Domain 3 - Security Architecture and Engineering - Security Architecture and Design

Question 1

Security Models

Answer 1

Provides the means to formalize a system policy into an explicit set of rules that a computer can follow to implement the fundamental security concepts, processes, and procedures that make up a security policy

Question 2

System Architecture

Answer 2

Hardware, Software, and firmware as part of the overall design and description of the interaction of information
Enforces the specifications provided by the security model

Question 3

Security Model Examples

Answer 3

Bell-LaPadula Model ****
Biba Model ****
Clark-Wilson Model **
Brewer & Nash Model **
State Machine Model
Information Flow Model
Non-Interference Model
Lattice Model

Question 4

State Machine Model

Answer 4

Basis for other models
The state of a system is its snapshot at any one particular moment.
You are only as secure as your weakest state.

Question 5

Bell-LaPadula Model

Answer 5

Protects Confidentiality of a system
Developed by DoD multilevel security policy
Divides entities in an information system into subjects and objects
Subjects and Objects are created with Labels
Labels are compared upon attempted access
If it is not expressly called out, it is allowed

Question 6

Bell-LaPadula Tranquility Property

Answer 6

Labels are not arbitrarily changed

Question 7

Bell-LaPadula Simple Security Property

Answer 7

No reading up in classification

Question 8

Bell-LaPadula *Security Property

Answer 8

No writing down in classification

Question 9

Bell-LaPadula Strong *Property

Answer 9

No read/write up or down in classification

Question 10

Biba Integrity Model

Answer 10

Protecting the Sanctity of Knowledge
No subject can depend on an object of lesser integrity
“Down Data’s Dirty”

Question 11

Biba Simple integrity axiom

Answer 11

No Read down of integrity level

Question 12

Biba *Integrity Axiom

Answer 12

No write up on integrity level

Question 13

Biba Invocation property

Answer 13

Subject cannot invoke subjects at a higher integrity level

Question 14

Clark-Wilson Model

Answer 14

Isolation between resources
Keep users out of your stuff or they will break it
Separation of Duties is emphasized
Forces well-formed transactions through access triple

Question 15

Brewer-Nash Model

Answer 15

Prevent conflict of interest in databases
Developed to combat conflict of interest in databases housing competitor information
Ensures fair competition
aka Chinese Wall model

Question 16

Access Triple

Answer 16

user -> Transformation Procedure -> Constrained data Items (CDI)

Question 17

Security Architecture

Answer 17

Directs how the components included in the system architecture should be organized and interact to ensure that security requirements are met

Question 18

Trusted Computing Base (TCB)

Answer 18

all hardware, software, and firmware within a system that enforces the security of a system and provides a description of the trust of a system
Include the CPU, RAM, OS Kernel, BIOS, etc
Evaluated when certifying a system

Question 19

Security Perimeter

Answer 19

Conceptual separation between the TCB and the untrusted elements of a system
API example of how to implement

Question 20

CPU Protection Modes

Answer 20

Unresticted mode is called kernel, supervisor mode, privileged mode
May perform any operation, access any location, without restrictions
Restricted mode is user mode or problem state

Question 21

CPU Busses

Answer 21

Front Side Bus (Internal Bus) allows processor to communicate with RAM
Expansion Bus (Input/output bus) allows motherboard components (PCI, etc) to communicate with one another

Question 22

Protection Rings for OS

Answer 22

0 - Privileged OS Functions - kernel (Most privilege)
1 - OS Services - remaining parts of OS
2 - Device Drivers - I/O Drivers and OS Utilities
3 - Application Programs - user activity and programs

Question 23

Reference Monitor Concept

Answer 23

Set of design requirements to make the determination regarding subject/object access.
Rules that govern access

Question 24

Security Kernel

Answer 24

Enforces the Reference Monitor

Question 25

Requirements for Monitor/kernel

Answer 25

Must facilitate isolation of processes
Must be invoked at every access attempt
Must be small enough to be tested and verified in a comprehensive manner

Question 26

Programs

Answer 26

An application

Question 27

Processes

Answer 27

Program loaded into memory

Question 28

Threads

Answer 28

Each individual instruction within a process

Question 29

Multi-programming

Answer 29

Multiple programs “open” but no true isolation

Question 30

Multi-tasking

Answer 30

Isolation of processes - more than a single process can run at one time

Question 31

Multi-processing

Answer 31

More than one CPU

Question 32

Multi-threading

Answer 32

Mutliple threads running one process

Question 33

Multi-core processor

Answer 33

CPU with more than one core, provides hardware multithreading

Question 34

Service Oriented Architecture (SOA)

Answer 34

style of software design where services are provided to the other components by application components, through a communication protocol over a network

Question 35

SOAP Protocol

Answer 35

messaging protocol specification for exchanging structured information in the implementation of web services in computer networks. It uses XML Information Set for its message format, and relies on application layer protocols, most often Hypertext Transfer Protocol (HTTP), although some legacy systems communicate over Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission

Question 36

API Access

Answer 36

Who is allowed to ask for data or services

Question 37

API Request

Answer 37

What data or services can be asked for Requests have methods and Parameters
Methods - the type of question you can ask
parameters - Additional details you can include in the question or response

Question 38

API Response

Answer 38

Data or service for your request

Question 39

The “Orange Book” (TCSEC) Trusted Computer Security Evaluation Criteria

Answer 39

Used by US gov’t in mid 90s
Way to evaluate system to determine proper amount of security
Part of series of books called the rainbow Series
Based on Bell-LaPadula model
Developed by NCSC National Computer Security Center

Question 40

TCSEC Evaluation Ratings

Answer 40

A1 - Verified Protection
B1, B2, B3 - Mandatory Protection
C1, C2 - Discretionary Protection
D - Minimal Security

Question 41

Certification Common Criteria

Answer 41

ISO 15408 (International standard)
Certify systems based on the trust (function) and assurance of a system

Question 42

Protection Profile

Answer 42

Requirements from Agency or Customer

Question 43

Target of Evaluation

Answer 43

System Designed by Vendor

Question 44

Security Target

Answer 44

Documentation describing how ToE meets Protection Profile

Question 45

Evaluation Assurance Level (EAL 1-7)

Answer 45

Describes the level to which ToE Meets Protection Profile
EAL 1 - Functionally Tested (Lowest rating)
EAL 2 - Structurally Tested
EAL 3 - Methodically tested and checked
EAL 4 - Methodically designed, tested and reviewed
EAL 5 - Semi Formally designed and tested
EAL 6 - Semi-formally verified designed and tested
EAL 7 - Formally verified designed and tested (Highest Rating)

Question 46

Certification

Answer 46

process that ensures systems and major applications adhere to formal and established security requirements that are well documented and authorized
Performed by a vendor

Question 47

Accreditation

Answer 47

Formal declaration by a Designated Accrediting Authority (DAA) that information systems are approved to operate an an acceptable level of risk based on the implementation of an approved technical, managerial, and procedural safeguards

Question 48

Most important concept for layered security

Answer 48

Series, layering is deployment of multiple mechanisms in series

Question 49

Fog Computing

Answer 49

Using IoT Devices and sensors to collect data and transfer it back to a central location for processing