Security Architectures

Question 1

Threat Modeling

Answer 1

As the process of describing probable adverse effects on our assets caused by specific threats sources.

Question 2

When we do threat modeling….what do we consider

Answer 2

• Important to only consider dangers
• Potential impact of those threats
• Specify threat sources

Question 3

Attack Trees

Answer 3

Is a graph showing how individual actions by attackers can be chained together to achieve their goals.

Question 4

Attack tree lend themselves to a methodology known as reduction analysis….there are 2 aspects:

Answer 4

1. Reduce the number of attacks
2. Reduce the threat posed by the attack

Question 5

STRIDE
Developed by Microsoft in 1999

Answer 5

Is a threat modeling framework that evaluates a system’s design using flow diagrams, systems entities, and events related to a system.

Question 6

The Lockheed Martin Cyber Kill Chain

Answer 6

• It is used to anticipate the intent and actions of an enemy and then develop a plan to get inside their decision loop and defeat them.
• The term kill chain evolved to describe the process of identifying a target, determining the best way to engage it, amassing the required forces against it, engaging it, and destroying it.
• It identifies the steps that threat actors generally must complete to achieve their objectives.

Question 7

7 Stages of the Lockheed Martin Cyber Kill Chain

Answer 7

1. Reconnaissance
2. Weaponization
3. Delivery
4. Exploitation
5. Installation
6. Command and Control
7. Action on Objective

Question 8

STRIDE
Mnemonic

Answer 8

S - Spoofing
T - Tampering
R - Repudiation
I - information Disclosure
D - Denial of Service
E - Elevation of Privilege

Question 9

Cyber Kill Chain is a high level framework

Answer 9

It is one of the most commonly used one for modeling threats

Question 10

MIRATE Corporation developed a framework of…

Answer 10

Adversarial Tactics, Techniques & Common Knowledge called ATT&CK as a comprehensive tactics and techniques used by threat actors
- 14 Tactics contains a number of techniques—> sub-techniques

Question 11

Why Bother with threat modeling

Answer 11

Threat modeling allows us to simplify some of the activities of our adversaries so we can drill into the parts that really matter to us as defenders.

Question 12

Basic Security questions 3 questions:

Answer 12

• Why might someone want to target our organization (Motive)
• How could they go about accomplishing their objectives (Means)
• When and where would they attack us (Opportunity)

Question 13

Defence in Depth

Answer 13

• Which is the coordinated use of multiple security controls in a layered approach.
• Multilayered defence systems

Question 14

Zero Trust

Answer 14

• The Zero Trust model is one in which every entity is considered hostile until proven otherwise.
• Built inside out.
• this is not 100% practical as it may impact productivity

Question 15

Trust But Verify

Answer 15

Basically mean that, even when an entity and its behaviours are trusted, we should double-check both

Question 16

Shared Responsibility

Answer 16

Refers situation in which a service provider is responsible for certain security controls, while the customer is responsible for others.

Question 17

Separation of Duties

Answer 17

SoD, in which important functions are divided among multiple individuals to ensure that no one person has the ability to intentionally or accidentally cause serious losses to the organization.

Question 18

Least Privilege

Answer 18

• Least Privilege, states that people are granted exactly the access and authority that they require to do their jobs, and nothing more.
• Need-to-know principle is similar to the least privilege principle

Question 19

Authorization Creep

Answer 19

As Employees work at an organization over time and move from one department to another, they often are assigned more and more access rights and permissions.

Question 20

Keep it Simple

Answer 20

The more complex a system is, the more difficult it is to understand and protect it. Simplicity is the key.

Question 21

Secure Defaults

Answer 21

• Means that every system starts off in a state where security trumps use friendliness and functionality.
• the goal of secure defaults is to start everything in a place of extreme security and then intentionally loosen things until users can get their jobs done, but no further.

Question 22

Fail Securely

Answer 22

In the even of an error, information systems ought to be designed to behave in a predictable and non compromising manner.

Question 23

Privacy by design

Answer 23

• The best way to ensure privacy of user data is to incorporate data protection as an integral part of the design of an information system, not as an afterthought or later-stage feature
• 7 foundational principle

Question 24

Security Model

Answer 24

A Security model is a more formal way to capture secure principles. Where a principle is a rule of thumb that can be adapted to different situations, the security models we describe here are very specific and verifiable.

Question 25

Bell-LaPadula Model developed in 1970s

Answer 25

-Enforces the confidentiality aspects of access control.
- Prevent secret information from being accessed in an unauthorized manner.
- First mathematical model of multilevel security policy used to define the concept of secure modes of access and outlined rules of access.
- a system that employs this model is called multilevel security system

Question 26

3 main rules are used and enforced in Bell-LaPadula model:

Answer 26

• Simple Security rule: Subject given security level cannot read data readies at a higher security level.
• *- Property (star property) rule: Subject given in a security level cannot write information to a lower security level
• Strong star property rule: A subject who has read and write capabilities can only perform both of those functions at the same security level. Nothing higher, nothing lower

Question 27

Biba Model

Answer 27

• The Biba model is a security model that addresses the integrity of data within a system. It is not concerned with security levels and confidentiality.

Question 28

3 Main rules of Biba Model

Answer 28

-*-integrity axiom: A subject cannot write data to an object at a higher integrity level.
- Simple Integrity Axiom: A subject cannot read data from a lower integrity level
- Invocation property: A subject cannot request service (invoke) at a higher integrity

Question 29

Examples of Informational flow models

Answer 29

• Bell-LaPadula
• Biba

Question 30

Clark-Wilson Model
(Integrity of Information)
Uses the following 5 elements

Answer 30

• Users: Active agents
• Transformation procedures (TPs): Programmed abstract operations, such as read, write, and Modify
• Constrained data items (CDIs): can be manipulated by TPs
• Unconstrained data items (UDI): can be manipulated by users via primitive read and write operations
• Integrity verification procedures (IVPs): Check the consistency of CDI with external reality

Question 31

Clark-Wilson Model
Focuses on well-formed transactions and SoD. Why called ‘access triple’:

Answer 31

1. One subset of highly protected Constrained Data Items
2. Subset Unconstrained data items does not require high level of protection
3. Users cannot modify Critical data

Question 32

Noninterference Model

Answer 32

• Multilevel security properties can be expressed in many ways, one being noninterference.
• Action that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level.
• not about flow of data but rather with what subject knows about the state of the system.

Question 33

Covert Channels

Answer 33

A covert channel is a way for an entity to receive information in an unauthorized manner.

Question 34

Covert Channels are of 2 Types

Answer 34

1. Storage: processes are able to communicate through some type of storage space on the system
2. Timing: one process relays information to another by modulating its use of system resources.

Question 35

Brewer and Nash Model (aka Chinese Wall Model)
Main goal: Potect from conflict of interest and dynamically changing access controls

Answer 35

States that:
- A subject can write to an object
- If and only if,
- the subject cannot read another object that is in a different dataset.

Question 36

Graham-Denning Model

Answer 36

Addresses some of these issues and defines a set of basic rights in terms of commands that a specific subject can execute on an object

Question 37

Graham-Denning Model
8 Primitive Protection Rights

Answer 37

• How to securely create an object
• How to securely create a subject
• How to securely delete an object
• How to securely delete a subject
• How to securely provide the read access right
• How to securely provide the grant access right
• How to securely provide the delete access right
• How to securely provide the transfer access right

Question 38

Harrison-Russo-Ullman Model

Answer 38

Deals with access rights of subjects and the integrity of those rights.

Question 39

Trusted Platform Module (TPM)

Answer 39

• Is a hardware component installed on the motherboard of modern computers that is dedicated to carrying out security functions involving the storage of cryptographic key and digital certificates, symmetric and asymmetric encryption, and hashing.
• TPM was devised by the Trusted Computing Group (TCG)

Question 40

Use cases of Trusted Platform Module (TPM

Answer 40

• encrypting the content of the hard drive
• Sealing a system’s state to a particular hardware and software configuration. Hash value generated store in its memory. A sealed system will be activated only after the TPM verifies the integrity of system’s configuration by comparing it with the original “sealing” value.

Question 41

Trusted Platform Module (TPM) internal memory is divided into 2 different segments:

Answer 41

• Persistent (static) memory
  1. Endorsement Key (EK): A public/ private key pair that is installed in the TPM at the time of manufacture and cannot be modified.
  2. Storage Root Key (SRK): The master wrapping key used to secure the keys stored in the TPM
• Versatile (dynamic) memory
  1. Platform Configuration Registers (PCRs): Used to store cryptographic hashes of data used for TPM’s sealing functionality
  2. Attestation Identity Keys (AIKs): Used for the attestation of TPM chip itself to service providers
  3. Storage keys: Used to encrypt the storage media of the computer system

Question 42

Hardware Security Module (HSM)
(The U.S. Federal Information Processing Standard (FIPS) 140-2 is the widely recognized standard for evaluating the security of an HSM)

Answer 42

HSM is a removable expansion card or external device that can generate, store, and manage Cryptographic keys

Question 43

Self-Encryption Drive (SED)

Answer 43

• Full-disk encryption (FDE) refers to approaches used to encrypt the entirety of data at rest on a disk drive
• SED is a hardware-based approach to FDE in which a cryptographic module is integrated with the storage media into one package

Question 44

Why need Bus Encryption?
(While the self-encrypting drive protects the data as it rests on the drive, it decrypts the data prior to transferring in to memory use) Possible 3 attacks:

Answer 44

1. On the external bus connecting the drive to the motherboard,
2. In Memory
3. On the bus between motherboard and CPU

Question 45

Bus Encryption means:
(User in ATM machines)

Answer 45

Data and instructions are encrypted prior to being put on the internal bus, which means they are also encrypted everywhere else except when data is being processed.
- this require Cryptoprocessor.

Question 46

3 ways to Secure Processing:

Answer 46

1. Create a specifically protected part of the computer in which only trusted applications can run with little or no interaction with each other or those outside the trusted environment
2. Build extensions into the processors that enable them to create miniature protected environment for each application
3. Write application temporarily lock processor and/or other resources to ensure nobody interferes with them until they’re down with a specific task

Question 47

Trusted Execution Environment (TEE)
(Used in apple products are Secure Enclaves)

Answer 47

Is a software environment in which special applications and resources have undergone rigorous checks to ensure they are trustworthy and remain protected
- TEE exists with untrusted rich execution environments (REE) on the same platform

Question 48

Process Security Extensions

Answer 48

Are instructions that provide these security features in the CPU and can be used to support a TEE.

Question 49

Atomic Execution

Answer 49

• Atomic Execution is an approach to controlling the manner in which certain sections of a program run so that they cannot be interpreted between the start and end of a section
• Atomic execution protects against a class of attacks called time-of-check to time-of-use (TOC/TOU).