CISSP (Domain 6 - Security Architecture and Design) Flashcards
State Machine Formal Security Model
TR/DU
- Trusted recovery
- Goes down and backup, no time security controls can be bypassed
Multi-level Lattice Formal Security Model
RPC/SO
Compares roles, their permissions, and clearance levels with the sensitivity level of the object to determine access level
Non-Interference Formal Security Model
Users are separated into different security domains
Information Flow Formal Security Model
Looks at the information flows in a state machine
Bell-LaPadula Security Model
pc/nru-nwd/int/exe/class/secmod
- Protects confidentiality
- *No read up, No write down
- Dealing with internal threat
- Any executed activity will always result in a secure state
- Classification of subject does not change while referenced
- Information flow security model
Biba Security Model
pi/nrd-nwu/ext/cant/hier/so
- Protects integrity
- *No read down, No write up
- Dealing with external threat
- Cant depend on less trusted object
- Based on hierarchical lattice of integrity levels
- Subjects and objects
Clark-Wilson Security Model
pi/wft-sod/spo/part/prog
- Protects integrity
- Requires a well-formed transaction and SoD
- Subject->Program->Object
- Partitions objects unlike Biba/Bell
Subject must go through a program to access and modify data
Clark-Wilson 3 Integrity Goals
um/aim/mc/db
- Prevent unauthorized users from making modifications
- Prevent authorized users from making improper modifications
- Maintains internal and external consistency
*DB’s
4 Rules to Follow When Implementing Clark-Wilson Security Model
(prop/subp/objp/rec)
- All users need to be properly ID’d and AuthN
- Subjects can only access certain programs
- Objects can only be accessed by certain programs
- Record each transaction
Brewer and Nash Security Model (Chinese Wall)
prev/a!b/fraud
- Prevents conflict of interest
- Company A cant see Company B’s data
- Tries to ensure that users do not make fraudulent modifications to objects
Graham-Denning Security Model
soc/srp/oom
- How subjects and objects are created
- How subjects are assigned rights or privileges
- How ownership of objects is managed.
8 Primitive Protection Rights (Graham-Denning)
co/cs/do/ds/rar/gar/dar/tar
- Create Object
- Create Subject
- Delete Object
- Delete Subject
- Read Access Right
- Grant Access Right
- Delete Access Right
- Transfer Access Right
4 Rules to the Take Grant Security Model (Like Graham-Denning)
(sco/sdo/gao/rao)
- Subject can create objects
- Subject can delete objects
- Grant access to owned object
- Remove access to owned object
Harrison Ruzzo Ullman Security Model (Like Graham-Denning)
More granular controls for subjects to access objects
ISO/SEC 15408 Common Criteria
Helps reduce complexity of the ratings and eliminating the need to understand the definition and meaning of different ratings
4 Components of ISO/SEC 15408 Common Criteria
PP/TE/ST/P
- Protection Profile: Description of needed security solution (all systems should be protected by sec software)
- Target Evaluation: Product proposed to provide needed security solution
- Security Target: Written by vendor explaining security functionality and assurance
- Packages - Evaluation Assurance Levels (EAL): Security requirements bundled into packages for re-use
Security Product Evaluation Ratings (1-7)
ft/st/mtc/mdtr/sfdt/sfvdt/fvdt
- *EAL 1: Functionally tested (Works when on)
- EAL 2: Structurally tested
- EAL 3: Methodically tested and checked
- EAL 4: Methodically designed, tested, and reviewed
- EAL 5: Semi-formally designed and tested
- EAL 6: Semi-formally verified, designed, and tested
- *EAL 7: Formally verified, designed, and tested (Very Specific)
Certification
Works in “my” environment
Accreditation
Validation in production
Supervisor CPU State
km/ring/prog/both
- Kernel/Protected/Privileged Mode
- Ring 0
- Program can access entire system
- Both privileged and non-privileged instructions
Problem CPU State
um/ring/non/app
- User/Program Mode
- Ring 3
- Only non-privileged instructions are executed
- Intended for application programs
Multi-threading
Tasks don’t interfere with each other
Multi-tasking
Simultaneous execution of two or more programs
Multi-programming
Interleaved execution of two or more program by one CPU
