Domain 3: Security Architecture and Engineering 13% Flashcards
DAC (Discretionary Access Control)
gives the subjects full control of objects they have created or been given access to.
MAC (Mandatory Access Control)
is system-enforced access control based on a subject’s clearance and an object’s labels.
RBAC (Role Based Access Control)
is where access to objects is granted based on the role of the subject.
ABAC (Attribute Based Access Control)
is where access to objects is granted based on subjects, objects AND environmental conditions.
RUBAC (Rule Based Access Control)
is access that’s granted based on IF/THEN statements.
Bell-LaPadula: Confidentiality (MAC)
Simple Security Property “No Read UP”
Security Property “No Write DOWN”
StrongProperty “No Read or Write UP and DOWN”
BIBA: Integrity (MAC)
Simple Integrity Axiom “No Read DOWN”
*Integrity Axiom “No Write UP”
Invocation Property “No Read or Write UP”
Lattice Based Access Control (LBAC)(MAC)
e.g. “Top Secret” crypto. chemical
Graham-Denning Model
uses Objects, Subjects, and Rules. The 8 rules that a specific subject can execute on an object are:
- Transfer Access
- Grant Access
- Delete Access
- Read Object
- Create Object
- Destroy Object
- Create Subject
- Destroy Subject.
HRU model (Harrison, Ruzzo, Ullman)
An OS level comp security model that deals with the integrity of access rights in the system. It is an extension of the Graham-Denning model. Considers Subjects to be Objects too. Uses 6 primitive operations: 1. Create object 2. Create subject 3. Destroy subject 4. Destroy object 5. Enter right into access matrix 6. Delete right from access matrix.
Clark-Wilson - Integrity
Separates end users from the backend data through ‘Well-formed transactions’ and ‘Separation of Duties’. The model uses Subject/Program/Object
Separation of duties
The certifier of a transaction and the implementer are different entities. The person making purchase orders should not be paying the invoices.
Well-formed transactions
is a series of operations that transition a system from one consistent state to another consistent state.
Brewer-Nash (Chinese Wall or Informaton Barriers)
Designed to provide controls that mitigate conflict of interest in commercial orgs, and is built upon an information flow model. No information can flow between the subjects and objects in a way that would create a conflict of interest.
Non-Interference Model
Ensures that any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level. The model is not concerned with data flow, but with what a subject knows about the state of the system. Any change by a higher level subject, will never be noticed by a lower level subject.
Take-Grant Protection Model
Uses rules that govern the interactions between subjects and objects. It uses permissions that subjects can grant to (or take from) other subjects. It has 4 rules:
1. Take rule allows a subject to take rights of another object. 2. Grant rule allows a subject to grant own rights to another object. 3. Create rule allows a subject to create new objects. 4. Remove rule allows a subject to remove rights it has over another object.
Access Control Matrix
Model describing the rights of every subject for every object in the system.
Zachman Framework (for Enterprise Architecture)
Provides 6 frameworks: What, How, Where, Who, When, Why
Mapping those frameworks to rules for: Planner, Owner, Designer, Builder, Programmer, User
Dedicated security mode
All users must have:
Signed NDA for ALL information on the system. Proper clearance for ALL information on the system. Formal access approval for ALL information on the system. A valid need to know for ALL information on the system. All users can access ALL data
System high security mode
All users must have: Signed NDA for ALL informaton on the system. Proper clearance for ALL information on the system. Formal access approval for ALL information on the system. A valid need to know for SOME information on the system. All users can access SOME data, based on their need to know.
Compartmented security mode
Signed NDA for ALL informaton on the system. Proper clearance for ALL information on the system. Formal access approval for SOME information on the system. A valid need to know for SOME information on the system. All users can access SOME data, based on their need to know and formal access approval.
Multilevel security mode - (Controlled Security Mode)
Signed NDA for ALL informaton on the system. Proper clearance for SOME information on the system. Formal access approval for SOME information on the system. A valid need to know for SOME information on the system. All users can access SOME data, based on their need to know, clearance and formal access approval.
The Orange Book
DOD Trusted Computer Systems Evaluations Criteria (TCSEC)
ITSEC (The European Info Tech Sec Evaluation Criteria)
Was the first successful int model. Contains a lot of references from The Orange Book, but both are retired now.