Domain 3 - Security Architecture and Engineering - Security Architecture and Design Flashcards
Security Models
Provides the means to formalize a system policy into an explicit set of rules that a computer can follow to implement the fundamental security concepts, processes, and procedures that make up a security policy
System Architecture
Hardware, Software, and firmware as part of the overall design and description of the interaction of information
Enforces the specifications provided by the security model
Security Model Examples
Bell-LaPadula Model **** Biba Model **** Clark-Wilson Model ** Brewer & Nash Model ** State Machine Model Information Flow Model Non-Interference Model Lattice Model
State Machine Model
Basis for other models
The state of a system is its snapshot at any one particular moment.
You are only as secure as your weakest state.
Bell-LaPadula Model
Protects Confidentiality of a system
Developed by DoD multilevel security policy
Divides entities in an information system into subjects and objects
Subjects and Objects are created with Labels
Labels are compared upon attempted access
If it is not expressly called out, it is allowed
Bell-LaPadula Tranquility Property
Labels are not arbitrarily changed
Bell-LaPadula Simple Security Property
No reading up in classification
Bell-LaPadula *Security Property
No writing down in classification
Bell-LaPadula Strong *Property
No read/write up or down in classification
Biba Integrity Model
Protecting the Sanctity of Knowledge
No subject can depend on an object of lesser integrity
“Down Data’s Dirty”
Biba Simple integrity axiom
No Read down of integrity level
Biba *Integrity Axiom
No write up on integrity level
Biba Invocation property
Subject cannot invoke subjects at a higher integrity level
Clark-Wilson Model
Isolation between resources
Keep users out of your stuff or they will break it
Separation of Duties is emphasized
Forces well-formed transactions through access triple
Brewer-Nash Model
Prevent conflict of interest in databases
Developed to combat conflict of interest in databases housing competitor information
Ensures fair competition
aka Chinese Wall model
Access Triple
user -> Transformation Procedure -> Constrained data Items (CDI)
Security Architecture
Directs how the components included in the system architecture should be organized and interact to ensure that security requirements are met
Trusted Computing Base (TCB)
all hardware, software, and firmware within a system that enforces the security of a system and provides a description of the trust of a system
Include the CPU, RAM, OS Kernel, BIOS, etc
Evaluated when certifying a system
Security Perimeter
Conceptual separation between the TCB and the untrusted elements of a system
API example of how to implement
CPU Protection Modes
Unresticted mode is called kernel, supervisor mode, privileged mode
May perform any operation, access any location, without restrictions
Restricted mode is user mode or problem state
CPU Busses
Front Side Bus (Internal Bus) allows processor to communicate with RAM Expansion Bus (Input/output bus) allows motherboard components (PCI, etc) to communicate with one another
Protection Rings for OS
0 - Privileged OS Functions - kernel (Most privilege)
1 - OS Services - remaining parts of OS
2 - Device Drivers - I/O Drivers and OS Utilities
3 - Application Programs - user activity and programs
Reference Monitor Concept
Set of design requirements to make the determination regarding subject/object access.
Rules that govern access
Security Kernel
Enforces the Reference Monitor
Requirements for Monitor/kernel
Must facilitate isolation of processes
Must be invoked at every access attempt
Must be small enough to be tested and verified in a comprehensive manner
Programs
An application
Processes
Program loaded into memory
Threads
Each individual instruction within a process
Multi-programming
Multiple programs “open” but no true isolation
Multi-tasking
Isolation of processes - more than a single process can run at one time
Multi-processing
More than one CPU
Multi-threading
Mutliple threads running one process
Multi-core processor
CPU with more than one core, provides hardware multithreading
Service Oriented Architecture (SOA)
style of software design where services are provided to the other components by application components, through a communication protocol over a network
SOAP Protocol
messaging protocol specification for exchanging structured information in the implementation of web services in computer networks. It uses XML Information Set for its message format, and relies on application layer protocols, most often Hypertext Transfer Protocol (HTTP), although some legacy systems communicate over Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission
API Access
Who is allowed to ask for data or services
API Request
What data or services can be asked for Requests have methods and Parameters
Methods - the type of question you can ask
parameters - Additional details you can include in the question or response
API Response
Data or service for your request
The “Orange Book” (TCSEC) Trusted Computer Security Evaluation Criteria
Used by US gov’t in mid 90s
Way to evaluate system to determine proper amount of security
Part of series of books called the rainbow Series
Based on Bell-LaPadula model
Developed by NCSC National Computer Security Center
TCSEC Evaluation Ratings
A1 - Verified Protection
B1, B2, B3 - Mandatory Protection
C1, C2 - Discretionary Protection
D - Minimal Security
Certification Common Criteria
ISO 15408 (International standard) Certify systems based on the trust (function) and assurance of a system
Protection Profile
Requirements from Agency or Customer
Target of Evaluation
System Designed by Vendor
Security Target
Documentation describing how ToE meets Protection Profile
Evaluation Assurance Level (EAL 1-7)
Describes the level to which ToE Meets Protection Profile
EAL 1 - Functionally Tested (Lowest rating)
EAL 2 - Structurally Tested
EAL 3 - Methodically tested and checked
EAL 4 - Methodically designed, tested and reviewed
EAL 5 - Semi Formally designed and tested
EAL 6 - Semi-formally verified designed and tested
EAL 7 - Formally verified designed and tested (Highest Rating)
Certification
process that ensures systems and major applications adhere to formal and established security requirements that are well documented and authorized
Performed by a vendor
Accreditation
Formal declaration by a Designated Accrediting Authority (DAA) that information systems are approved to operate an an acceptable level of risk based on the implementation of an approved technical, managerial, and procedural safeguards
Most important concept for layered security
Series, layering is deployment of multiple mechanisms in series
Fog Computing
Using IoT Devices and sensors to collect data and transfer it back to a central location for processing
