Domain 3 - Security Engineering - Security Models Flashcards
Security Model - what is it?
provides ‘rules of the road’ for securely operating systems. Can be used in determining policy.
provides a way for designers to map abstract statements into a security policy that prescribes the algorithms and data structures necessary to build hardware and software.
Read down, Write up
Applies to Mandatory Access Control models.
Read down = user reads an object at a lower sensitivity leve.
Write up = user writes to an object then labels it at a higher sensitivity level than the clearence they themselves possess.
State Machine Model
Based on concept of FSM (Finite State Machine) Mathematical Model that groups all possible system occurrences (called states). Every possible state is evaluated as secure.
Each input results in a transition to a new state that must be evaluated for secureness.
Basis of many other sec. models.
Bell-Lapadula Model
Based on State-Machine and information flow models. Origin in DOD. Main focus is on confidentiality of objects.
Simple Security Property
*Security Property
Bell Lapadula
- What is Simple Security Property?
What is the star property AKA Security Property?
No Read Up (SSP)
No Write Down (SP)
Bell Lapadula
- What is Strong Tranquility Property
labels will not change while a system is operating
Bell Lapadula
- What is Weak Tranquility Property
Labels can’t change in a way that conflicts with defined security properties
Lattice-based Controls
o Security for complex environments
o For every relationshiop between a subject and object – there are defined upper and lower access limits
o Subject have Least UpperBound and Greatest Lower Bound
o Multi level and multi lateral
Integrity Models
Focus on integrity moreso than confidentiality.
Biba Model
Integrity based model. Based on State Machine and Information flow. Two primary rules
Simple integrity axioim – no read down
*Integrity Axiom – no write up
Biba Model - what is Simple integrity axiom?
no read down. Prevents subjects from accessin info at lower integrity level - protects integrity by preventing bad info from reaching higher levels.
Biba Model - what is star property AKA integrity axiom?
no write up.
Clark-Wilson
Integrity model
Real world model
o Requires subjects to access objects via programs
o Two primary concepts
Well formed transactions
Separation of duties
Clark-Wilson - what are Well formed transactions?
Abiltity to enforce control over apps.
Comprised of: User, Transformation procedure, and Constrained Data Item.
Clark - Wilson - certification, enforcement, and separation of duties
All TP (Transformation procedures) must record enough information to reconstruct the data transaction.
Clark - wilson separation of duties
ensure authorized users don’t change data in an inappropriate way.
Information Flow Model
Based on State-machine model. Focused on controlling information flow and type of information. Designed to prevent unauthorized, insecure, or restricted info flow. Excludes all un-defined flow pathways.
Chinese Wall Model (Brewer Nash)
AKA Brewer-Nash. Designed to avoid conflicts of interest. Specifically addresses consultants/contractors in financial institutions.
o Subject can write to an object only if the subject cannot read another object in a diff data set
Non-interference Model
Loosely based on Information Flow model. Instead of information flow, is concerned with how Actions at a higher security level affects states at lower level
Not concerned with the flow of data but more so with what a subject knows
Addresses the inference attack that occurs when someone has access to some type of info and can guess something they don’t have clearance to.
Take-Grant Model
Dictates how rights can be passed from subject to subject, or from subject to object.
Has four rules
Take rule, grant rule, create rule, and remove rule.
Access Control Matrix
Commonly used in OS and applications
Table that defines access permissions between subjects and objects
Graham-denning Model
Focuses on the secure creation and deletion of both subjects and objects.
Has 8 primary protection rules.
Zachmann Framework for enterprise architecture
Six frameworks for providing information sec.
Harrison-ruzzo-ullman model
Matrix based, variation of graham-denning model.
Six primitive operations.
Trusted Computing Base
Subset of a complete information system. Combination of hardware, software, and controls working together to form the trusted base or ‘core’ to enforce your security policies. Should be as small as possible.
Security perimeter
Imaginary Boundary that separates TCB from the rest of system.
Goguen-Meseguer Model
Integrity Model. Predetermining the set or domain of objects a subject can access.
Sutherland Model
Integrity Model. Focuses on preventing interference in support of integrity. Sets of States.
Star Security Property AKA Confinement Property
Subject may not write information to an object at a lower sensitivity level. No write down.
Reference Monitor
Part of the TCB that validates access to every resource prior to granting access. Stands between every subject and object.
Biba vs Bell Lapadula
