CISSP Security Architecture and Design - Domain 6 Flashcards
Q
A
Security Definitions - Framework
A defined approach to the process used to achieve the goals of an architecture, based on policy, and reflecting the requirements and expectations the various stakeholders.
Security Definitions - Blueprint
The functional definition for the integration and development of technology infrastructure into the business process.
ISO/IEC 27001
- General reuirements of the ISMS 2. Managment responsibility 3 Internal ISMS audits 4. Managment review of the ISMS 5. ISMS improvement
ISO/IEC 27002
- Security policy 2. Organization and Information Security 3. Asset management 4 Human Resources Security 5. Physical and Environmental Security 6. Communications and Operations management 7. Access control 8. IS Acquisitions, development and maintenance 9 IS Incident management 10. Business continuity Management 11. Compliance
Control Objects for Information and related technology - COBIT
An IT management framework.
Dedicated Security Mode
- Cannot separate compartments or categories. 2. All users have need to know access to all data.
Compartmented Security Mode
When all users have the clearance to access all the information processed by the system, but might not have the need to know.
Lattice based Access Control
- Every pair of elements (subject and object) has a partially ordered set with a greatest lower bound and least upper bound of access rights. 2. Bounds can be confidentiality levels (classifications and clearances) or integrity levels.
Non-Interference Model for Access Control
- Based on a theory where th users are separated into different domains. 2. Uses a state machine approach that keeps track of which actions are allowed for which users. 3. Users’ actions in one domain cannot affect or interfere with users in other domains. 4. A subject cannot be influenced by the behavior of other subjects at higher security levels.
Information Flow model - Access Control
- Each input induces a state transition and a specific output. 2. Restricts information from flowing in ways that would go against the security policy.
Bell-LaPadula Security Model (Confidentiality)
- Formal state transition model that divides entities into subjects and objects. 2. The model outlines how to keep a secure state in every transaction by only allowing subjects certain access rights. 3. The clearance of the subject attempting to access an object is compared with that objects classification. 4 The clearance/classification scheme is expressed in terms of a lattice.
Biba Security Model - Integrity (read up write down)
- No subject can depend on a less trusted object 2. Based on a hierarchical lattice of integrity levels
Biba Security Model - Rules (read up write down)
- Subject cannot write data to an object at a higher integrity level 2. Subject cannot read data from an object at a lower integrity level.
Clark-Wilson Security Model (Integrity)
- Well formed transactions: constraints on user to ensure the internal consistency of data is not affected 2. Seperation of duties: ensures the consistency of data 3. This model patrons objects into programs and data. 4. Access Triple: subject must go through a program to access and modify data.
Clark-Wilson Security Model - 3 Integrity Goals
- Prevents unathorized users from making modifications 2. Prevents authorized users from making improper modifications 3 maintains internal and external consistency
Brewer and Nash Security Model (Chinese Wall)
- Mathmatical theory used to implement dynamically changing access permissions 2. Defines a wall and develops a set of rules that ensure that no subject accesses objects on the other side of the wall 3 Individuals are only allowed to access data that is not in conflict with data they accessed previously 4. Way of separating competitors data within same dbase. 5. Tries to ensure that usr do not make fraudulent modifications to objects.
Graham-Denning Security Model
Primary concerened with how subjects and objects are created, how subjects are assigned rights and privileges and how ownership of objects is managed. Think MS permissions.
Evaluation of Security Products
- Helps vendors develop a product to meet the markets demand 2. Third party verifying the security mechanisms and acclaimed protection in products 3. Provide a common metric to understand and talk about protection provided in products. 4 A “grading” system
Security Product evaluations
Degree of independence of the eval team is crucial 2. Evaluation criteria needs to reflect security features 3. Accreditation is environment and system specific 4. Balance of risk and benefits
Security evaluations - Evaluation standards
- Trusted Computer System Evaluation Criteria (TCSEC) 2. Information Technology Security Evaluation (ITSEC) 3. ISO.IEC 15408 Common Criteria
TCSEC
- Devloped by National Computer Security Center for DOD 2. Based on the Bell-LaPadula model 3. Rainbow series
Rainbow Series (TCSEC)
- Orange book rated operations systems - standalone 2. Red book - Trusted Network Interpretation of the TCSEC
TCSEC Breadkdowns
- Addresses confidentiality only 2. Functionality and assurance of the security mechanisms are not evaluated separately but combined and rated as a whole system 3. Grded classification of systems that is divided into hierarchal divisions of security levels: A greater than B to B3 (MAC) which is greater than C (DAC) which greater than D which is minimal protection. Each higher level is inclusive of all the levels below.
TCSEC Levels C1- Discretionary Security Protection
- Seperation of users and data 2. Cooperating users processing data at the same sensitivity
TCSEC Levels C2 - Controlled Access Protection
- Object reuse 2. Protect Audit trail
TCSEC Levels B1 - Labeled security protection
- Labels and MAC 2. Process isolation in system architecture 3. Design Specifications and verification 4. Device Labels
TCSEC Levels B2 - Structured Protection
- Device Labeland subject sensitivity labels 2. Trusted path 3. Seperation of Operator and administrator functions 4. Covert channel analysis
TCSEC Level B3 - Security Domains
- Security Administrator role defined 2. Trusted recovery 3. Monitor events and notify security personnel
TCSEC Level A1 - Verified Design
Formal Methods
ITSEC
- DEvelop in Europe to establish one standard for evaluating the security of systems 2. Evaluates functionality and assurance separately 3. F1-F10 rates of functionality 4. E0-E6 rates for assurance - assurance is a measurement of correctness and a judgement of its effectiveness of security functionality and provides confidence
Common Criteria
- ISO/IEC 15408 2. Rainbow series was too rigid and did not take many things into account 3. ITSEC provided more flexibility, but added more complexity with its attempts 4. Made up from - TCSEC ITSEC Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) Federal Criteria
Common Criteria Components
- Protection profile - description of needed security solution 2. Target of Eval nation - product proposed to provide needed security solution 3. Security target - written by vendor explain security functionality and assurance mechanisms that meet the needed security solution 4 Packages - Evaluation Assurance Levels (EAL) security requirements are bundled into package for reuse and describes what must be met to achieve specific EAL ratings
EAL 1
Functionally Tested
EAL 2
Structurally Tested
EAL 3
Methodically tested and checked
EAL 4 - most often used
Methodically designed, tested and reviewed
EAL 5
Semi-formally designed and tested
EAL 6
Semi-formally verified designed and tested
EAL 7
Formally verified designed and tested
EAL numonic
FSMMDSSVF Fun Stress Method Medical Doctor Seems Somewhat Verifiably Foolish
Certification and Accreditation
- Certification is the technical evaluation 2. Accreditation is the formal acceptance by management of the residual risk.
C&A - Relationship to enterprise
- technical reference Model 2. Standards profile
C&A - Communication and Validation of security requirements
- Categorize 2. Control 3. Consistent
C&A - Consistent Taxonomy
1 Rules of behavior 2. System Controls 3. Risk Management
Certification Characteristics
- Formal process for testing systems against a set of security requirements 2. Normally performed by an independent reviewer instead of someone who was involved with building the system 3. Less formal security testing can be performed for lower-risk systems
Accreditation Characteristics
- the decision given by a senior agency official to authorize operation of an information system: a. in a particular security mode b. using a prescribed set of controls c. against a defined threat d. at an acceptable level of risk e. for a specific period of time 2. The official explicitly accepts the risk to agency assets based on the implementation of these security conditions.
C&A Phases - Initiation Phase
- Preparation 2. Notification and resource Identification 3. System Security Plan analysis Update and Acceptance
C&A Phases - Security Cerification Phase
- Security Control Assessment 2. Security Certification Documentation
C&A Phases - Security Accreditation Phase
- Security Accreditation Decision 2. Security Accreditation Documentation
C&A Phases - Continuous Monitoring Phase
- Configuration Mangment and Control 2. Security Control Monitoring 3. Status Reporting and Documentation
Trusted Computing Base
- Defined as the total combination of protection mechanisms within a computer system 2. Elements of the TCB enforce the security policy of the system and do not violate it (the hardware software and firmware that carry out the systems security policy)
Computer Components
- Processor 2. Memory 3 Storage 4. Buses 5. Networking components 6 OS (functionality and security of the system depends upon the interaction of these components
Central Processing Unit (CPU) - Control Unit
Manages Synchronization of data being processed
Central Processing Unit (CPU) - Arithmetic Logic Unit (ALU)
Performs mathmatical and logical functions on data
CPU States - Supervisor
- Kernel Protected Priviledged mode 2. Ring Zero (highest level) 3. Program can access entire system 4. Both privileged and non-privileged instructions
CPU States - Problem
- User/Program Mode 2. Ring three (lowest level of 4 rings) 3. inly non-privileged instructions are executed 4. intended for application programs
Computer Components - Storage - Primary
- Memory directly addressable by the CPU used to store an applications data for processing 2 distinguished from virtual memory
Computer Components - Storage - Secondary
- Slower access, non-volatile 2. Hard disk, tape, ZIP, optical, thumb drives
Computer Components - Storage - volatile memory
- Random Access Memory (RAM) 2. Loses data when powered off
Computer Components - Storage - nonvolatile storage
- Does not loose data when powered off 2. Read only memory (ROM, EPROM)
Computer Components - Storage - cache
- Part of RAM used for high-speed writing and reading activities 2. Cache logic attempts to predict what instructions will be most needed and stores those for overall increase in system performance
Computer Components - Storage - Virtual
- Secondary storage plus RAM, extends systems overall memory 2. Applications access through virtual address
Memory Mapping
Only trusted processes can access RAM directly; everything else must be mapped
Accessing Files - Sequential Storage
1 Media that holds data that must be searched from beginning to end instead of going directly to the are where requested data is held 2 Magnetic tape
Accessing Files - Direct or Random Access
- Files can be accessed in different sequences 2. Divide memory into tracks and sectors 3. Accessing memory
Process vs thread
- The context for a program 2. Has its own virtual memory space 3. A process can contain several threads of code 4. Thread is the basic entity that can be scheduled 5. Each thread has a kernel and user mode stack
Process States
- Stopped 2. Ready 3. Waiting 4 Running
System Functionality - Multithread
- The OS can process several lines of code simultaneously 2. Concurrent processing of several tasks inside same program
System Functionality - Multitask
Simultaneous execution of two or more programs
System Functionality - Multi-programming
- INterleaved execution of two or moreprograms by CPU 2. Running more than one application but not necessarily multithreading
System Functionality - Multi-processing
More than one CPU and they can process requests in parallel
System Functionality - Multicore
A processer composed of two or more independant cores
Processing Instructions
The type of programming language used determines the necessary steps of decoding and encoding before the instructions reach
System Self-protection - Memory segmentation
- Process isolation 2. security domains 3. virtual machines
System Self-protection - Layering and data hiding
- Levels of acces to resources 2. Protection rings
System Self-protection - Techniques
Protection techniques are performed by elements of the trusted computing base
Security Definitions - Subject
- Active entity that requests acces to an object or data within an object 2. Examples: user, process, machine instructions
Security Definitions - Object
- Passive entity that contains information 2. Examples: file, record, memory location
Security Definitions - Access
- Ability of subject to performa task 2. Flow of information between a subject and an object
Process Isolation - What and how
- preserves objects integrity and subjects adherence to access controls 2. prevents objets from interacting with each other and their resources 3. Actionsof one object should not affect the state of other objects
Process Isolation - Techniques
- Virtual mapping 2. Encapsualtion of objects 3. Naming distinctions 4 Time multiplexing (VENT)
System Protectin Mechanisms - Layering
Code operating at one layer can only communicate with other layers through interfaces
System Protectin Mechanisms - Data Hiding
Data in one layer cannot be accessed by code in a different layer
System Protectin Mechanisms - Abstraction
Regarding only required information- the big picture
Protection Rings
Ring ) OS Ring 3 Applications
Security Domain of a Process
All of the resources that a given process can access AKA protection domain
Virtual Machines (VM)
- An operating system provides an application with a working environment 2. Virtual machines mimic the architecture of the actual system 3 On multilevel systems, they can run at different security levels
Reference Monitor (Police)
Abstract machine that controls the access subjects have to objects
Security Kernel (Law)
Components in system that enforce the rules of the reference monitor
Security Kernel and reference Monitor Requirements
- The security kernel must provide isolation for the processes carrying out the reference monitor concept and it must be tamperproof 2. The reference monitor must be invoked for every access attempt and must be impossible to circumvent 3. The reference monitor must be small enough to be tested and verified in a complete and comprehensive manner
Covert Channels
- Covert timing channel - a process relayes information to another by modulating its use of system resources 2. Covert storage channel - a process writes data to a storage location and process of lower clearance reads it.
Emanations
Capturing screen from long distances
Back Doors
- Accessing a system by bypassing the access controls 2. Allows attacker to enter the computer at any time 3. Maintenance hook trapdoor rootkits 4 can be inserted by a trojan
Asynchronous Attacks - Timing Attacks
- TOC/TOU attack takes place after the system checks a specific file of the system and before the system actually uses the file 2. Race conditions two processes rae to carry out conflicting actions at the same time
Data Validation
- Validation is the process of reviewing data against a pre-established set of criteria 2. Security checks on data long with validity checks to ensure it is in the proper format
Code Injection
- Input must be validated for range/type/length 2. injecting code like SQL statements into input buffers
Inference
The act or process of deriving logical conclusions from premises known or assumed to be true. The conclusion drawn is called an idiomatic.
Buffer Overflow
1 If an application does not verify the amount of information being input the data can overwrite other memory segments 2. An attack might cause code to execute in a privileged mode
Aggregation
A massing together or clustering of independent but similar units, such as data elements
Defense in Depth
- People 2. technology 3 Operations
