Training and Tips that are very helpful to gain knowledge in the field of information Security and passing your CISSP Certification Exam.
To be CISSP Certified Please Check out the link below:
http://asmed.com/cissp-isc2/
Unit-IV; Professional Sales Representative (PSR).pptx
CISSP Certification- Security Engineering-part1
1. SECURITY ENGINEERING
Objectives of Domain:
Understand the engineering lifecycle and
apply security design principles.
Understand the fundamental concepts of
security models.
Select controls and countermeasures based
upon systems security standards.
Assess and mitigate the vulnerabilities of
security architectures, designs, and solution
elements, mobile systems, and embedded
devices.
Apply cryptography
Apply secure principles to site and facility
design.
1
2. SECURITY ENGINEERING
The Engineering Lifecycle Using Security
Design principles
Systems engineering models and processes usually
organize themselves around the concept of lifecycle.
Concept of operations
Requirements
Design
Integration, Test, and Verification
Verification and Validation
Operation and Maintenance
Retirement
2
3. SECURITY ENGINEERING
Fundamental principles of Security
Models
Common system components
Processors
Memory and storage
Primary storage
Memory protection
Secondary storage
Virtual memory
Firmware
Peripherals and other I/O devices
Operating system
3
4. SECURITY ENGINEERING
• Security architecture is part of the overall
architecture of an information system. It
directs how the components included in
the system architecture should be
organized to ensure that security
requirements are met. The security
architecture of an information system
should include:
A description of the locations in the overall
architecture where security measures should be
placed.
A description of how various components of the
architecture should interact to ensure security.
The security specifications to be followed when
designing and developing the system.
4
5. SECURITY ENGINEERING
Computer Architecture
It comprises all the parts in a computer system that are
necessary for it to function. Such parts include the operating system,
memory chips, logic circuits, storage devices, I/O devices, security
components, buses, and networking components.
The Central Processing Unit (CPU) – Processes the
instructions provided by the various applications/programs. To do
this the CPU needs to access such instructions from their memory
locations.
The CPU can access the memory locations in its cache, along with
memory locations in the random access memory (RAM). These types
of memory are called primary memory.
The major components.
The Arithmetic Logic Unit (ALU)
Control Unit (coordinates instruction execution)
Registers that act as temporary memory locations and store the
memory addresses of the instructions and data that needs
processing by the CPU. 5
7. SECURITY ENGINEERING
CPU Modes & Protection rings
Protection Rings provide a security mechanism for an
operating system by creating boundaries between the various
processes operating on a system and also ensures that
processes do not affect each other or harm critical system
components.
Ring 0 – Operating system kernel (supervisor /privilege
mode)
Ring 1 – Remaining parts of the operating system (OS)
Ring 2 – Operating system and I/O drivers and OS utilities
Ring 3 – Applications (Programs) and user activity
7
8. SECURITY ENGINEERING
Recognizing access permissions
Let us evaluate access control mechanism provided by
the protection rings:
Suppose a subject is located in ring 3. Which of the ring levels
can this subject access?
A subject located in ring 3 can directly access objects in its
own ring.
Most applications running on a system operate from ring 3
which has the least access to system components.
On the contrary, a subject in a lower numbered ring can
directly access objects in higher numbered rings.
Suppose an application located in ring 3 has directly sends an
instruction to the CPU. What would be the result of this
instruction (choose one)?
A. The CPU executes the instruction.
B. The CPU raises an exception error.
C. The operating systems uses a system call to handle the
instruction
Answer: B. In case an application located in ring 3 directly sends an
instruction directly to the CPU, the CPU raises an exception error!
When an application needs to perform an operation that requires
access to the CPU – which is only accessible from ring 0 – the
application needs to send a request to the OS. The OS then executes
the instruction on behalf of the application by using system calls.
8
9. SECURITY ENGINEERING
Computer Architecture
• Domains
• Layering & Data Hiding
• Virtual Machines
• A virtual machine is a simulated real machine
environment created to simultaneously run multiple
applications on a computer.
• Additional Storage Devices
• Input/Output Device Management
9
10. SECURITY ENGINEERING
• System Architecture
Defined Subset of Subjects and Objects
Trusted Computing Base (TCB)
Originated from the Orange Book and deals with the protection
mechanisms within a computer. It addresses hardware, software,
and firmware.
Security Perimeter
It delineates the trusted and the untrusted components within a
computer system.
Reference Monitor
The reference monitor is an abstract machine concept that
mediates all access between subjects and objects.
Security Kernel
The Security kernel enforces the reference monitor concept.
Must facilitate isolation of processes
Must be invoked at every access attempt.
Must be small enough to be tested and verified in a
comprehensive manner.
Security Policy – a set of rules on how resources are
managed within a computer system.
Least Privilege – one process has no more privileges
than it needs.
10
11. SECURITY ENGINEERING
• Security Models
The function of a Security Model is to
Map the abstract goals of a security policies to an information
system.
Specify mathematical formulae and data structures for
implementing security policy goals.
While a security policy states goals without specifying how to
accomplish them, a security model specifies a framework to
implement these goals.
An organization can use different types of security models.
However, it is very important for security personnel to
understand the different security models to protect the
organization’s resources.
For example the security model that a military organization
uses is quite different from that of a commercial entity, due
to the variations in the types of data.
Security Model can be formal when it is based on pure
mathematical implementation of security policies and assure
high security. For example in military systems, air controller
systems, etc.
Security Model is informal when it merely describes how to
11
12. SECURITY ENGINEERING
Enterprise Security Architecture (ESA)
Implements the building blocks of information
security infrastructure across the entire
organization.
It focuses on a strategic design for a set of
security services that can be leveraged by
multiple applications, systems, or business
processes
Key goals and objectives of an ESA includes,
Long term view of controls
A unified vision for common security controls
Leverages existing technology investments
12
13. SECURITY ENGINEERING
Common Security Services
Boundary control services – firewalls, border
routers, etc.
Access control services – authentication, SSO,
etc.
Integrity services – antivirus, content filtering,
file integrity services, etc.
Cryptographic services – encryption services, PKI,
etc
Audit and monitoring services – log collection
and management, analytics (SEIM – Security Event
13
14. SECURITY ENGINEERING
Security Zones of Control
Area or grouping within which a defined set of
security policies and measures are applied to
achieve a specific level of security.
Ensures that systems in a more secured zone do
not leak through to a less secured zone.
Zones are tightly controlled with mechanisms
such as firewalls, authentication services,
proxies, etc.
14
15. SECURITY ENGINEERING
Common Architecture Frameworks
An architecture framework is a structure that
can further be used to develop a broad range of
architectures.
It describes a method of designing an
integrated set of systems or system
components.
It may include a set of recommended standards
and operational practices.
15
16. SECURITY ENGINEERING
Zachman Framework
Developed as a common context for
understanding complex architectures.
Allows for the communication and collaboration
of all entities in the development of
architectures.
It provides a logical structure for integrating the
plan, design, and build aspects of an
architecture.
16
18. SECURITY ENGINEERING
Sherwood Applied Business Security
Architecture (SABSA) Framework
A holistic lifecycle for developing a security
architecture that considers business
requirements.
It creates a chain of traceability through the
phases of strategy, concept, design,
implementation, and metric.
18
19. SECURITY ENGINEERING
The Open Group Architecture Framework
(TOGAF)
It is an open framework for organizations
to design and build enterprise
architectures.
It provides an architecture development
method that describes the step-by-step
process.
19
20. SECURITY ENGINEERING
IT Infrastructure Library (ITIL)
Developed by the Central Computer and
Telecommunications Agency (CCTA), an agency
under the British Government.
ITIL defines the organizational structure and
skill requirements and operational procedures
with practices that direct IT operations and
infrastructure, including security.
What sets ITIL apart is the strong focus on
end-to-end service delivery and management.
20
21. SECURITY ENGINEERING
Types of Security Models
State Machine Model.
Multilevel Lattice Model
Non-interference Model
Information Flow Model
21
22. SECURITY ENGINEERING
•Security Models
State Machine Models
The Bell-LaPadula Model
The Biba Model
The Clark-Wilson Model
The Brewer & Nash Model
Take-Grant Model
Access Control Matrix
The Graham-Denning Model
The Information Flow Model
The Non-Interference Model
The Harrison-Ruzzo-Ulman Model 22
23. SECURITY ENGINEERING
Security Models
State Machine Models
The state of a system is its snapshot at any
one particular moment. The state machine
model describes subjects, objects, and
sequences in a system. The focus of this
model is to capture the system’s state and
ensure its security.
When an object accepts input, the value of
the state variable is modified. For a subject to
access this object or modify the object value,
the subject should have appropriate access
rights.
State transitions refer to activities that alter a
systems state.
23
24. 24
SECURITY ENGINEERING
Confidentiality models:
Bell & LaPadula)
Developed by David Elliot Bell and Len
LaPadula
This model focuses on data confidentiality and
access to classified information.
A Formal Model developed for the DoD
multilevel security policy
This formal model divides entities in an
information system into subjects and objects.
Model is built on the concept of a state
machine with different allowable states (i.e.
Secure state)
25. 25
SECURITY ENGINEERING
Bell & LaPadula Confidentiality Model
Has 3 rules:
Simple Security Property – “no read up”
A subject cannot read data from a security
level higher than subject’s security level.
* Security Property – “no write down”
A subject cannot write data to a security level
lower than the subject’s security level.
Strong * Property – “no write up and no
read down”.
A subject with read/write privilege can
perform read/write functions only at the
subject’s security levels.
26. 26
SECURITY ENGINEERING
Integrity models (e.g., Biba, Clark and
Wilson)
Biba Integrity Model
Developed by Kenneth J. Biba in 1977 based on
a set of access control rules designed to ensure
data integrity
No subject can depend on an object of lesser
integrity
Based on a hierarchical lattice of integrity
levels
27. 27
SECURITY ENGINEERING
Biba Integrity Model
The Rules:
Simple integrity axiom – “no read down” – A
Subject cannot read data from an object of
lower integrity level.
* Integrity axiom – “no write up” – A Subject
cannot write data to an object at a higher
integrity level.
Invocation property – A subject cannot invoke
(call upon) subjects at a higher integrity level.
28. 28
SECURITY ENGINEERING
Commercial Models
Integrity models – Clark-Wilson Model
Model Characteristics:
Deals with all three integrity goals
Prevents unauthorized users from
making modifications
Prevents authorized users from making
improper modifications
Maintain internal and external
consistency – reinforces separation of
duties
29. 29
SECURITY ENGINEERING
Commercial Models – cont’d
Brewer-Nash Model – a.k.a. Chinese Wall
Developed to combat conflict of interest
Publish in 1989 to ensure fair competition
Defines a wall and a set of rules to ensure
that no subject accesses objects on the other
side of the wall
Way of separating competitors data within the
same integrated database
30. 30
SECURITY ENGINEERING
Commercial Models
Take-Grant Model
Model Characteristics
Mathematical framework used for granting
and revoking access rights
The take rule allows a subject to take the
rights of another subject
The grant rule allows a subject to grant
rights to another subject.
31. 31
SECURITY ENGINEERING
Commercial Models
Access Control Matrix Model (ACL)
Model Characteristics
Implemented using an Access Control List
Specifies access rights for each subject as it relates to objects
Two dimensional matrix representing subjects in rows and
objects in columnsSubjects &
Objects
Admin
Directory
Payroll
File
Pay Process
Kwame Read Read/Write None
Dan Read Read None
Angela Read Delete Execute
Juan Read Read/Write Execute
Lee Read Update Delete
32. 32
SECURITY ENGINEERING
Commercial Models
Graham Denning Model
Model Characteristics
Defines the commands that a subject
can execute to securely
Such as
Create and delete an object
Create and delete a subject
Provide read, grant, delete, and transfer access
rights
33. 33
SECURITY ENGINEERING
Information flow model
Model Characteristics:
Hold data in distinct compartments
Data is compartmentalized based on
classification and the need to know
Model seeks to eliminate covert channels
Model ensures that information always flows
from a low security level to a higher security
level and from a high integrity level to a low
integrity level.
Whatever component directly affects the flow
of information must dominate all components
involved with the flow of information
34. 34
SECURITY ENGINEERING
Noninterference Model
Model Characteristics:
Model ensures that actions at a higher
security level does not interfere with the
actions at a lower security level.
The goal of this model is to protect the state
of an entity at the lower security level by
actions at the higher security level so that
data does not pass through covert or timing
channels.
35. 35
SECURITY ENGINEERING
Harrison-Russo-Ulman Model
Model Characteristics
Harrison-Ruzzo-Ullman Model is a security
model that provides policies for changing
access rights and rights for the creation and
deletion of subjects and objects. It is generally
considered to be one of the more complex
security models.
36. SECURITY ENGINEERING
Security Modes of Operation
Dedicated Security Mode
Where all users have a clearance for, and a formal need
to know about, all data processed within a system.
System High-Security Mode
Where all users have security clearance to access
information but not necessarily a need to know all the
information processed on a system.
Compartmented Security Mode
Where all users have security clearance to access all the
information processed on a system in a high security
mode, but not the need to know or formal access
approval.
Multilevel Security Mode
When it permits two or more classification levels of
information to be processed at the same time when not
all users have the clearance or approval to access the info
being processed. All users must have the right approval
to access what they need to perform their duties.
Trust & Assurance
Trust levels give a customer how much protection is
being offered. This leads to the expectation of assurance
36
38. SECURITY ENGINEERING
Creating & Documenting Security
Architecture
Requirement capturing is paramount to
the architecture and design of every
system .
38
41. 41
SECURITY ENGINEERING
Trusted Computer Security Evaluation
Criteria (TCSEC)
Developed by the National Computer Security Center (NCSC) for the
DOD
Also known as the Orange Book
Based on the Bell-LaPadulla model (deals with only confidentiality)
Uses a hierarchically ordered series of evaluation classes
Fundamental Requirements
Security policy – evaluated to check if it is well-defined and enforced in
the system
Marking/Labels – evaluated to ensure availability of access control for
all objects
Identification – evaluated to check if all individual subjects are uniquely
identified.
Accountability – evaluated to check if security audit data is logged and
protected.
Life-cycle Assurance – evaluated by separately testing software,
hardware, and firmware to ascertain if they implement the security
policy.
Continuous protection – if designs support continuous protection.
43. 43
SECURITY ENGINEERING
Information Tech Security
Evaluation Criteria (ITSEC)
Created by some European nations in 1991
as a standard to evaluate security attributes
of computer systems
Evaluates functionality and assurance
separately
E1 to E6 for assurance
Functional levels of F1 to F10 are not
strictly required
44. 44
SECURITY ENGINEERING
Information Technology Security Evaluation
criteria (ITSEC):
Functionality ratings are
F1 to F5 – Maps to the TCSEC ratings C1 to A1
F6 - For systems that require high levels of integrity for data
and programs
F7 - For systems that require high levels of availability of their
functions
F8 - For systems that require high levels of data integrity
during communications
F9 - For systems that require high levels of data confidentiality
during communications
F10 – For networks that require high levels of data
confidentiality and integrity
45. 45
SECURITY ENGINEERING
Information Technology Security Evaluation Criteria (ITSEC):
Assurance ratings are
E0 – Indicates inadequate assurance and assigned to systems that fail to
meet the E1 criteria
E1 - Rating includes functional testing to verify if TOE meets its security
target
E2 - Includes the evaluation of testing evidence, configuration controls, and
distribution processes
E3 - Evaluates the source code and hardware drawings of the security
mechanism and also the testing of the mechanisms.
E4 - Verifies the availability of a formal model of the security policy. Also
verifies semiformal specifications of security mechanisms, architectural
design and detailed design
E5 - Evaluates whether there is close correspondence between the detailed
design and the source code or hardware drawings
E6 – Verifies whether the security mechanisms and the architectural design
are consistent with the security policy
47. 47
SECURITY ENGINEERING
Common Criteria (CC)
ISO Standard created in 1993 for global security evaluation
Made up from TCSEC, ITSEC, and the Canadian version
Components
Protection profile
a set of security requirements and objectives for the system
A Protection Profile consists of
Descriptive elements – contains the name of the profile and the
description of the security problem to solved.
Rationale – justifies the profile and provides a detailed description of
the real-world problems that need to be solved.
Functional requirements – establishes a protection boundary that the
product must provide.
Development assurance requirements – Identify the requirements for
the various development phases of the product.
Evaluation assurance requirements – establish the type and intensity
of the evaluation.
49. 49
SECURITY ENGINEERING
Common Criteria (CC) Ratings
Rated as Evaluation Assurance Level (EAL) 1 through 7
EAL 1 – Functionally tested
EAL 2 – Structurally tested
EAL 3 – Methodically tested and checked
EAL 4 – Methodically designed, tested, and reviewed
EAL 5 – Semi formally designed and tested
EAL 6 – Semi-formally verified designed and tested
EAL 7 – Formally verified designed and tested
50. SECURITY ENGINEERING
Industry & International Security
Implementation Guidelines
ISO/IEC 27001 and 27002 Security Standards
Control Objectives for Information & Related
Technology (COBIT)
Payment Card Industry Data Security Standard
(PCI-DSS)
50
51. GOOD LUCK!
ASM EDUCATIONAL CENTER INC. (ASM)
WHERE TRAINING, TECHNOLOGY & SERVICE CONVE
RGE
WWW.ASMED.COM
PHONE: (301)984-7400
51