SlideShare a Scribd company logo

3 securityarchitectureandmodels-120331064706-phpapp01

Download as PPT, PDF
wardell henley
wardell henley

This document discusses security architecture and models, including differences between commercial and government security requirements. It covers security evaluation criteria, security practices for the Internet, technical platforms in terms of hardware/software, and system security techniques like preventative, detective and corrective controls. The document also describes the layered approach to security architecture.

Technology
1 of 35
Security Architecture andSecurity Architecture and ModelsModels
Security Architecture and ModelsSecurity Architecture and Models  Security models in terms of confidentiality, integrity, andSecurity models in terms of confidentiality, integrity, and information flowinformation flow  Differences between commercial and government securityDifferences between commercial and government security requirementsrequirements  The role of system security evaluation criteria such asThe role of system security evaluation criteria such as TCSEC, ITSEC, and CCTCSEC, ITSEC, and CC  Security practices for the Internet (IETF IPSec)Security practices for the Internet (IETF IPSec)  Technical platforms in terms of hardware, firmware, andTechnical platforms in terms of hardware, firmware, and softwaresoftware  System security techniques in terms of preventative,System security techniques in terms of preventative, detective, and corrective controlsdetective, and corrective controls
The Layered ApproachThe Layered Approach
The Architectures  Platform Architecture  Operating System Software and Utilities  Central Processing Unit (CPU) States  Memory Management Overview  Input/Output Devices  Storage Devices • Operating System  Multitasking - Systems allow a user to perform more than one computer Task, such as the operation of an application program at the same time  Multithreading - The ability of a program or an operating system process to manage its use by more than one user at a time and to even manage multiple requests by the same user without having to have multiple copies of the programming running in the computer
The Architectures Cont…  Operating System • Multiprogramming system - System that allows for the interleaved execution of two or more programs by a processor • Multiprocessing - The coordinated processing of two or more programs by a processor that contains parallel processors  CPU States • Run - The CPU is executing instructions for the current process • Wait - The process is waiting for a defined event to occur, such as retrieving data from a hard disk • Sleep - The process is suspended and waiting for its next time slice in the CPU, or a given event to occur such as an alarm • Masked/interruptible state - Interrupts are implemented to allow system events to be synchronized. For example, if the masked bit is not set, the interruption is disabled (masked off)
The Architectures Cont…  MemoryMemory Random Access Memory (RAM)  Dynamic Random Access Memory (DRAM)  Extended Data Output RAM (EDO RAM)  Synchronous DRAM (SDRAM)  Double Data Rate SDRAM (DDR SDRAM)  Burst Extended Data Output DRAM (BEDO DRAM) Read-Only Memory (ROM)  Programmable Read-Only Memory (PROM)  Erasable and Programmable Read-Only Memory (EPROM)  Electrically Erasable Programmable Read-Only Memory (EEPROM) Flash Memory
The Architectures Cont…  StorageStorage • Primary - Main memory directly accessible to the CPU • Secondary - Nonvolatile storage medium • Real - A program is given a definite storage location in memory • Virtual - The ability to extend the apparent size of RAM • Volatile - RAM • Nonvolatile – ROM and Secodary storage devices • Write-Once Read Memory -
The Architectures Cont…  Network Environment - A data communication system allowing a number of devices to communicate with each other • Local Environment • Shared Environment • Security Environments • Dedicated security mode -processing of one particular type or classification of information • System high-security mode – system hardware/software is only trusted to provide need-to-know protection between users • Multi-level security mode - allows two or more classification levels • Controlled mode - type of multi-level security in which a more limited amount of trust • Compartmentalized security mode - process two or more types of compartmented information  Enterprise Architecture - Systematically derived and captured structural descriptions
Related DefinitionsRelated Definitions  Access control - Prevention of unauthorized use orAccess control - Prevention of unauthorized use or misuse of a systemmisuse of a system  ACL - Access control listACL - Access control list  Access Mode - An operation on an object recognized byAccess Mode - An operation on an object recognized by the security mechanisms - think read, write or executethe security mechanisms - think read, write or execute actions on filesactions on files  Accountability- Actions can be correlated to an entityAccountability- Actions can be correlated to an entity  Accreditation - Approval to operate in a given capacity inAccreditation - Approval to operate in a given capacity in a given environmenta given environment  Asynchronous attack - An attack exploiting the timeAsynchronous attack - An attack exploiting the time lapse between an attack action and a system reactionlapse between an attack action and a system reaction
Related Definitions Cont…Related Definitions Cont…  Audit trail - Records that document actions on or againstAudit trail - Records that document actions on or against a systema system  Bounds Checking - Within a program, the process ofBounds Checking - Within a program, the process of checking for references outside of declared limits. Whenchecking for references outside of declared limits. When bounds checking is not employed, attacks such as bufferbounds checking is not employed, attacks such as buffer overflows are possibleoverflows are possible  Compartmentalization - Storing sensitive data in isolatedCompartmentalization - Storing sensitive data in isolated blocksblocks  Configuration Control - management and control ofConfiguration Control - management and control of changes to a system’s hardware, firmware, software,changes to a system’s hardware, firmware, software, and documentationand documentation  confinement - Ensuring data cannot be abused when aconfinement - Ensuring data cannot be abused when a process is executing a borrowed program and has someprocess is executing a borrowed program and has some access to that dataaccess to that data
Related Definitions Cont…Related Definitions Cont…  Contamination – Corruption of data of varyingContamination – Corruption of data of varying classification levelsclassification levels  Correctness Proof - Mathematical proof of consistencyCorrectness Proof - Mathematical proof of consistency between a specification and implementationbetween a specification and implementation  Countermeasure - anything that neutralizes vulnerabilityCountermeasure - anything that neutralizes vulnerability  Covert Channel - A communication channel that allowsCovert Channel - A communication channel that allows cooperating processes to transfer information in a waycooperating processes to transfer information in a way that violates a system’s security policythat violates a system’s security policy • covert storage channel involves memory shared bycovert storage channel involves memory shared by processesprocesses • covert timing channel involves modulation of systemcovert timing channel involves modulation of system resource usage (like CPU time)resource usage (like CPU time)
Related Definitions Cont…Related Definitions Cont…  Criticality - Importance of system to missionCriticality - Importance of system to mission  Cycle - One cycle consists of writing a zero, then a 1 inCycle - One cycle consists of writing a zero, then a 1 in every possible locationevery possible location  Data Contamination - Deliberate or accidental change inData Contamination - Deliberate or accidental change in the integrity of datathe integrity of data  Discretionary Access Control - An entity with accessDiscretionary Access Control - An entity with access privileges can pass those privileges on to other entitiesprivileges can pass those privileges on to other entities  Mandatory Access control - Requires that access controlMandatory Access control - Requires that access control policy decisions are beyond the control of the individualpolicy decisions are beyond the control of the individual owner of an object (think military security classification)owner of an object (think military security classification)
Related Definitions Cont…Related Definitions Cont…  DoD Trusted Computer System Evaluation CriteriaDoD Trusted Computer System Evaluation Criteria (TCSEC) - orange book(TCSEC) - orange book  Firmware - software permanently stored in hardwareFirmware - software permanently stored in hardware device (ROM, read only memory)device (ROM, read only memory)  Formal Proof - Mathematical argumentFormal Proof - Mathematical argument  Hacker/Cracker – Individual who cause DamageHacker/Cracker – Individual who cause Damage  Logic bomb - An unauthorized action triggered by aLogic bomb - An unauthorized action triggered by a system statesystem state  Malicious logic - Evil hardware, software, or firmwareMalicious logic - Evil hardware, software, or firmware included by malcontents for malcontentsincluded by malcontents for malcontents
Related Definitions Cont…Related Definitions Cont…  Principle of Least Privilege - Every entity grantedPrinciple of Least Privilege - Every entity granted least privileges necessary to perform assigned tasksleast privileges necessary to perform assigned tasks  Memory bounds - The limits in a range of storageMemory bounds - The limits in a range of storage addresses for a protected memory regionaddresses for a protected memory region  Piggy Back - Unauthorized system via another’sPiggy Back - Unauthorized system via another’s authorized access (shoulder surfing is similar)authorized access (shoulder surfing is similar)  Privileged Instructions - Set of instructions generallyPrivileged Instructions - Set of instructions generally executable only when system is operating inexecutable only when system is operating in executive stateexecutive state  Reference Monitor - A security control which controlsReference Monitor - A security control which controls subjects’ access to resources - an example is thesubjects’ access to resources - an example is the security kernel for a given hardware basesecurity kernel for a given hardware base
Related Definitions Cont…Related Definitions Cont…  Resource - Anything used while a system is functioningResource - Anything used while a system is functioning (eg CPU time, memory, disk space)(eg CPU time, memory, disk space)  Resource encapsulation - Property which statesResource encapsulation - Property which states resources cannot be directly accessed by subjectsresources cannot be directly accessed by subjects because subject access must be controlled by thebecause subject access must be controlled by the reference monitorreference monitor  Security Kernel - Hardware/software/firmware elementsSecurity Kernel - Hardware/software/firmware elements of the Trusted Computing Base - security kernelof the Trusted Computing Base - security kernel implements the reference monitor conceptimplements the reference monitor concept  Trusted Computing Base - From the TCSEC, the portionTrusted Computing Base - From the TCSEC, the portion of a computer system which contains all elements of theof a computer system which contains all elements of the system responsible for supporting the security policy andsystem responsible for supporting the security policy and supporting the isolation of objects on which thesupporting the isolation of objects on which the protection is based -follows the reference monitorprotection is based -follows the reference monitor conceptconcept
Related Definitions Cont…Related Definitions Cont…  TCSEC - Trusted Computer Security Evaluation CriteriaTCSEC - Trusted Computer Security Evaluation Criteria - Evaluation Guides other than the Orange Book- Evaluation Guides other than the Orange Book  ITSEC - Information Technology Security EvaluationITSEC - Information Technology Security Evaluation Criteria (European)Criteria (European)  CTCPEC - Canadian Trusted Computer ProductCTCPEC - Canadian Trusted Computer Product Evaluation CriteriaEvaluation Criteria  CC - Common CriteriaCC - Common Criteria
Related Definitions Cont…Related Definitions Cont…  Trusted SystemTrusted System • follows from TCBfollows from TCB • A system that can be expected to meet users’A system that can be expected to meet users’ requirements for reliability, security, effectiveness duerequirements for reliability, security, effectiveness due to having undergone testing and validationto having undergone testing and validation  System AssuranceSystem Assurance • the trust that can be placed in a system, and thethe trust that can be placed in a system, and the trusted ways the system can be proven to have beentrusted ways the system can be proven to have been developed, tested, maintained, etc.developed, tested, maintained, etc.
TCB Levels (from TCSEC)TCB Levels (from TCSEC)  D - Minimal protectionD - Minimal protection  C - Discretionary ProtectionC - Discretionary Protection • C1 cooperative users who can protect their own infoC1 cooperative users who can protect their own info • C2 more granular DAC, has individual accountabilityC2 more granular DAC, has individual accountability  B - Mandatory ProtectionB - Mandatory Protection • B1 Labeled Security ProtectionB1 Labeled Security Protection • B2 Structured ProtectionB2 Structured Protection • B3 Security DomainsB3 Security Domains  A - Verified ProtectionA - Verified Protection • A1 Verified DesignA1 Verified Design
Related Definitions Cont…Related Definitions Cont…  Virus - program that can infect other programsVirus - program that can infect other programs  Worm - program that propagates but doesn’t necessarilyWorm - program that propagates but doesn’t necessarily modify other programsmodify other programs  Bacteria or rabbit - programs that replicate themselves toBacteria or rabbit - programs that replicate themselves to overwhelm system resourcesoverwhelm system resources  Back Doors - trap doors - allow unauthorized access toBack Doors - trap doors - allow unauthorized access to systemssystems  Trojan horse - malicious program masquerading as aTrojan horse - malicious program masquerading as a benign programbenign program
The Security KernelThe Security Kernel
General Operating System Protection  User identification and authentication  Mandatory access control  Discretionary access control  Complete mediation  Object reuse protection  Audit  Protection of audit logs  Audit log reduction  Trusted path  Intrusion detection
Network Protection  Hash totals  Recording of sequence checking  Transmission logging  Transmission error correction  Invalid login, modem error, lost connections, CPU failure, disk error, line error, etc.  Retransmission control
The BIG ThreeThe BIG Three  ConfidentialityConfidentiality • Unauthorized users cannot access dataUnauthorized users cannot access data  IntegrityIntegrity • Unauthorized users cannot manipulate/destroy dataUnauthorized users cannot manipulate/destroy data  AvailabilityAvailability • Unauthorized users cannot make system resourcesUnauthorized users cannot make system resources unavailable to legitimate usersunavailable to legitimate users
Security ModelsSecurity Models Bell-LaPadulaBell-LaPadula BibaBiba Clark & WilsonClark & Wilson Non-interferenceNon-interference State machineState machine Access MatrixAccess Matrix Information flowInformation flow
Bell-LaPadulaBell-LaPadula  A state machine model capturing the confidentialityA state machine model capturing the confidentiality aspects of access controlaspects of access control
Biba Integrity ModelBiba Integrity Model  The Biba integrity model mathematically describes read and write restrictions based on integrity access classes of subjects and objects (Biba used the terms “integrity level” and “integrity compartments”)
Clark & Wilson ModelClark & Wilson Model  An Integrity Model, like BibaAn Integrity Model, like Biba  Addresses all 3 integrity goalsAddresses all 3 integrity goals • Prevents unauthorized users from makingPrevents unauthorized users from making modificationsmodifications • Maintains internal and external consistencyMaintains internal and external consistency • Prevents authorized users from making improperPrevents authorized users from making improper modificationsmodifications  T - cannot be Tampered with while being changedT - cannot be Tampered with while being changed  L - all changes must be LoggedL - all changes must be Logged  C - Integrity of data is ConsistentC - Integrity of data is Consistent
Clark & Wilson Model Cont…Clark & Wilson Model Cont…  Proposes “Well Formed Transactions”Proposes “Well Formed Transactions” • perform steps in orderperform steps in order • perform exactly the steps listedperform exactly the steps listed • authenticate the individuals who perform the stepsauthenticate the individuals who perform the steps  Calls for separation of dutyCalls for separation of duty  Well-formed transaction - The process and data items can be changed only by a specific set of trusted programs
More ModelsMore Models  Access matrix model - A state machine model for aAccess matrix model - A state machine model for a discretionary access control environmentdiscretionary access control environment  Information flow model - simplifies analysis of covertInformation flow model - simplifies analysis of covert channelschannels • A variant of the access control model • Attempts to control the transfer of information from one object into another object • helps to find covert channelshelps to find covert channels
More Models Cont…More Models Cont…  Noninterference model - Covers ways to preventNoninterference model - Covers ways to prevent subjects operating in one domain from affecting eachsubjects operating in one domain from affecting each other in violation of security policyother in violation of security policy  State machine model - Abstract mathematical modelState machine model - Abstract mathematical model consisting of state variables and transition functionsconsisting of state variables and transition functions  Chinese Wall Model – provides a model for access rulesChinese Wall Model – provides a model for access rules in a consultancy business where analysts have to makein a consultancy business where analysts have to make sure that no conflicts of interest arisesure that no conflicts of interest arise  Lattice Model - The higher up in secrecy, the moreLattice Model - The higher up in secrecy, the more constraints on the data; the lower in secrecy, the lessconstraints on the data; the lower in secrecy, the less constraints on the dataconstraints on the data
Certification & AccreditationCertification & Accreditation  Procedures and judgements to determine the suitabilityProcedures and judgements to determine the suitability of a system to operate in a target operationalof a system to operate in a target operational environmentenvironment  Certification considers system in operationalCertification considers system in operational environmentenvironment  Accreditation is the official management decision toAccreditation is the official management decision to operate a systemoperate a system
IPSECIPSEC  IETF updated 1997, 1998IETF updated 1997, 1998  Addresses security at IP layerAddresses security at IP layer  Key goals:Key goals: • authenticationauthentication • encryptionencryption  ComponentsComponents • IP Authentication Header (AH)IP Authentication Header (AH) • Encapsulating Security Payload (ESP)Encapsulating Security Payload (ESP) • Both are vehicles for access controlBoth are vehicles for access control • Key management via ISAKMPKey management via ISAKMP
Network/Host Security ConceptsNetwork/Host Security Concepts  Security Awareness ProgramSecurity Awareness Program  CERT/CIRTCERT/CIRT  Errors of omission vs. correctionErrors of omission vs. correction  physical securityphysical security  dial-up securitydial-up security  Host vs. network security controlsHost vs. network security controls  WrappersWrappers  Fault ToleranceFault Tolerance
TEMPESTTEMPEST  Electromagnetic shielding standardElectromagnetic shielding standard  Mostly for DoD communication EquipmentsMostly for DoD communication Equipments  Currently not widely usedCurrently not widely used  See “accreditation” - i.e. acceptance of riskSee “accreditation” - i.e. acceptance of risk
??

Recommended

Kernel security Concepts
Kernel security ConceptsKernel security Concepts
Kernel security Concepts
Mohit Saxena
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Analyzing Kernel Security and Approaches for Improving it
Analyzing Kernel Security and Approaches for Improving itAnalyzing Kernel Security and Approaches for Improving it
Analyzing Kernel Security and Approaches for Improving it
Milan Rajpara
 
RTOS Basic Concepts
RTOS Basic ConceptsRTOS Basic Concepts
RTOS Basic Concepts
Pantech ProLabs India Pvt Ltd
 
RTOS for Embedded System Design
RTOS for Embedded System DesignRTOS for Embedded System Design
RTOS for Embedded System Design
anand hd
 
How to Measure RTOS Performance
How to Measure RTOS Performance How to Measure RTOS Performance
How to Measure RTOS Performance
mentoresd
 
OS_Ch2
OS_Ch2OS_Ch2
OS_Ch2Supriya Shrivastava
 
Security models
Security models Security models
Security models
LJ PROJECTS
 

Recommended

Kernel security Concepts
Kernel security ConceptsKernel security Concepts
Kernel security Concepts
Mohit Saxena
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Analyzing Kernel Security and Approaches for Improving it
Analyzing Kernel Security and Approaches for Improving itAnalyzing Kernel Security and Approaches for Improving it
Analyzing Kernel Security and Approaches for Improving it
Milan Rajpara
 
RTOS Basic Concepts
RTOS Basic ConceptsRTOS Basic Concepts
RTOS Basic Concepts
Pantech ProLabs India Pvt Ltd
 
RTOS for Embedded System Design
RTOS for Embedded System DesignRTOS for Embedded System Design
RTOS for Embedded System Design
anand hd
 
How to Measure RTOS Performance
How to Measure RTOS Performance How to Measure RTOS Performance
How to Measure RTOS Performance
mentoresd
 
OS_Ch2
OS_Ch2OS_Ch2
OS_Ch2Supriya Shrivastava
 
Security models
Security models Security models
Security models
LJ PROJECTS
 
Services and system calls
Services and system callsServices and system calls
Services and system calls
sangrampatil81
 
How to choose an RTOS?
How to choose an RTOS?How to choose an RTOS?
How to choose an RTOS?
Rohit Choudhury
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating Systemvivek223
 
Rtos by shibu
Rtos by shibuRtos by shibu
Rtos by shibu
Shibu Krishnan
 
Real time operating system
Real time operating systemReal time operating system
Real time operating system
Pratik Hiremath
 
Real time operating-systems
Real time operating-systemsReal time operating-systems
Real time operating-systemskasi963
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
ghayour abbas
 
Rtos By Avanish Agarwal
Rtos By Avanish AgarwalRtos By Avanish Agarwal
Rtos By Avanish Agarwal
Avanish Agarwal
 
Real Time Operating Systems
Real Time Operating SystemsReal Time Operating Systems
Real Time Operating Systems
Murtadha Alsabbagh
 
Unit 4 Real Time Operating System
Unit 4 Real Time Operating SystemUnit 4 Real Time Operating System
Unit 4 Real Time Operating System
Dr. Pankaj Zope
 
Mis unit iii by arnav
Mis unit iii by arnavMis unit iii by arnav
Mis unit iii by arnav
Arnav Chowdhury
 
Real time operating systems (rtos) concepts 1
Real time operating systems (rtos) concepts 1Real time operating systems (rtos) concepts 1
Real time operating systems (rtos) concepts 1
Abu Bakr Ramadan
 
Operating system
Operating systemOperating system
Operating system
ADITHYAM19
 
Real-Time Operating Systems
Real-Time Operating SystemsReal-Time Operating Systems
Real-Time Operating Systems
Praveen Penumathsa
 
RTOS
RTOSRTOS
RTOS
Ramasubbu .P
 
Rtos ss
Rtos ssRtos ss
Rtos ssSudheesh S Madhav
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating System
Himanshu Choudhary
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
sohaildanish
 
Structure of operating system
Structure of operating systemStructure of operating system
Structure of operating systemRafi Dar
 
Chapter 9 security vulnerabilities, threats,and countermeasur
Chapter 9 security vulnerabilities, threats,and countermeasurChapter 9 security vulnerabilities, threats,and countermeasur
Chapter 9 security vulnerabilities, threats,and countermeasur
nand15
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
amiable_indian
 

More Related Content

What's hot

Services and system calls
Services and system callsServices and system calls
Services and system calls
sangrampatil81
 
How to choose an RTOS?
How to choose an RTOS?How to choose an RTOS?
How to choose an RTOS?
Rohit Choudhury
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating Systemvivek223
 
Rtos by shibu
Rtos by shibuRtos by shibu
Rtos by shibu
Shibu Krishnan
 
Real time operating system
Real time operating systemReal time operating system
Real time operating system
Pratik Hiremath
 
Real time operating-systems
Real time operating-systemsReal time operating-systems
Real time operating-systemskasi963
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
ghayour abbas
 
Rtos By Avanish Agarwal
Rtos By Avanish AgarwalRtos By Avanish Agarwal
Rtos By Avanish Agarwal
Avanish Agarwal
 
Real Time Operating Systems
Real Time Operating SystemsReal Time Operating Systems
Real Time Operating Systems
Murtadha Alsabbagh
 
Unit 4 Real Time Operating System
Unit 4 Real Time Operating SystemUnit 4 Real Time Operating System
Unit 4 Real Time Operating System
Dr. Pankaj Zope
 
Mis unit iii by arnav
Mis unit iii by arnavMis unit iii by arnav
Mis unit iii by arnav
Arnav Chowdhury
 
Real time operating systems (rtos) concepts 1
Real time operating systems (rtos) concepts 1Real time operating systems (rtos) concepts 1
Real time operating systems (rtos) concepts 1
Abu Bakr Ramadan
 
Operating system
Operating systemOperating system
Operating system
ADITHYAM19
 
Real-Time Operating Systems
Real-Time Operating SystemsReal-Time Operating Systems
Real-Time Operating Systems
Praveen Penumathsa
 
RTOS
RTOSRTOS
RTOS
Ramasubbu .P
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating System
Himanshu Choudhary
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
sohaildanish
 
Structure of operating system
Structure of operating systemStructure of operating system
Structure of operating systemRafi Dar
 
Chapter 9 security vulnerabilities, threats,and countermeasur
Chapter 9 security vulnerabilities, threats,and countermeasurChapter 9 security vulnerabilities, threats,and countermeasur
Chapter 9 security vulnerabilities, threats,and countermeasur
nand15
 

What's hot (20)

Services and system calls
Services and system callsServices and system calls
Services and system calls
 
How to choose an RTOS?
How to choose an RTOS?How to choose an RTOS?
How to choose an RTOS?
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating System
 
Rtos by shibu
Rtos by shibuRtos by shibu
Rtos by shibu
 
Real time operating system
Real time operating systemReal time operating system
Real time operating system
 
Real time operating-systems
Real time operating-systemsReal time operating-systems
Real time operating-systems
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
Rtos By Avanish Agarwal
Rtos By Avanish AgarwalRtos By Avanish Agarwal
Rtos By Avanish Agarwal
 
Real Time Operating Systems
Real Time Operating SystemsReal Time Operating Systems
Real Time Operating Systems
 
Unit 4 Real Time Operating System
Unit 4 Real Time Operating SystemUnit 4 Real Time Operating System
Unit 4 Real Time Operating System
 
Mis unit iii by arnav
Mis unit iii by arnavMis unit iii by arnav
Mis unit iii by arnav
 
Real time operating systems (rtos) concepts 1
Real time operating systems (rtos) concepts 1Real time operating systems (rtos) concepts 1
Real time operating systems (rtos) concepts 1
 
Operating system
Operating systemOperating system
Operating system
 
Real-Time Operating Systems
Real-Time Operating SystemsReal-Time Operating Systems
Real-Time Operating Systems
 
RTOS
RTOSRTOS
RTOS
 
Rtos ss
Rtos ssRtos ss
Rtos ss
 
Real Time Operating System
Real Time Operating SystemReal Time Operating System
Real Time Operating System
 
System protection in Operating System
System protection in Operating SystemSystem protection in Operating System
System protection in Operating System
 
Structure of operating system
Structure of operating systemStructure of operating system
Structure of operating system
 
Chapter 9 security vulnerabilities, threats,and countermeasur
Chapter 9 security vulnerabilities, threats,and countermeasurChapter 9 security vulnerabilities, threats,and countermeasur
Chapter 9 security vulnerabilities, threats,and countermeasur
 

Similar to 3 securityarchitectureandmodels-120331064706-phpapp01

3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
amiable_indian
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security PresentationWajahat Rajab
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
miki304759
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Operating Systems R20 Unit 1.pptx
Operating Systems R20 Unit 1.pptxOperating Systems R20 Unit 1.pptx
Operating Systems R20 Unit 1.pptx
Prudhvi668506
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
selvapriyabiher
 
list of all Functions of operating system.pptx
list of all Functions of operating system.pptxlist of all Functions of operating system.pptx
list of all Functions of operating system.pptx
ErAnjuBala
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
Seth Nurul
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected
Tripwire
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
Alain Charpentier
 
Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
Andrey Bogdanov, Dmitry Khovratovich, and Christian RechbergerAndrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
Information Security Awareness Group
 
SECURITY SOFTWARE RESOLIUTIONS (SSR) .docx
SECURITY SOFTWARE RESOLIUTIONS (SSR) .docxSECURITY SOFTWARE RESOLIUTIONS (SSR) .docx
SECURITY SOFTWARE RESOLIUTIONS (SSR) .docx
bagotjesusa
 
Firewalls
FirewallsFirewalls
Firewalls
Dr.Florence Dayana
 
chapter2.pptx
chapter2.pptxchapter2.pptx
chapter2.pptx
PardhisCreation
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
gocybersec
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
G Prachi
 
Chapter 2Controlling a ComputerChapter 2 OverviewOverv
Chapter 2Controlling a ComputerChapter 2 OverviewOvervChapter 2Controlling a ComputerChapter 2 OverviewOverv
Chapter 2Controlling a ComputerChapter 2 OverviewOverv
EstelaJeffery653
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdf
BabyBoy55
 

Similar to 3 securityarchitectureandmodels-120331064706-phpapp01 (20)

3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Operations Security Presentation
Operations Security PresentationOperations Security Presentation
Operations Security Presentation
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Operating Systems R20 Unit 1.pptx
Operating Systems R20 Unit 1.pptxOperating Systems R20 Unit 1.pptx
Operating Systems R20 Unit 1.pptx
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptxSystem Security Sem 2(Module 1).pptx
System Security Sem 2(Module 1).pptx
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
list of all Functions of operating system.pptx
list of all Functions of operating system.pptxlist of all Functions of operating system.pptx
list of all Functions of operating system.pptx
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected"Backoff" Malware: How to Know If You're Infected
"Backoff" Malware: How to Know If You're Infected
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
 
Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
Andrey Bogdanov, Dmitry Khovratovich, and Christian RechbergerAndrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger
 
SECURITY SOFTWARE RESOLIUTIONS (SSR) .docx
SECURITY SOFTWARE RESOLIUTIONS (SSR) .docxSECURITY SOFTWARE RESOLIUTIONS (SSR) .docx
SECURITY SOFTWARE RESOLIUTIONS (SSR) .docx
 
Firewalls
FirewallsFirewalls
Firewalls
 
chapter2.pptx
chapter2.pptxchapter2.pptx
chapter2.pptx
 
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
Chapter 2Controlling a ComputerChapter 2 OverviewOverv
Chapter 2Controlling a ComputerChapter 2 OverviewOvervChapter 2Controlling a ComputerChapter 2 OverviewOverv
Chapter 2Controlling a ComputerChapter 2 OverviewOverv
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdf
 

More from wardell henley

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdf
wardell henley
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdf
wardell henley
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdf
wardell henley
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdf
wardell henley
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdf
wardell henley
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdf
wardell henley
 
Mn bfdsprivacy
Mn bfdsprivacyMn bfdsprivacy
Mn bfdsprivacy
wardell henley
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp
wardell henley
 
It security cert_508
It security cert_508It security cert_508
It security cert_508
wardell henley
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paper
wardell henley
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_training
wardell henley
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen
wardell henley
 
Soa security2
Soa security2Soa security2
Soa security2
wardell henley
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178
wardell henley
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20security
wardell henley
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandards
wardell henley
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguide
wardell henley
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Management
wardell henley
 
oracle EBS
oracle EBSoracle EBS
oracle EBS
wardell henley
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper
wardell henley
 

More from wardell henley (20)

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdf
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdf
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdf
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdf
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdf
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdf
 
Mn bfdsprivacy
Mn bfdsprivacyMn bfdsprivacy
Mn bfdsprivacy
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp
 
It security cert_508
It security cert_508It security cert_508
It security cert_508
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paper
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_training
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen
 
Soa security2
Soa security2Soa security2
Soa security2
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20security
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandards
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguide
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Management
 
oracle EBS
oracle EBSoracle EBS
oracle EBS
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper
 

Recently uploaded

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 

Recently uploaded (20)

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 

3 securityarchitectureandmodels-120331064706-phpapp01

  • 1. Security Architecture andSecurity Architecture and ModelsModels
  • 2. Security Architecture and ModelsSecurity Architecture and Models  Security models in terms of confidentiality, integrity, andSecurity models in terms of confidentiality, integrity, and information flowinformation flow  Differences between commercial and government securityDifferences between commercial and government security requirementsrequirements  The role of system security evaluation criteria such asThe role of system security evaluation criteria such as TCSEC, ITSEC, and CCTCSEC, ITSEC, and CC  Security practices for the Internet (IETF IPSec)Security practices for the Internet (IETF IPSec)  Technical platforms in terms of hardware, firmware, andTechnical platforms in terms of hardware, firmware, and softwaresoftware  System security techniques in terms of preventative,System security techniques in terms of preventative, detective, and corrective controlsdetective, and corrective controls
  • 3. The Layered ApproachThe Layered Approach
  • 4. The Architectures  Platform Architecture  Operating System Software and Utilities  Central Processing Unit (CPU) States  Memory Management Overview  Input/Output Devices  Storage Devices • Operating System  Multitasking - Systems allow a user to perform more than one computer Task, such as the operation of an application program at the same time  Multithreading - The ability of a program or an operating system process to manage its use by more than one user at a time and to even manage multiple requests by the same user without having to have multiple copies of the programming running in the computer
  • 5. The Architectures Cont…  Operating System • Multiprogramming system - System that allows for the interleaved execution of two or more programs by a processor • Multiprocessing - The coordinated processing of two or more programs by a processor that contains parallel processors  CPU States • Run - The CPU is executing instructions for the current process • Wait - The process is waiting for a defined event to occur, such as retrieving data from a hard disk • Sleep - The process is suspended and waiting for its next time slice in the CPU, or a given event to occur such as an alarm • Masked/interruptible state - Interrupts are implemented to allow system events to be synchronized. For example, if the masked bit is not set, the interruption is disabled (masked off)
  • 6. The Architectures Cont…  MemoryMemory Random Access Memory (RAM)  Dynamic Random Access Memory (DRAM)  Extended Data Output RAM (EDO RAM)  Synchronous DRAM (SDRAM)  Double Data Rate SDRAM (DDR SDRAM)  Burst Extended Data Output DRAM (BEDO DRAM) Read-Only Memory (ROM)  Programmable Read-Only Memory (PROM)  Erasable and Programmable Read-Only Memory (EPROM)  Electrically Erasable Programmable Read-Only Memory (EEPROM) Flash Memory
  • 7. The Architectures Cont…  StorageStorage • Primary - Main memory directly accessible to the CPU • Secondary - Nonvolatile storage medium • Real - A program is given a definite storage location in memory • Virtual - The ability to extend the apparent size of RAM • Volatile - RAM • Nonvolatile – ROM and Secodary storage devices • Write-Once Read Memory -
  • 8. The Architectures Cont…  Network Environment - A data communication system allowing a number of devices to communicate with each other • Local Environment • Shared Environment • Security Environments • Dedicated security mode -processing of one particular type or classification of information • System high-security mode – system hardware/software is only trusted to provide need-to-know protection between users • Multi-level security mode - allows two or more classification levels • Controlled mode - type of multi-level security in which a more limited amount of trust • Compartmentalized security mode - process two or more types of compartmented information  Enterprise Architecture - Systematically derived and captured structural descriptions
  • 9. Related DefinitionsRelated Definitions  Access control - Prevention of unauthorized use orAccess control - Prevention of unauthorized use or misuse of a systemmisuse of a system  ACL - Access control listACL - Access control list  Access Mode - An operation on an object recognized byAccess Mode - An operation on an object recognized by the security mechanisms - think read, write or executethe security mechanisms - think read, write or execute actions on filesactions on files  Accountability- Actions can be correlated to an entityAccountability- Actions can be correlated to an entity  Accreditation - Approval to operate in a given capacity inAccreditation - Approval to operate in a given capacity in a given environmenta given environment  Asynchronous attack - An attack exploiting the timeAsynchronous attack - An attack exploiting the time lapse between an attack action and a system reactionlapse between an attack action and a system reaction
  • 10. Related Definitions Cont…Related Definitions Cont…  Audit trail - Records that document actions on or againstAudit trail - Records that document actions on or against a systema system  Bounds Checking - Within a program, the process ofBounds Checking - Within a program, the process of checking for references outside of declared limits. Whenchecking for references outside of declared limits. When bounds checking is not employed, attacks such as bufferbounds checking is not employed, attacks such as buffer overflows are possibleoverflows are possible  Compartmentalization - Storing sensitive data in isolatedCompartmentalization - Storing sensitive data in isolated blocksblocks  Configuration Control - management and control ofConfiguration Control - management and control of changes to a system’s hardware, firmware, software,changes to a system’s hardware, firmware, software, and documentationand documentation  confinement - Ensuring data cannot be abused when aconfinement - Ensuring data cannot be abused when a process is executing a borrowed program and has someprocess is executing a borrowed program and has some access to that dataaccess to that data
  • 11. Related Definitions Cont…Related Definitions Cont…  Contamination – Corruption of data of varyingContamination – Corruption of data of varying classification levelsclassification levels  Correctness Proof - Mathematical proof of consistencyCorrectness Proof - Mathematical proof of consistency between a specification and implementationbetween a specification and implementation  Countermeasure - anything that neutralizes vulnerabilityCountermeasure - anything that neutralizes vulnerability  Covert Channel - A communication channel that allowsCovert Channel - A communication channel that allows cooperating processes to transfer information in a waycooperating processes to transfer information in a way that violates a system’s security policythat violates a system’s security policy • covert storage channel involves memory shared bycovert storage channel involves memory shared by processesprocesses • covert timing channel involves modulation of systemcovert timing channel involves modulation of system resource usage (like CPU time)resource usage (like CPU time)
  • 12. Related Definitions Cont…Related Definitions Cont…  Criticality - Importance of system to missionCriticality - Importance of system to mission  Cycle - One cycle consists of writing a zero, then a 1 inCycle - One cycle consists of writing a zero, then a 1 in every possible locationevery possible location  Data Contamination - Deliberate or accidental change inData Contamination - Deliberate or accidental change in the integrity of datathe integrity of data  Discretionary Access Control - An entity with accessDiscretionary Access Control - An entity with access privileges can pass those privileges on to other entitiesprivileges can pass those privileges on to other entities  Mandatory Access control - Requires that access controlMandatory Access control - Requires that access control policy decisions are beyond the control of the individualpolicy decisions are beyond the control of the individual owner of an object (think military security classification)owner of an object (think military security classification)
  • 13. Related Definitions Cont…Related Definitions Cont…  DoD Trusted Computer System Evaluation CriteriaDoD Trusted Computer System Evaluation Criteria (TCSEC) - orange book(TCSEC) - orange book  Firmware - software permanently stored in hardwareFirmware - software permanently stored in hardware device (ROM, read only memory)device (ROM, read only memory)  Formal Proof - Mathematical argumentFormal Proof - Mathematical argument  Hacker/Cracker – Individual who cause DamageHacker/Cracker – Individual who cause Damage  Logic bomb - An unauthorized action triggered by aLogic bomb - An unauthorized action triggered by a system statesystem state  Malicious logic - Evil hardware, software, or firmwareMalicious logic - Evil hardware, software, or firmware included by malcontents for malcontentsincluded by malcontents for malcontents
  • 14. Related Definitions Cont…Related Definitions Cont…  Principle of Least Privilege - Every entity grantedPrinciple of Least Privilege - Every entity granted least privileges necessary to perform assigned tasksleast privileges necessary to perform assigned tasks  Memory bounds - The limits in a range of storageMemory bounds - The limits in a range of storage addresses for a protected memory regionaddresses for a protected memory region  Piggy Back - Unauthorized system via another’sPiggy Back - Unauthorized system via another’s authorized access (shoulder surfing is similar)authorized access (shoulder surfing is similar)  Privileged Instructions - Set of instructions generallyPrivileged Instructions - Set of instructions generally executable only when system is operating inexecutable only when system is operating in executive stateexecutive state  Reference Monitor - A security control which controlsReference Monitor - A security control which controls subjects’ access to resources - an example is thesubjects’ access to resources - an example is the security kernel for a given hardware basesecurity kernel for a given hardware base
  • 15. Related Definitions Cont…Related Definitions Cont…  Resource - Anything used while a system is functioningResource - Anything used while a system is functioning (eg CPU time, memory, disk space)(eg CPU time, memory, disk space)  Resource encapsulation - Property which statesResource encapsulation - Property which states resources cannot be directly accessed by subjectsresources cannot be directly accessed by subjects because subject access must be controlled by thebecause subject access must be controlled by the reference monitorreference monitor  Security Kernel - Hardware/software/firmware elementsSecurity Kernel - Hardware/software/firmware elements of the Trusted Computing Base - security kernelof the Trusted Computing Base - security kernel implements the reference monitor conceptimplements the reference monitor concept  Trusted Computing Base - From the TCSEC, the portionTrusted Computing Base - From the TCSEC, the portion of a computer system which contains all elements of theof a computer system which contains all elements of the system responsible for supporting the security policy andsystem responsible for supporting the security policy and supporting the isolation of objects on which thesupporting the isolation of objects on which the protection is based -follows the reference monitorprotection is based -follows the reference monitor conceptconcept
  • 16. Related Definitions Cont…Related Definitions Cont…  TCSEC - Trusted Computer Security Evaluation CriteriaTCSEC - Trusted Computer Security Evaluation Criteria - Evaluation Guides other than the Orange Book- Evaluation Guides other than the Orange Book  ITSEC - Information Technology Security EvaluationITSEC - Information Technology Security Evaluation Criteria (European)Criteria (European)  CTCPEC - Canadian Trusted Computer ProductCTCPEC - Canadian Trusted Computer Product Evaluation CriteriaEvaluation Criteria  CC - Common CriteriaCC - Common Criteria
  • 17. Related Definitions Cont…Related Definitions Cont…  Trusted SystemTrusted System • follows from TCBfollows from TCB • A system that can be expected to meet users’A system that can be expected to meet users’ requirements for reliability, security, effectiveness duerequirements for reliability, security, effectiveness due to having undergone testing and validationto having undergone testing and validation  System AssuranceSystem Assurance • the trust that can be placed in a system, and thethe trust that can be placed in a system, and the trusted ways the system can be proven to have beentrusted ways the system can be proven to have been developed, tested, maintained, etc.developed, tested, maintained, etc.
  • 18. TCB Levels (from TCSEC)TCB Levels (from TCSEC)  D - Minimal protectionD - Minimal protection  C - Discretionary ProtectionC - Discretionary Protection • C1 cooperative users who can protect their own infoC1 cooperative users who can protect their own info • C2 more granular DAC, has individual accountabilityC2 more granular DAC, has individual accountability  B - Mandatory ProtectionB - Mandatory Protection • B1 Labeled Security ProtectionB1 Labeled Security Protection • B2 Structured ProtectionB2 Structured Protection • B3 Security DomainsB3 Security Domains  A - Verified ProtectionA - Verified Protection • A1 Verified DesignA1 Verified Design
  • 19. Related Definitions Cont…Related Definitions Cont…  Virus - program that can infect other programsVirus - program that can infect other programs  Worm - program that propagates but doesn’t necessarilyWorm - program that propagates but doesn’t necessarily modify other programsmodify other programs  Bacteria or rabbit - programs that replicate themselves toBacteria or rabbit - programs that replicate themselves to overwhelm system resourcesoverwhelm system resources  Back Doors - trap doors - allow unauthorized access toBack Doors - trap doors - allow unauthorized access to systemssystems  Trojan horse - malicious program masquerading as aTrojan horse - malicious program masquerading as a benign programbenign program
  • 20. The Security KernelThe Security Kernel
  • 21. General Operating System Protection  User identification and authentication  Mandatory access control  Discretionary access control  Complete mediation  Object reuse protection  Audit  Protection of audit logs  Audit log reduction  Trusted path  Intrusion detection
  • 22. Network Protection  Hash totals  Recording of sequence checking  Transmission logging  Transmission error correction  Invalid login, modem error, lost connections, CPU failure, disk error, line error, etc.  Retransmission control
  • 23. The BIG ThreeThe BIG Three  ConfidentialityConfidentiality • Unauthorized users cannot access dataUnauthorized users cannot access data  IntegrityIntegrity • Unauthorized users cannot manipulate/destroy dataUnauthorized users cannot manipulate/destroy data  AvailabilityAvailability • Unauthorized users cannot make system resourcesUnauthorized users cannot make system resources unavailable to legitimate usersunavailable to legitimate users
  • 24. Security ModelsSecurity Models Bell-LaPadulaBell-LaPadula BibaBiba Clark & WilsonClark & Wilson Non-interferenceNon-interference State machineState machine Access MatrixAccess Matrix Information flowInformation flow
  • 25. Bell-LaPadulaBell-LaPadula  A state machine model capturing the confidentialityA state machine model capturing the confidentiality aspects of access controlaspects of access control
  • 26. Biba Integrity ModelBiba Integrity Model  The Biba integrity model mathematically describes read and write restrictions based on integrity access classes of subjects and objects (Biba used the terms “integrity level” and “integrity compartments”)
  • 27. Clark & Wilson ModelClark & Wilson Model  An Integrity Model, like BibaAn Integrity Model, like Biba  Addresses all 3 integrity goalsAddresses all 3 integrity goals • Prevents unauthorized users from makingPrevents unauthorized users from making modificationsmodifications • Maintains internal and external consistencyMaintains internal and external consistency • Prevents authorized users from making improperPrevents authorized users from making improper modificationsmodifications  T - cannot be Tampered with while being changedT - cannot be Tampered with while being changed  L - all changes must be LoggedL - all changes must be Logged  C - Integrity of data is ConsistentC - Integrity of data is Consistent
  • 28. Clark & Wilson Model Cont…Clark & Wilson Model Cont…  Proposes “Well Formed Transactions”Proposes “Well Formed Transactions” • perform steps in orderperform steps in order • perform exactly the steps listedperform exactly the steps listed • authenticate the individuals who perform the stepsauthenticate the individuals who perform the steps  Calls for separation of dutyCalls for separation of duty  Well-formed transaction - The process and data items can be changed only by a specific set of trusted programs
  • 29. More ModelsMore Models  Access matrix model - A state machine model for aAccess matrix model - A state machine model for a discretionary access control environmentdiscretionary access control environment  Information flow model - simplifies analysis of covertInformation flow model - simplifies analysis of covert channelschannels • A variant of the access control model • Attempts to control the transfer of information from one object into another object • helps to find covert channelshelps to find covert channels
  • 30. More Models Cont…More Models Cont…  Noninterference model - Covers ways to preventNoninterference model - Covers ways to prevent subjects operating in one domain from affecting eachsubjects operating in one domain from affecting each other in violation of security policyother in violation of security policy  State machine model - Abstract mathematical modelState machine model - Abstract mathematical model consisting of state variables and transition functionsconsisting of state variables and transition functions  Chinese Wall Model – provides a model for access rulesChinese Wall Model – provides a model for access rules in a consultancy business where analysts have to makein a consultancy business where analysts have to make sure that no conflicts of interest arisesure that no conflicts of interest arise  Lattice Model - The higher up in secrecy, the moreLattice Model - The higher up in secrecy, the more constraints on the data; the lower in secrecy, the lessconstraints on the data; the lower in secrecy, the less constraints on the dataconstraints on the data
  • 31. Certification & AccreditationCertification & Accreditation  Procedures and judgements to determine the suitabilityProcedures and judgements to determine the suitability of a system to operate in a target operationalof a system to operate in a target operational environmentenvironment  Certification considers system in operationalCertification considers system in operational environmentenvironment  Accreditation is the official management decision toAccreditation is the official management decision to operate a systemoperate a system
  • 32. IPSECIPSEC  IETF updated 1997, 1998IETF updated 1997, 1998  Addresses security at IP layerAddresses security at IP layer  Key goals:Key goals: • authenticationauthentication • encryptionencryption  ComponentsComponents • IP Authentication Header (AH)IP Authentication Header (AH) • Encapsulating Security Payload (ESP)Encapsulating Security Payload (ESP) • Both are vehicles for access controlBoth are vehicles for access control • Key management via ISAKMPKey management via ISAKMP
  • 33. Network/Host Security ConceptsNetwork/Host Security Concepts  Security Awareness ProgramSecurity Awareness Program  CERT/CIRTCERT/CIRT  Errors of omission vs. correctionErrors of omission vs. correction  physical securityphysical security  dial-up securitydial-up security  Host vs. network security controlsHost vs. network security controls  WrappersWrappers  Fault ToleranceFault Tolerance
  • 34. TEMPESTTEMPEST  Electromagnetic shielding standardElectromagnetic shielding standard  Mostly for DoD communication EquipmentsMostly for DoD communication Equipments  Currently not widely usedCurrently not widely used  See “accreditation” - i.e. acceptance of riskSee “accreditation” - i.e. acceptance of risk
  • 35. ??