Domain 3 - Security Engineering - Security Models Flashcards
Security Model - what is it?
provides ‘rules of the road’ for securely operating systems. Can be used in determining policy.
provides a way for designers to map abstract statements into a security policy that prescribes the algorithms and data structures necessary to build hardware and software.
Read down, Write up
Applies to Mandatory Access Control models.
Read down = user reads an object at a lower sensitivity leve.
Write up = user writes to an object then labels it at a higher sensitivity level than the clearence they themselves possess.
State Machine Model
Based on concept of FSM (Finite State Machine) Mathematical Model that groups all possible system occurrences (called states). Every possible state is evaluated as secure.
Each input results in a transition to a new state that must be evaluated for secureness.
Basis of many other sec. models.
Bell-Lapadula Model
Based on State-Machine and information flow models. Origin in DOD. Main focus is on confidentiality of objects.
Simple Security Property
*Security Property
Bell Lapadula
- What is Simple Security Property?
What is the star property AKA Security Property?
No Read Up (SSP)
No Write Down (SP)
Bell Lapadula
- What is Strong Tranquility Property
labels will not change while a system is operating
Bell Lapadula
- What is Weak Tranquility Property
Labels can’t change in a way that conflicts with defined security properties
Lattice-based Controls
o Security for complex environments
o For every relationshiop between a subject and object – there are defined upper and lower access limits
o Subject have Least UpperBound and Greatest Lower Bound
o Multi level and multi lateral
Integrity Models
Focus on integrity moreso than confidentiality.
Biba Model
Integrity based model. Based on State Machine and Information flow. Two primary rules
Simple integrity axioim – no read down
*Integrity Axiom – no write up
Biba Model - what is Simple integrity axiom?
no read down. Prevents subjects from accessin info at lower integrity level - protects integrity by preventing bad info from reaching higher levels.
Biba Model - what is star property AKA integrity axiom?
no write up.
Clark-Wilson
Integrity model
Real world model
o Requires subjects to access objects via programs
o Two primary concepts
Well formed transactions
Separation of duties
Clark-Wilson - what are Well formed transactions?
Abiltity to enforce control over apps.
Comprised of: User, Transformation procedure, and Constrained Data Item.
Clark - Wilson - certification, enforcement, and separation of duties
All TP (Transformation procedures) must record enough information to reconstruct the data transaction.