cissp chapter 05.ppt

6,677 views

Published on

cissp chapter 05.ppt

  1. 1. The CISSP Prep Guide Chapter 5 Security Architecture and Models The CISSP® Prep Guide: Mastering the Ten Domains of Computer Security by Ronald L. Krutz, Russell Dean Vines (August 24, 2001), John Wiley & Sons. ISBN: 0471413569
  2. 2. Topics in Chapter 5 • Computer Organization • Hardware Components • Software/Firmware Components • Open Systems • Distributed Systems • Protection Mechanism • Evaluation Criteria
  3. 3. Topics in Chapter 5 • Certification and Accreditation • Formal Security Models • Confidentiality Models • Integrity Models • Information Flow Models
  4. 4. Computer Architecture • CPU – ALU and Control Unit • Memory – Cache, RAM, PLD, ROM, Real/Primary and Secondary memory, Sequential and Random Access Memory, Virtual Memory – Addressing: Register, Direct, Absolute, Implied, Indirect Addressing – Memory Protection
  5. 5. Instruction Execution Cycle • Privileged Instructions • Pipelining • CISC versus RISC • Multiprogramming • Multitasking • Multiprocessing
  6. 6. Input/Output Structures • Instruction Fetch-Decode-Execute Cycle • Direct Memory Access • Interruption
  7. 7. Software • 1GL - Machine language • 2GL - Assembly language • 3GL - High Level Programming language • 4GL - NATURAL, FOCUS, SQL • 5GL – Natural Language
  8. 8. Distributed Architecture • Client-Server Model • Security Concerns – Email – Telnet, FTP – Encryption
  9. 9. Distributed Architecture Security Concerns • Desktop Systems may be at risk of being exposed, and as entry for critical information • Users may lack security awareness • Modem and dial-up access to corporate network • Download or Upload of critical information • Lack of proper backup or disaster recovery
  10. 10. For Protection Mechanisms • Email and download/upload policies • Robust access control and biometrics • Graphical user interface mechanism • File encryption • Separation of privileged process and others • Protection domain, disks, systems, laptops • Labeling and classification
  11. 11. For Protection Mechanisms • Centralized backup for desktop systems • Security awareness and regular training • Control of software on desktop systems • Encryption • Logging of transaction and transmission • Appropriate access controls • Protection of applications and database
  12. 12. For Protection Mechanisms • Security Formal methods in Software Development, Change Control, Configuration Management, and Environmental Change • Disaster Recovery and Business Continuity Planning, for all systems including desktop, file system and storages, database and applications, data and information
  13. 13. Protected Mechanisms • Trusted Computing Base (TCB) • Security Perimeter • Trusted Path • Trusted Computer System • Abstraction, Encapsulation, and Information Hiding
  14. 14. Rings • Protection Rings • Security Kernel • Reference Model • MULTICS
  15. 15. Security Modes • Dedicated • Compartmented • Controlled • Limited Access
  16. 16. Additional Considerations • Covert Channel • Lack of Parameter Checking • Maintenance Hook and Trapdoor • Time of Check to Time of Use (TOC/TOU) Attack
  17. 17. Assurance • Evaluation Criteria – TCSEC by NCSC Trusted Computer System Evaluation Criteria – Classes of Security • D – Minimal protection • C – Discretionary protection (C1 and C2) • B – Mandatory protection (B1, B2, B3) • A – Verified protection; formal methods (A1) – ITSEC
  18. 18. Certification and Accreditation • Certification – The comprehensive evaluation of the technical and non-technical security features of an information system and the other safeguards, which are created in support of the accreditation process, to establish the extent in which a particular design and implementation meets the set of specified security
  19. 19. Certification and Accreditation • Accreditation – A formal declaration by a Designated Approving Authority (DAA) where an information system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk
  20. 20. Certification and Accreditation • DITSCAP – Defense Information Technology Security Certification and Accreditation Process – Phase 1 Definition – Phase 2 Verification – Phase 3 Validation – Phase 4 Post Accreditation
  21. 21. • NIACAP – National Information Technology Security Certification and Accreditation Process – Site Accreditation – Type Accreditation for Application or System – System Accreditation for major application or general support system
  22. 22. Information Security Models • Access Control Models – The Access Matrix – Take-Grant Model – Bell-LaPadula Model • Integrity Models – The Biba Integrity Model – The Clark-Wilson Integrity Model • Information Flow Models – Non-interference Model – Composition Theories
  23. 23. Bell-LaPadula Model • DoD, Multilevel security policy – Individual’s Need-to-Know Basis – Security-labeled Materials and – Clearance of Confidential, Secret, or Top Secret – Thus dealing only with confidentiality of classified material, but not with integrity or availability – Input, State, Function and State Transition
  24. 24. Bell-LaPadula Model 1. The Simple Security Property (ss Property). States that reading of information by a subject at a lower sensitivity level from an object at a higher level is not permitted (No Read Up)
  25. 25. Bell-LaPadula Model 2. The * (star) Security Property States that writing of information by a subject at a higher level of sensitive to an object at a lower level of sensitivity is not permitted. (No Write Down)
  26. 26. Bell-LaPadula Model 3. The Discretionary Security Property Uses an access matrix to specify discretionary access control But Write-Up, Read-Down are OK. • Authorization • Control – Content-Dependent, Context-Dependent
  27. 27. Integrity Model • Goals 1. The data is protected from modification by unauthorized users 2. The data is protected from unauthorized modification by authorized users 3. The data is internally and externally consistent – the data held in a database must balance internally and must correspond to the external, real-world situation.
  28. 28. Biba Integrity Model • In 1977, lattice-based model • Using “less than” or “equal to” relationship • least upper bound (LUB) and greatest lower bound (GLB) • The Lattice as a set of integrity classes (IC) and an ordered relationship among classes • A Lattice as (IC, <=, LUB, GUB)
  29. 29. Biba Integrity Model 1. The Simple Integrity Axiom States that a subject at one level of integrity is not permitted to observe (read) an object of a lower integrity No Read Down
  30. 30. Biba Integrity Model 2. The * (Star) Integrity Axiom, States that an object at one level of integrity is not permitted to modify (write to) an object of a higher level of integrity. No Write Up
  31. 31. Biba Integrity Model 3. A subject at one level of integrity cannot invoke a subject at a higher level of integrity
  32. 32. Clark-Wilson Integrity Model • Clark-Wilson, 1987 • Constrained Data Item (CDI) – A Data item whose integrity is to be preserved • Integrity Verification Procedure (IVP) – Confirms that all CDIs through a well-formed transaction, which transforms a CDI from one valid integrity state to another valid integrity state • Unconstrained Data Item (UDI) – Data items outside of the control area of the modeled environment such as input information

×