Chapter 8 Flashcards
Transitive trust
If A trusts B, B trusts C, A inherits trust in C
- Serious security concern
CISSP secure design principles
- Defense in depth
- Zero trust
- Secure defaults
- Fail securely
- Keep it simple
- Privacy by design
- Trust but verify (no longer sufficient - need 0-trust)
- Least privilege
- Separation of duties
- Threat modeling
- Shared responsibility
Privacy by Design
7 Principles:
- Proactive not reactive, preventive not remedial
- Privacy as default
- Privacy embedded into design
- Full functionality; positve sum not zero sum
- End to end security
- Visibility and transparency
- Respect for user privacy
SASE (Secure Access Service Edge)
- identity-centric as opposed to perimeter-based security model
- cloud-native architecture
- zero-trust network access
- leverages edge computing
Techniques for ensuring CIA
Confinement - sandboxing; only rd/wr to certain memory locations and resources
Bounds - e.g. limit area of memory for process to access; resources that can be accessed, etc.
Isolation - processes cannot interfere with each other; enforcement of bounds
Access controls
Trusted system
System that is able to handle sensitive data securely and is stable and secure env
Assurance
How well security mechanisms satisfy security requirements/needs
Trusted Computing Base (TCB)
- only portion of the system that is trusted and adheres to security policy
- security perimeter around TCB; communicate via trusted paths through the security perimeter; may allow use of trusted shell
- reference monitor controls access to TCB; security kernel is reference monitor; security kernel is part of TCB
Access Control Matrix
- Rows: subjects
- Cols: objects
- Each cell is an ACL
- Entire row is a capabilities list for each subject
Types of data security model
State machine model - secure state transition to another secure state based on input
Information flow model - focus on flow of info; control direction or type of info
Non-interference model - activity at lower level cannot interfere with higher level
Take-Grant Model
- directed graph of take/grant/rights of subjects over objects
4 rules:
1. Take rule - subj take (inherit) rights over obj from another subj
2. Grant rule - subj grant rights over obj to another subj
3. Create rule
4. Remove rule
Bell-LaPadula
- State machine, information flow
- Mandatory and lattice based access control
- Confidentiality
Rules:
1. Simple security property - no read up
2. Star security property - no write down
3. Discretionary security property - discretionary access control via access matrix
Biba model
- State machine, informational flow
- Integrity
Rules:
1. Simple integrity property - no read down
2. Star integrity property - no write up
3. Invocation property - cannot send access requests to higher level
Clark Wilson Model
- Uses access control triplet (subj/trans/obj)
- Restricted interface model
- No direct access to objects
- Integrity
CDI - constrained data item
UDI - unconstrained data item
IVP - integrity verification process
TP - transformation process
Brewer Nash
Focus on Conflicts of Interest; access changes based on previous activity
Goguen-Meseguer
Based on non-interference model
Graham-Denning
Focus on secure creation/deletion subjects and objects
Common Criteria
- Target of Evaluation (TOE) - the product
- Protection Profiles (PP) - what customer wants
- Security Targets (ST) - what vendor will provide
7 EAL’s (Evaluation Assurance Levels):
EAL 1 - Functionally tested
EAL 2 - Structurally tested
EAL 3 - Methodically tested and checked
EAL 4 - Methodically designed, tested and reviewed
EAL 5 - Semi-formally designed and tested
EAL 6 - Semi-formally verified, designed and tested
EAL 7 - Formally verified, designed and tested
Authorization to Operate (ATO)
- issued by AO (Authorizing Official)
- ATO is 5 years then renewed; or if breach or there is change
CCA - common control authorization; inherited from another provider
ATU - auth to use; in case of service provider
Information system life cycle
- Stakeholders’ Needs and Requirements
- Requirements Analysis
- Architectural Design
- Development / Implementation
- Integration
- Verification and Validation
- Transition/Deployment
- Operations and Maintenance/Sustainment
Retirement/Disposal
