CISSP (Domain 6 - Security Architecture and Design) Flashcards
State Machine Formal Security Model
TR/DU
- Trusted recovery
- Goes down and backup, no time security controls can be bypassed
Multi-level Lattice Formal Security Model
RPC/SO
Compares roles, their permissions, and clearance levels with the sensitivity level of the object to determine access level
Non-Interference Formal Security Model
Users are separated into different security domains
Information Flow Formal Security Model
Looks at the information flows in a state machine
Bell-LaPadula Security Model
pc/nru-nwd/int/exe/class/secmod
- Protects confidentiality
- *No read up, No write down
- Dealing with internal threat
- Any executed activity will always result in a secure state
- Classification of subject does not change while referenced
- Information flow security model
Biba Security Model
pi/nrd-nwu/ext/cant/hier/so
- Protects integrity
- *No read down, No write up
- Dealing with external threat
- Cant depend on less trusted object
- Based on hierarchical lattice of integrity levels
- Subjects and objects
Clark-Wilson Security Model
pi/wft-sod/spo/part/prog
- Protects integrity
- Requires a well-formed transaction and SoD
- Subject->Program->Object
- Partitions objects unlike Biba/Bell
Subject must go through a program to access and modify data
Clark-Wilson 3 Integrity Goals
um/aim/mc/db
- Prevent unauthorized users from making modifications
- Prevent authorized users from making improper modifications
- Maintains internal and external consistency
*DB’s
4 Rules to Follow When Implementing Clark-Wilson Security Model
(prop/subp/objp/rec)
- All users need to be properly ID’d and AuthN
- Subjects can only access certain programs
- Objects can only be accessed by certain programs
- Record each transaction
Brewer and Nash Security Model (Chinese Wall)
prev/a!b/fraud
- Prevents conflict of interest
- Company A cant see Company B’s data
- Tries to ensure that users do not make fraudulent modifications to objects
Graham-Denning Security Model
soc/srp/oom
- How subjects and objects are created
- How subjects are assigned rights or privileges
- How ownership of objects is managed.
8 Primitive Protection Rights (Graham-Denning)
co/cs/do/ds/rar/gar/dar/tar
- Create Object
- Create Subject
- Delete Object
- Delete Subject
- Read Access Right
- Grant Access Right
- Delete Access Right
- Transfer Access Right
4 Rules to the Take Grant Security Model (Like Graham-Denning)
(sco/sdo/gao/rao)
- Subject can create objects
- Subject can delete objects
- Grant access to owned object
- Remove access to owned object
Harrison Ruzzo Ullman Security Model (Like Graham-Denning)
More granular controls for subjects to access objects
ISO/SEC 15408 Common Criteria
Helps reduce complexity of the ratings and eliminating the need to understand the definition and meaning of different ratings
4 Components of ISO/SEC 15408 Common Criteria
PP/TE/ST/P
- Protection Profile: Description of needed security solution (all systems should be protected by sec software)
- Target Evaluation: Product proposed to provide needed security solution
- Security Target: Written by vendor explaining security functionality and assurance
- Packages - Evaluation Assurance Levels (EAL): Security requirements bundled into packages for re-use
Security Product Evaluation Ratings (1-7)
ft/st/mtc/mdtr/sfdt/sfvdt/fvdt
- *EAL 1: Functionally tested (Works when on)
- EAL 2: Structurally tested
- EAL 3: Methodically tested and checked
- EAL 4: Methodically designed, tested, and reviewed
- EAL 5: Semi-formally designed and tested
- EAL 6: Semi-formally verified, designed, and tested
- *EAL 7: Formally verified, designed, and tested (Very Specific)
Certification
Works in “my” environment
Accreditation
Validation in production
Supervisor CPU State
km/ring/prog/both
- Kernel/Protected/Privileged Mode
- Ring 0
- Program can access entire system
- Both privileged and non-privileged instructions
Problem CPU State
um/ring/non/app
- User/Program Mode
- Ring 3
- Only non-privileged instructions are executed
- Intended for application programs
Multi-threading
Tasks don’t interfere with each other
Multi-tasking
Simultaneous execution of two or more programs
Multi-programming
Interleaved execution of two or more program by one CPU
Reference Monitor
Abstract machine that controls the access subjects have to objects
Security Kernel
Components in system that enforce the rules of the reference monitor(hardware, firmware, and software)
*Admin of reference monitor
3 Security Requires of Security Kernel
IAM
- Isolated: Protected from unauthorized access
- Active: Active all the time
- Monitor: Evaluate reference monitor to make sure its working properly
Multi-processing
More than one CPU and they can process the request in parallel.
Trusted Computing Base (TCB)
Total combination of protection mechanisms within a computer system.
Address the level of trust in a system, not a level of security
Security Perimeter of TCB
The buffer between TCB and non-TCB objects
Covert Channels
Sending information in an unauthorized manner using a medium in an unintended way
- Data going over HTTP but its not web traffic
Timing Covert Channel
A process relays information to another by modulating its use of system resources
Storage Covert Channel
A process writes data to a storage location, and another process of lower clearance reads it.
5 Threats to Software and Systems
B/TA/BO/I/A
- Backdoors
- Timing Attacks
- Buffer Overflows
- Inference
- Aggregation
Back Doors
- Accessing a system by bypassing access controls
- Attacker has access at any time
*Maintenance Hook
Timing Attacks
- Take advantage of the time between events in a sequence
- Time of Check/Time of Use & Race Conditions
Time of Check/Time of Use (TOC/TOU)
Attack takes place after the system checks a specific file of the system before the system actually uses that file
Race Conditions
Two processes race to carry out conflicting actions at the same time. Attacker must slow/speed up one process to get to work
Data Validation
Process of reviewing data against a per-established set of criteria
Code Injection
Input must be validated for range/type/length (SQL Injection)
Buffer Overflow
If an application does not verify the amount of information being input, the data can overwrite other memory segments (Execute in privilege mode)
Inference
Act or process of deriving logical conclusions from premises known or assumed to be true (Finding Apache version)
Aggregation
A massive together or clustering of independent but similar units, such as data elements (Multiple data items together DOB & First and Last)
Countermeasure Principals - Defense in Depth (3 Things)
PTO
- People
- Technology
- Operations
Defense in Depth - People
Achieving information assurance beings with a senior level management commitment (typically at the CIO level)
Defense in Depth - Technology
Wide range of technologies available for providing information assurance services and for detecting intrusions
Defense in Depth - Operations
Focuses on all the activities required to sustain an organizations security posture on a day to day basis
