Cissp chapter-05ppt178
Download as PPT, PDF1 like67 views
This chapter discusses security architecture and models, including computer organization, distributed systems, protection mechanisms, formal security models like Bell-LaPadula and Biba integrity models. It covers topics like certification and accreditation processes to establish security requirements are met. Evaluation criteria for security classifications from class D to class A are also mentioned to assess security assurance levels.
Cissp chapter-05ppt178
- 1. The CISSP Prep Guide Chapter 5 Security Architecture and Models The CISSP® Prep Guide: Mastering the Ten Domains of Computer Security by Ronald L. Krutz, Russell Dean Vines (August 24, 2001), John Wiley & Sons. ISBN: 0471413569
- 2. Topics in Chapter 5 • Computer Organization • Hardware Components • Software/Firmware Components • Open Systems • Distributed Systems • Protection Mechanism • Evaluation Criteria
- 3. Topics in Chapter 5 • Certification and Accreditation • Formal Security Models • Confidentiality Models • Integrity Models • Information Flow Models
- 4. Computer Architecture • CPU – ALU and Control Unit • Memory – Cache, RAM, PLD, ROM, Real/Primary and Secondary memory, Sequential and Random Access Memory, Virtual Memory – Addressing: Register, Direct, Absolute, Implied, Indirect Addressing – Memory Protection
- 5. Instruction Execution Cycle • Privileged Instructions • Pipelining • CISC versus RISC • Multiprogramming • Multitasking • Multiprocessing
- 6. Input/Output Structures • Instruction Fetch-Decode-Execute Cycle • Direct Memory Access • Interruption
- 7. Software • 1GL - Machine language • 2GL - Assembly language • 3GL - High Level Programming language • 4GL - NATURAL, FOCUS, SQL • 5GL – Natural Language
- 8. Distributed Architecture • Client-Server Model • Security Concerns – Email – Telnet, FTP – Encryption
- 9. Distributed Architecture Security Concerns • Desktop Systems may be at risk of being exposed, and as entry for critical information • Users may lack security awareness • Modem and dial-up access to corporate network • Download or Upload of critical information • Lack of proper backup or disaster recovery
- 10. For Protection Mechanisms • Email and download/upload policies • Robust access control and biometrics • Graphical user interface mechanism • File encryption • Separation of privileged process and others • Protection domain, disks, systems, laptops • Labeling and classification
- 11. For Protection Mechanisms • Centralized backup for desktop systems • Security awareness and regular training • Control of software on desktop systems • Encryption • Logging of transaction and transmission • Appropriate access controls • Protection of applications and database
- 12. For Protection Mechanisms • Security Formal methods in Software Development, Change Control, Configuration Management, and Environmental Change • Disaster Recovery and Business Continuity Planning, for all systems including desktop, file system and storages, database and applications, data and information
- 13. Protected Mechanisms • Trusted Computing Base (TCB) • Security Perimeter • Trusted Path • Trusted Computer System • Abstraction, Encapsulation, and Information Hiding
- 14. Rings • Protection Rings • Security Kernel • Reference Model • MULTICS
- 15. Security Modes • Dedicated • Compartmented • Controlled • Limited Access
- 16. Additional Considerations • Covert Channel • Lack of Parameter Checking • Maintenance Hook and Trapdoor • Time of Check to Time of Use (TOC/TOU) Attack
- 17. Assurance • Evaluation Criteria – TCSEC by NCSC Trusted Computer System Evaluation Criteria – Classes of Security • D – Minimal protection • C – Discretionary protection (C1 and C2) • B – Mandatory protection (B1, B2, B3) • A – Verified protection; formal methods (A1) – ITSEC
- 18. Certification and Accreditation • Certification – The comprehensive evaluation of the technical and non-technical security features of an information system and the other safeguards, which are created in support of the accreditation process, to establish the extent in which a particular design and implementation meets the set of specified security
- 19. Certification and Accreditation • Accreditation – A formal declaration by a Designated Approving Authority (DAA) where an information system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk
- 20. Certification and Accreditation • DITSCAP – Defense Information Technology Security Certification and Accreditation Process – Phase 1 Definition – Phase 2 Verification – Phase 3 Validation – Phase 4 Post Accreditation
- 21. • NIACAP – National Information Technology Security Certification and Accreditation Process – Site Accreditation – Type Accreditation for Application or System – System Accreditation for major application or general support system
- 22. Information Security Models • Access Control Models – The Access Matrix – Take-Grant Model – Bell-LaPadula Model • Integrity Models – The Biba Integrity Model – The Clark-Wilson Integrity Model • Information Flow Models – Non-interference Model – Composition Theories
- 23. Bell-LaPadula Model • DoD, Multilevel security policy – Individual’s Need-to-Know Basis – Security-labeled Materials and – Clearance of Confidential, Secret, or Top Secret – Thus dealing only with confidentiality of classified material, but not with integrity or availability – Input, State, Function and State Transition
- 24. Bell-LaPadula Model 1. The Simple Security Property (ss Property). States that reading of information by a subject at a lower sensitivity level from an object at a higher level is not permitted (No Read Up)
- 25. Bell-LaPadula Model 2. The * (star) Security Property States that writing of information by a subject at a higher level of sensitive to an object at a lower level of sensitivity is not permitted. (No Write Down)
- 26. Bell-LaPadula Model 3. The Discretionary Security Property Uses an access matrix to specify discretionary access control But Write-Up, Read-Down are OK. • Authorization • Control – Content-Dependent, Context-Dependent
- 27. Integrity Model • Goals 1. The data is protected from modification by unauthorized users 2. The data is protected from unauthorized modification by authorized users 3. The data is internally and externally consistent – the data held in a database must balance internally and must correspond to the external, real-world situation.
- 28. Biba Integrity Model • In 1977, lattice-based model • Using “less than” or “equal to” relationship • least upper bound (LUB) and greatest lower bound (GLB) • The Lattice as a set of integrity classes (IC) and an ordered relationship among classes • A Lattice as (IC, <=, LUB, GUB)
- 29. Biba Integrity Model 1. The Simple Integrity Axiom States that a subject at one level of integrity is not permitted to observe (read) an object of a lower integrity No Read Down
- 30. Biba Integrity Model 2. The * (Star) Integrity Axiom, States that an object at one level of integrity is not permitted to modify (write to) an object of a higher level of integrity. No Write Up
- 31. Biba Integrity Model 3. A subject at one level of integrity cannot invoke a subject at a higher level of integrity
- 32. Clark-Wilson Integrity Model • Clark-Wilson, 1987 • Constrained Data Item (CDI) – A Data item whose integrity is to be preserved • Integrity Verification Procedure (IVP) – Confirms that all CDIs through a well-formed transaction, which transforms a CDI from one valid integrity state to another valid integrity state • Unconstrained Data Item (UDI) – Data items outside of the control area of the modeled environment such as input information