Domain 3: Security Engineering Flashcards
Asymetric Encryption
2 keys
Graham-Denning Security Model
Defines rights based on the commands that the subjects can execute R1: Transfer access R2: Grant access R3: Delete access R4: Read objects R5: Create objects R6: Delete objects R7: Create subjects R8: Delete subjects
Brewer-Nash Security Model
Designed to avoid conflicts of interests
AKA: Chinese wall
Clark-Wilson
- Well formed transactions
- authorization access modifications made in organized manner
- Real-world technology model
- Separation of duties ensures that authorized users do not change data in inappropriate way
Biba Security Model
Integrity of objects
- Simple Integrity Axiom
- no read down
- Integrity Axiom
- no write up
- Integrity Axiom
Lattice-based Access Control
Upper and Lower Limits
- Every relationship between subjects and objects has upper and lower limits.
- Multilevel and multilateral
Bell-LaPadula Security Model
Confidentiality of objects
- Designed for Dept of Defense
- Simple Security Property
- No read up
- Security Property
- No write down
- Strong Tranquility Property - security labels will not change while system on operating.
- Weak Tranquility Property - security labels will not change in a way that conflicts with defined security properties.
ITSEC
Information Technology Security Evaluation Criteria
- Used extensively in Europe
- Assurance correctness rating E0 (inadequate) - E6 (formal model of security policy)
- References the orange book but added
F- Functionality
Q- Effectiveness
E- Correctness
TCSEC
Trusted Computer System Evaluation Criteria
- Orange Book
- Developed on 1983
(KNOW THE LEVELS)
D- minimal protections
C- Discretionary protection
B- Mandatory protection - B1 labeled
- B2 structured
- B3 Security Domains
A- Verified Protection
-A1- Verified Domains
Rule-based Access Control
RBA
- Firewall
- Based on a set of rules
- Stored in Access Control List
Role-based Access Control
- Non-discretionary access control
- Assigns permissions to roles in the organization
Mandatory Access Control
MAC
- Access control where OS constrains the ability of the subject to access or perform on a object
- Rules enforced on OS kernel
- Security policy administrator controls
Trusted Computer System Evaluation Criteria
- Discretionary access control (DAC)
- Restricts access to objects based on the identity of the subjects and the groups they belong to
- Subjects with certain permissions are capable of passing that permission
4 Modes of Systems/ Access Control
- Dedicated - one classification for all objects - subject must have clearance equal or greater than the system label
- Systems High - mixed labels - subject must have clearance equal or greater than the highest object label
- Compartmented -objects placed in compartments. Subjects must have a formal need to know.
>All subjects must have- NDA for ALL. Clearance for ALL information on the system. - Multi-level- objects of varying levels. Subjects with varying clearances can access the system, Reference monitor mediates access. NDA. Clearance for SOME information on the system
Common Criteria
- Internationally agreed upon standard for describing
and the the security of IT products.
-primary objects is to eliminate known vulnerabilities of the target for testing.
Terms:
>Target of Evaluation (ToE): system or product being tested
>Security Target (ST): documentation describing the TOE
>Protections Profile (PP): independent set of security requirements and objectives for a specific category of products or systems
>Evaluation Assurance Level (EAL): evaluation score of the tested…
- Latest version July 2009
Common Criteria 7 levels of Evaluations (EAL)
EAL1: Functionally tested
EAL2: Structurally tested
EAL3: Methodically tested and checked
EAL4: Methodically designed, tested, and reviewed
EAL5: Semi-formally designed and tested
EAL6: Semi-formally verified, designed, and tested
EAL7: Formally verified, designed, and tested
Layering
- Separates HW and SW functions into Modular tiers.
- Actions that take place at one layer to not directly affect components of another
- Generic list of security architecture layers
.Kernel - 0
.OS - 1
.Hardware - 2
.Applications - 3
Abstractions
Unnecessary details are hidden from the user
Ring Model
- CPU HW layering to separate and protect domains (user mode from kernel mode)
- Ring 0: Kernel
- Ring 1: OS components outside of Ring 0
- Ring 2: Device drivers
- Ring 3: User applications
- Processes communicate between ring via system call.
- Rings allow abstraction.
- Allows layering
Computer Bus
- Primary communications channel on a computer.
- Communications between CPU, memory, and input/output devices
Northbridge
Southbridge
- Northbridge = memory controller hub
. connects cpu to ram and video memory
. directly connected to CPU
Southbridge = I/O controller hub
. connects I/O devices
. Keyboards, mice, etc
Thread
- CPU action where one process has spawned another process
- Threads can share memory
Trusted Platform Module
- International standard
- Hardware-based encryption (fast)
- Platform integrity and disk encryption (primary uses)
- Boot integrity
- DoD requires TPM 1.2 or higher
Kernel
- Interface between OS and HW
- Reference monitor is its core function: mediates all access between subjects and objects.
-Two primary types
. Monolithic kernel: compiles int one static executable.
. Microkernel: modular, can add functionality
-Reference monitor is core
.
Cloud computing
- Leverages economies of scale
. IaaS - customer configures OS and all else
. PaaS - pre-configured OS, customer does all else
. SaaS - everything is configured, customer uses. (Webmail) - Cloud Security Issues
. Need strict SLA
. Limited visibility
. Shared infrastructure and shared target
. Right to audit, right to assess (vulnerabilities), right to test (pentest)
. Physical boundaries (geographical)
Emanations
- Energy the escapes and electronic signal
- Potential side-channel attack
- TEMPEST: NSA spec and NATO cert referring to spying through leaking emanations.
Rootkit
- Replaces part of the kernel or OS
- User-mode (ring 3, called userland) and kernel mode (ring 0)
Database Security
- Polyinstantiation: two different objects with the same name
- Inference: requires deductions using clues
- Aggregation: mathematical process that asks every question, no deduction.
- Data Mining: searching through DB looking for patterns
Cryptography - Key Terms
- Cryptology: the science of secure communications
- Cryptography: creates messages with hidden meanings
- Cryptoanalysis: the science of breaking hidden messages (recovering their meanings)
- Cryptology: encompasses cryptography and cryptoanalysis
- Cipher: cryptographic algorithm
- Plaintext: an unencrypted message
- Cyphertext: an encrypted message
- Encryption: converts plaintext to cyphertext
- Decryption: turning cyphertext back into plaintext.
Confusion, Diffusion, Substitution, Permutation
- Confusion: means the relationship between the plaintext and cyphertext should be as confused or random as possible
- Diffusion: the order of the plaintext should be diffused (dispersed) in the cyphertext
- Substitution: replace one character with another to provide diffusion
- Permutation:provided confusion by rearranging the characters of the plaintext; anagram style