Chapter 5: Security Architecture and Design Flashcards
Trusted Computing Base (TCB)
The totality of protection mechanisms pertaining to a computer system, including hardware, firmware, and software; enforces a unified security policy
Subject:
User or device
Object:
resource, data, etc
Reference monitor is…
a software model or abstract machine that mediates all accesses
Reference monitor should be…
Complete, for all accesses
Isolated from modification by other systems
Verifiable in doing what it’s supposed to and without outside interference
Security Kernel
a reference monitor for a specific hardware base
Mandatory Access Control (MAC)
For environments where there is no single information owner. Awards access to objects based on labels and clearance levels. Reference monitor is the decision maker.
Rings of Trust
Model depicting the shrinking rings of individuals with need to know/proper clearance to access more secret or secure objects. Model can be used at the hardware level, such as in the case of a CPU kernel mediating data access
Rules for Rings of Trust within network
Each rings trusts all rings closer to center than it
No host trusts any host in a further out ring
Segments in same ring are not automatically trusts though are “allowed” to depending on function
Primary Storage
The memory storage allotted to the CPU for active work; volatile and info disappears when power is lost
Secondary Storage
Nonvolatile storage that can store application or system code when system is not in use. Flash drives, USB sticks, tapes, etc
Real memory
Storage location for a program in memory and direct access to peripheral device
Virtual memory
Extends volume of primary memory storage; swapped in and out of primary when processing power is needed
Random memory
Computer’s primary working and storage area; directly addressable by CPU and can store application or system code as well as data
Sequential memory
Memory such as a magnetic tape
Volatile memory
Any memory that loses all info upon power loss
Closed system
Proprietary and limited in nature and options
Open system
Guided by standards that allow new or nicer components to react inside the system under operational safeguards; allows user access to basically whole system
Finite State machine
Machine “remembers” certain states that it can move between
TCSEC
Prioritizes confidentiality, utilizes TCB of hardware and software; breaks down recommendations/requirements/TCB by divisions A, B, C, D
TCSEC: Division D, Minimal Protection
Minimal protection: unrated, untested, or insufficient systems
TCSEC: Division C, Discretionary Protection
Information owners get to dictate who gets to access the material
TCSEC: Division C, C1
Discretionary Security Protection; for workgroups, etc. Prevents accidental reading or writing outside the discretioned group, but controlled by the people inside that group, not an outside entity
TCSEC: Division C, C2
Controlled access protection; more thorough, requires individual logons and user logging to enforce accountability for access and changes, and has resource segmentation
TCSEC: Division B: Mandatory Protection
TCB enforces a label system (such as classification markings). Requires reference monitor architecture
TCSEC: Division B: B1
Labeled Security Protection; more informal policies, still contains labels, subjects and object in its operational make up. May not encompass every component of the system
TCSEC: Division B: B2
Structured Protection: TCB is clearly defined and operates according to strict formal policy, and the entire system must operate according to those policies. Tested to ensure there are no unintended communications in the system
TCSEC: Division B: B3
Security Domains: reference monitor MUST mediate all accesses of subjects to objects, resist tampering, be small enough to be testable and analyzed completely.
TCSEC: Division A: Verified Design
Formal security verification methods to ensure processes are working correctly; requires extensive documentation to demonstrate proper process has been followed since the beginning to ensure the system is as resistant as possible
TCSEC: Division A: A1
Architecture remains the same, but the assurances during planning and designing are more exhausting.
Trusted Network Interpretation (TNI)
Takes the principles of TCSEC and renders it into networked environments
Information Technology Security Evaluation Criteria (ITSEC)
European counterpart to TCSEC. Similar, but contains additional components such as system profiles and assurance and functionality classes
Common Criteria
Unified security standard that brought all of the various expectations and requirements together and provided for international cross compatibility; became ISO International Standard 15408
Bell Lapadula Model
Basis of TCSEC; it’s a formal policy that describes a set of access controls. This is the model that mediates access to classified material via matching clearance and classification. A confidentiality model that preserves principle of least privilege and defines access paths
Biba Model
Integrity model that prevents users from making unallowed changes to data. Utilizes “read up-write down” to prevent lower quality or less controlled data from contaminating more secure data
Target of Evaluation (TOE)
The device or system to be reviewed for CC certification.
Protection Profile (PP)
Template used to define a standard set of security requirements for a particular class of related products. A protection profile serves as a reusable template of security requirements. Depending on the Target of Evaluation, multiple profiles may be used at once.
Security Target (ST)
Explicitly stated set of requirements specific to the capabilities of the product under evaluation.
Security Functional Requirements (SFRs)
Security requirements that refer to unique security functions provided by a product.
Evaluation Assurance Levels (EAL)
Used to define the way the product is tested and how thoroughly. These levels are scaled from 1 to 7, with 7 being the highest level and 1 the lowest. A higher number does not necessarily mean that the product went through more rigorous testing.