, Linux, Macintosh, etc.) have implemented various types of protection methods integrated into their memory manager processes. For example, Windows Vista was the first version of Windows to implement address space layout randomization (ASLR), which was first implemented in OpenBSD.
Explanation Bullets: The goals of memory management are to
- Provide an abstraction level for programmers
- Maximize performance with the limited amount of memory available
- Protect the operating system and applications loaded into memory
Bullets: Symmetric mode multiprocessing
When a computer has two or more CPUs and each CPU is being used in a load-balancing method.
Explanations: Random Access Memory
Random access memory (RAM) is a type of temporary storage facility where data and program instructions can temporarily be held and altered. It is used for read/write activities by the operating system and applications. It is described as volatile because if the computer’s power supply is terminated, then all information within this type of memory is lost.
Bullets: Labels
Access control labels must be associated properly with objects.
Emphasis: ISO/IEC 15408-2
ISO/IEC 15408-2 defines the security functional requirements that will be assessed during the evaluation. It contains a catalog of predefined security functional components that maps to most security needs. These requirements are organized in a hierarchical structure of classes, families, and components. It also provides guidance on the specification of customized security requirements if no predefined security functional component exists.
Emphasis: integrity
The Biba model was developed after the Bell-LaPadula model. It is a state machine model similar to the Bell-LaPadula model. Biba addresses the integrity of data within applications. The Bell-LaPadula model uses a lattice of security levels (top secret, secret, sensitive, and so on). These security levels were developed mainly to ensure that sensitive data were only available to authorized individuals. The Biba model is not concerned with security levels and confidentiality, so it does not base access decisions upon this type of lattice. Instead, the Biba model uses a lattice of integrity levels.
Bullets: Trusted computing base
A collection of all the hardware, software, and firmware components within a system that provide security and enforce the system’s security policy.