This document discusses security architecture and models, including differences between commercial and government security requirements. It covers security evaluation criteria, security practices for the Internet, technical platforms in terms of hardware/software, and system security techniques like preventative, detective and corrective controls. The document also describes the layered approach to security architecture.
How to Measure RTOS Performance – Colin Walls
In the world of smart phones and tablet PCs memory might be cheap, but in the more constrained universe of deeply embedded devices, it is still a precious resource. This is one of the many reasons why most 16- and 32-bit embedded designs rely on the services of a scalable real-time operating system (RTOS). An RTOS allows product designers to focus on the added value of their solution while delegating efficient resource (memory, peripheral, etc.) management. In addition to footprint advantages, an RTOS operates with a degree of determinism that is an essential requirement for a variety of embedded applications. This paper takes a look at “typical” reported performance metrics for an RTOS in the embedded industry.
To Support Digital India, We are trying to enforce the security on the web and digital Information. This Slides provide you basic as well as advance knowledge of security model. Model covered in this slides are Chinese Wall, Clark-Wilson, Biba, Harrison-Ruzzo-Ullman Model, Bell-LaPadula Model etc.
Types of Access Control.
How to Measure RTOS Performance – Colin Walls
In the world of smart phones and tablet PCs memory might be cheap, but in the more constrained universe of deeply embedded devices, it is still a precious resource. This is one of the many reasons why most 16- and 32-bit embedded designs rely on the services of a scalable real-time operating system (RTOS). An RTOS allows product designers to focus on the added value of their solution while delegating efficient resource (memory, peripheral, etc.) management. In addition to footprint advantages, an RTOS operates with a degree of determinism that is an essential requirement for a variety of embedded applications. This paper takes a look at “typical” reported performance metrics for an RTOS in the embedded industry.
To Support Digital India, We are trying to enforce the security on the web and digital Information. This Slides provide you basic as well as advance knowledge of security model. Model covered in this slides are Chinese Wall, Clark-Wilson, Biba, Harrison-Ruzzo-Ullman Model, Bell-LaPadula Model etc.
Types of Access Control.
Embedded System,
Real Time Operating System Concept
Architecture of kernel
Task
Task States
Task scheduler
ISR
Semaphores
Mailbox
Message queues
Pipes
Events
Timers
Memory management
Introduction to Ucos II RTOS
Study of kernel structure of Ucos II
Synchronization in Ucos II
Inter-task communication in Ucos II
Memory management in Ucos II
Porting of RTOS.
Real-time systems are those systems in which the correctness of the system depends not only on the logical result of computation, but also on the time at which the results are produced.
Embedded System,
Real Time Operating System Concept
Architecture of kernel
Task
Task States
Task scheduler
ISR
Semaphores
Mailbox
Message queues
Pipes
Events
Timers
Memory management
Introduction to Ucos II RTOS
Study of kernel structure of Ucos II
Synchronization in Ucos II
Inter-task communication in Ucos II
Memory management in Ucos II
Porting of RTOS.
Real-time systems are those systems in which the correctness of the system depends not only on the logical result of computation, but also on the time at which the results are produced.
"Backoff" Malware: How to Know If You're InfectedTripwire
The US-CERT organization recently updated its Alert TA14-212A, which warns that Point-of-Sale (POS) memory-scraping malware has been found in 3 separate forensic investigations. The Secret Service estimates over 1000+ businesses of all types that accept credit card transactions may be affected. Most may not know it yet.
Join us to learn key “Indicators of Compromise” (IOCs) for Backoff, and what you can do about it.
SECURITY SOFTWARE RESOLIUTIONS (SSR) 1
SECURITY SOFTWARE RESOLIUTIONS (SSR) 4
First page
TABLE OF CONTENTS (TOC)
DOMAIN 1-PROJECT OUTLINE………………………………………………………..3
1-1 PROJECT OUTLINE AND REQUIREMENTS…………………………..4
DOMAIN 2 -SECURITY IN THE DEVELOPMENT LIFE CYCLE…………………….8
DOMAIN 3 -SOFTWARE ASSURANCE TECHNIQUES………………………………12
DOMAIN 4 -SECURITY IN NONTRADITIONAL DEVELOPMENT MODELS……...15
DOMAIN 5-SECURITY STATIC ANALYSIS…………………………………………..20
DOMAIN 6-SOFTWARE ASSURANCE POLICIES AND PROCESSES………………29
DOMAIN 1-1 PROJECT OUTLINE AND REQUIREMENTS
Telecom and Network Security Requirements
Remote Access Security Management
Remote Connections
· xDSL – Digital Subscriber Line
· Cable modem
· Wireless (PDAs)
· ISDN – Integrated Services Digital Network
Securing External Remote Connections
· VPN – Virtual Private Network
· SSL – Secure Socket Layer
· SSH – Secure Shell
Remote Access Authentication
· RADIUS – Remote Access Dial-In User Server
· TACACS – Terminal Access Controller Access Control Server
Remote Node Authentication
· PAP – Password Authentication Protocol – clear text
· CHAP – Challenge Handshake Authentication Protocol – protects password
Remote User Management
· Justification of remote access
· Support Issues
· Hardware and software distribution
Intrusion Detection
· Notification
· Remediation
Creation of:
· Host and networked based monitoring
· Event Notification
· CIRT – Computer Incident Response Team
· CIRT Performs
· Analysis of event
· Response to incident
· Escalation path procedures
· Resolution – post implementation follow up
Intrusion Detection Systems
· Network Based – Commonly reside on a discrete network segment and monitor the traffic on that network segment.
· Host Based – Use small programs, which reside on a host computer. Detect inappropriate activity only on the host computer, not the network segment.
· Knowledge Based – Signature based
· Behavioral Based – Statistical Anomaly
Knowledge Based
Pros Cons
Low false alarms Resource Intensive
Alarms Standardized New or unique attacks not found
Behavior Based – less common
Pros Cons
Dynamically adapts High False Alarm rates
Not as operating system specific User activity may not be static enough to implement
CIRT – (CERT) – Computer Incident Response Team
Responsibilities:
· Manage the company’s response to events that pose a risk
· Coordinating information
· Mitigating risk, minimize interruptions
· Assembling technical response teams
· Management of logs
· management of resolution
Network Availability
· RAID – Redundant Array of Inexpensive Disks
· Back Up Concepts
· Manage single points of failure
RAID – Redundant Array of Inexpensive Disks
· Fault tolerance against server crashes
· Secondary – impro.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. Security Architecture and ModelsSecurity Architecture and Models
Security models in terms of confidentiality, integrity, andSecurity models in terms of confidentiality, integrity, and
information flowinformation flow
Differences between commercial and government securityDifferences between commercial and government security
requirementsrequirements
The role of system security evaluation criteria such asThe role of system security evaluation criteria such as
TCSEC, ITSEC, and CCTCSEC, ITSEC, and CC
Security practices for the Internet (IETF IPSec)Security practices for the Internet (IETF IPSec)
Technical platforms in terms of hardware, firmware, andTechnical platforms in terms of hardware, firmware, and
softwaresoftware
System security techniques in terms of preventative,System security techniques in terms of preventative,
detective, and corrective controlsdetective, and corrective controls
4. The Architectures
Platform Architecture
Operating System Software and Utilities
Central Processing Unit (CPU) States
Memory Management Overview
Input/Output Devices
Storage Devices
• Operating System
Multitasking - Systems allow a user to perform more than
one computer Task, such as the operation of an application
program at the same time
Multithreading - The ability of a program or an operating
system process to manage its use by more than one user at
a time and to even manage multiple requests by the same
user without having to have multiple copies of the
programming running in the computer
5. The Architectures Cont…
Operating System
• Multiprogramming system - System that allows for the
interleaved execution of two or more programs by a processor
• Multiprocessing - The coordinated processing of two or more
programs by a processor that contains parallel processors
CPU States
• Run - The CPU is executing instructions for the current process
• Wait - The process is waiting for a defined event to occur, such
as retrieving data from a hard disk
• Sleep - The process is suspended and waiting for its next time
slice in the CPU, or a given event to occur such as an alarm
• Masked/interruptible state - Interrupts are implemented to allow
system events to be synchronized. For example, if the masked
bit is not set, the interruption is disabled (masked off)
6. The Architectures Cont…
MemoryMemory
Random Access Memory (RAM)
Dynamic Random Access Memory (DRAM)
Extended Data Output RAM (EDO RAM)
Synchronous DRAM (SDRAM)
Double Data Rate SDRAM (DDR SDRAM)
Burst Extended Data Output DRAM (BEDO DRAM)
Read-Only Memory (ROM)
Programmable Read-Only Memory (PROM)
Erasable and Programmable Read-Only Memory (EPROM)
Electrically Erasable Programmable Read-Only Memory
(EEPROM)
Flash Memory
7. The Architectures Cont…
StorageStorage
• Primary - Main memory directly accessible to the CPU
• Secondary - Nonvolatile storage medium
• Real - A program is given a definite storage location
in memory
• Virtual - The ability to extend the apparent size of
RAM
• Volatile - RAM
• Nonvolatile – ROM and Secodary storage devices
• Write-Once Read Memory -
8. The Architectures Cont…
Network Environment - A data communication system allowing a
number of devices to communicate with each other
• Local Environment
• Shared Environment
• Security Environments
• Dedicated security mode -processing of one particular type or
classification of information
• System high-security mode – system hardware/software is only
trusted to provide need-to-know protection between users
• Multi-level security mode - allows two or more classification levels
• Controlled mode - type of multi-level security in which a more limited
amount of trust
• Compartmentalized security mode - process two or more types of
compartmented information
Enterprise Architecture - Systematically derived and captured
structural descriptions
9. Related DefinitionsRelated Definitions
Access control - Prevention of unauthorized use orAccess control - Prevention of unauthorized use or
misuse of a systemmisuse of a system
ACL - Access control listACL - Access control list
Access Mode - An operation on an object recognized byAccess Mode - An operation on an object recognized by
the security mechanisms - think read, write or executethe security mechanisms - think read, write or execute
actions on filesactions on files
Accountability- Actions can be correlated to an entityAccountability- Actions can be correlated to an entity
Accreditation - Approval to operate in a given capacity inAccreditation - Approval to operate in a given capacity in
a given environmenta given environment
Asynchronous attack - An attack exploiting the timeAsynchronous attack - An attack exploiting the time
lapse between an attack action and a system reactionlapse between an attack action and a system reaction
10. Related Definitions Cont…Related Definitions Cont…
Audit trail - Records that document actions on or againstAudit trail - Records that document actions on or against
a systema system
Bounds Checking - Within a program, the process ofBounds Checking - Within a program, the process of
checking for references outside of declared limits. Whenchecking for references outside of declared limits. When
bounds checking is not employed, attacks such as bufferbounds checking is not employed, attacks such as buffer
overflows are possibleoverflows are possible
Compartmentalization - Storing sensitive data in isolatedCompartmentalization - Storing sensitive data in isolated
blocksblocks
Configuration Control - management and control ofConfiguration Control - management and control of
changes to a system’s hardware, firmware, software,changes to a system’s hardware, firmware, software,
and documentationand documentation
confinement - Ensuring data cannot be abused when aconfinement - Ensuring data cannot be abused when a
process is executing a borrowed program and has someprocess is executing a borrowed program and has some
access to that dataaccess to that data
11. Related Definitions Cont…Related Definitions Cont…
Contamination – Corruption of data of varyingContamination – Corruption of data of varying
classification levelsclassification levels
Correctness Proof - Mathematical proof of consistencyCorrectness Proof - Mathematical proof of consistency
between a specification and implementationbetween a specification and implementation
Countermeasure - anything that neutralizes vulnerabilityCountermeasure - anything that neutralizes vulnerability
Covert Channel - A communication channel that allowsCovert Channel - A communication channel that allows
cooperating processes to transfer information in a waycooperating processes to transfer information in a way
that violates a system’s security policythat violates a system’s security policy
• covert storage channel involves memory shared bycovert storage channel involves memory shared by
processesprocesses
• covert timing channel involves modulation of systemcovert timing channel involves modulation of system
resource usage (like CPU time)resource usage (like CPU time)
12. Related Definitions Cont…Related Definitions Cont…
Criticality - Importance of system to missionCriticality - Importance of system to mission
Cycle - One cycle consists of writing a zero, then a 1 inCycle - One cycle consists of writing a zero, then a 1 in
every possible locationevery possible location
Data Contamination - Deliberate or accidental change inData Contamination - Deliberate or accidental change in
the integrity of datathe integrity of data
Discretionary Access Control - An entity with accessDiscretionary Access Control - An entity with access
privileges can pass those privileges on to other entitiesprivileges can pass those privileges on to other entities
Mandatory Access control - Requires that access controlMandatory Access control - Requires that access control
policy decisions are beyond the control of the individualpolicy decisions are beyond the control of the individual
owner of an object (think military security classification)owner of an object (think military security classification)
13. Related Definitions Cont…Related Definitions Cont…
DoD Trusted Computer System Evaluation CriteriaDoD Trusted Computer System Evaluation Criteria
(TCSEC) - orange book(TCSEC) - orange book
Firmware - software permanently stored in hardwareFirmware - software permanently stored in hardware
device (ROM, read only memory)device (ROM, read only memory)
Formal Proof - Mathematical argumentFormal Proof - Mathematical argument
Hacker/Cracker – Individual who cause DamageHacker/Cracker – Individual who cause Damage
Logic bomb - An unauthorized action triggered by aLogic bomb - An unauthorized action triggered by a
system statesystem state
Malicious logic - Evil hardware, software, or firmwareMalicious logic - Evil hardware, software, or firmware
included by malcontents for malcontentsincluded by malcontents for malcontents
14. Related Definitions Cont…Related Definitions Cont…
Principle of Least Privilege - Every entity grantedPrinciple of Least Privilege - Every entity granted
least privileges necessary to perform assigned tasksleast privileges necessary to perform assigned tasks
Memory bounds - The limits in a range of storageMemory bounds - The limits in a range of storage
addresses for a protected memory regionaddresses for a protected memory region
Piggy Back - Unauthorized system via another’sPiggy Back - Unauthorized system via another’s
authorized access (shoulder surfing is similar)authorized access (shoulder surfing is similar)
Privileged Instructions - Set of instructions generallyPrivileged Instructions - Set of instructions generally
executable only when system is operating inexecutable only when system is operating in
executive stateexecutive state
Reference Monitor - A security control which controlsReference Monitor - A security control which controls
subjects’ access to resources - an example is thesubjects’ access to resources - an example is the
security kernel for a given hardware basesecurity kernel for a given hardware base
15. Related Definitions Cont…Related Definitions Cont…
Resource - Anything used while a system is functioningResource - Anything used while a system is functioning
(eg CPU time, memory, disk space)(eg CPU time, memory, disk space)
Resource encapsulation - Property which statesResource encapsulation - Property which states
resources cannot be directly accessed by subjectsresources cannot be directly accessed by subjects
because subject access must be controlled by thebecause subject access must be controlled by the
reference monitorreference monitor
Security Kernel - Hardware/software/firmware elementsSecurity Kernel - Hardware/software/firmware elements
of the Trusted Computing Base - security kernelof the Trusted Computing Base - security kernel
implements the reference monitor conceptimplements the reference monitor concept
Trusted Computing Base - From the TCSEC, the portionTrusted Computing Base - From the TCSEC, the portion
of a computer system which contains all elements of theof a computer system which contains all elements of the
system responsible for supporting the security policy andsystem responsible for supporting the security policy and
supporting the isolation of objects on which thesupporting the isolation of objects on which the
protection is based -follows the reference monitorprotection is based -follows the reference monitor
conceptconcept
16. Related Definitions Cont…Related Definitions Cont…
TCSEC - Trusted Computer Security Evaluation CriteriaTCSEC - Trusted Computer Security Evaluation Criteria
- Evaluation Guides other than the Orange Book- Evaluation Guides other than the Orange Book
ITSEC - Information Technology Security EvaluationITSEC - Information Technology Security Evaluation
Criteria (European)Criteria (European)
CTCPEC - Canadian Trusted Computer ProductCTCPEC - Canadian Trusted Computer Product
Evaluation CriteriaEvaluation Criteria
CC - Common CriteriaCC - Common Criteria
17. Related Definitions Cont…Related Definitions Cont…
Trusted SystemTrusted System
• follows from TCBfollows from TCB
• A system that can be expected to meet users’A system that can be expected to meet users’
requirements for reliability, security, effectiveness duerequirements for reliability, security, effectiveness due
to having undergone testing and validationto having undergone testing and validation
System AssuranceSystem Assurance
• the trust that can be placed in a system, and thethe trust that can be placed in a system, and the
trusted ways the system can be proven to have beentrusted ways the system can be proven to have been
developed, tested, maintained, etc.developed, tested, maintained, etc.
18. TCB Levels (from TCSEC)TCB Levels (from TCSEC)
D - Minimal protectionD - Minimal protection
C - Discretionary ProtectionC - Discretionary Protection
• C1 cooperative users who can protect their own infoC1 cooperative users who can protect their own info
• C2 more granular DAC, has individual accountabilityC2 more granular DAC, has individual accountability
B - Mandatory ProtectionB - Mandatory Protection
• B1 Labeled Security ProtectionB1 Labeled Security Protection
• B2 Structured ProtectionB2 Structured Protection
• B3 Security DomainsB3 Security Domains
A - Verified ProtectionA - Verified Protection
• A1 Verified DesignA1 Verified Design
19. Related Definitions Cont…Related Definitions Cont…
Virus - program that can infect other programsVirus - program that can infect other programs
Worm - program that propagates but doesn’t necessarilyWorm - program that propagates but doesn’t necessarily
modify other programsmodify other programs
Bacteria or rabbit - programs that replicate themselves toBacteria or rabbit - programs that replicate themselves to
overwhelm system resourcesoverwhelm system resources
Back Doors - trap doors - allow unauthorized access toBack Doors - trap doors - allow unauthorized access to
systemssystems
Trojan horse - malicious program masquerading as aTrojan horse - malicious program masquerading as a
benign programbenign program
21. General Operating System Protection
User identification and authentication
Mandatory access control
Discretionary access control
Complete mediation
Object reuse protection
Audit
Protection of audit logs
Audit log reduction
Trusted path
Intrusion detection
22. Network Protection
Hash totals
Recording of sequence checking
Transmission logging
Transmission error correction
Invalid login, modem error, lost connections, CPU failure,
disk error, line error, etc.
Retransmission control
23. The BIG ThreeThe BIG Three
ConfidentialityConfidentiality
• Unauthorized users cannot access dataUnauthorized users cannot access data
IntegrityIntegrity
• Unauthorized users cannot manipulate/destroy dataUnauthorized users cannot manipulate/destroy data
AvailabilityAvailability
• Unauthorized users cannot make system resourcesUnauthorized users cannot make system resources
unavailable to legitimate usersunavailable to legitimate users
25. Bell-LaPadulaBell-LaPadula
A state machine model capturing the confidentialityA state machine model capturing the confidentiality
aspects of access controlaspects of access control
26. Biba Integrity ModelBiba Integrity Model
The Biba integrity model mathematically describes read
and write restrictions based on integrity access classes
of subjects and objects (Biba used the terms “integrity
level” and “integrity compartments”)
27. Clark & Wilson ModelClark & Wilson Model
An Integrity Model, like BibaAn Integrity Model, like Biba
Addresses all 3 integrity goalsAddresses all 3 integrity goals
• Prevents unauthorized users from makingPrevents unauthorized users from making
modificationsmodifications
• Maintains internal and external consistencyMaintains internal and external consistency
• Prevents authorized users from making improperPrevents authorized users from making improper
modificationsmodifications
T - cannot be Tampered with while being changedT - cannot be Tampered with while being changed
L - all changes must be LoggedL - all changes must be Logged
C - Integrity of data is ConsistentC - Integrity of data is Consistent
28. Clark & Wilson Model Cont…Clark & Wilson Model Cont…
Proposes “Well Formed Transactions”Proposes “Well Formed Transactions”
• perform steps in orderperform steps in order
• perform exactly the steps listedperform exactly the steps listed
• authenticate the individuals who perform the stepsauthenticate the individuals who perform the steps
Calls for separation of dutyCalls for separation of duty
Well-formed transaction - The process and data items
can be changed only by a specific set of trusted
programs
29. More ModelsMore Models
Access matrix model - A state machine model for aAccess matrix model - A state machine model for a
discretionary access control environmentdiscretionary access control environment
Information flow model - simplifies analysis of covertInformation flow model - simplifies analysis of covert
channelschannels
• A variant of the access control model
• Attempts to control the transfer of information from
one object into another object
• helps to find covert channelshelps to find covert channels
30. More Models Cont…More Models Cont…
Noninterference model - Covers ways to preventNoninterference model - Covers ways to prevent
subjects operating in one domain from affecting eachsubjects operating in one domain from affecting each
other in violation of security policyother in violation of security policy
State machine model - Abstract mathematical modelState machine model - Abstract mathematical model
consisting of state variables and transition functionsconsisting of state variables and transition functions
Chinese Wall Model – provides a model for access rulesChinese Wall Model – provides a model for access rules
in a consultancy business where analysts have to makein a consultancy business where analysts have to make
sure that no conflicts of interest arisesure that no conflicts of interest arise
Lattice Model - The higher up in secrecy, the moreLattice Model - The higher up in secrecy, the more
constraints on the data; the lower in secrecy, the lessconstraints on the data; the lower in secrecy, the less
constraints on the dataconstraints on the data
31. Certification & AccreditationCertification & Accreditation
Procedures and judgements to determine the suitabilityProcedures and judgements to determine the suitability
of a system to operate in a target operationalof a system to operate in a target operational
environmentenvironment
Certification considers system in operationalCertification considers system in operational
environmentenvironment
Accreditation is the official management decision toAccreditation is the official management decision to
operate a systemoperate a system
32. IPSECIPSEC
IETF updated 1997, 1998IETF updated 1997, 1998
Addresses security at IP layerAddresses security at IP layer
Key goals:Key goals:
• authenticationauthentication
• encryptionencryption
ComponentsComponents
• IP Authentication Header (AH)IP Authentication Header (AH)
• Encapsulating Security Payload (ESP)Encapsulating Security Payload (ESP)
• Both are vehicles for access controlBoth are vehicles for access control
• Key management via ISAKMPKey management via ISAKMP
33. Network/Host Security ConceptsNetwork/Host Security Concepts
Security Awareness ProgramSecurity Awareness Program
CERT/CIRTCERT/CIRT
Errors of omission vs. correctionErrors of omission vs. correction
physical securityphysical security
dial-up securitydial-up security
Host vs. network security controlsHost vs. network security controls
WrappersWrappers
Fault ToleranceFault Tolerance
34. TEMPESTTEMPEST
Electromagnetic shielding standardElectromagnetic shielding standard
Mostly for DoD communication EquipmentsMostly for DoD communication Equipments
Currently not widely usedCurrently not widely used
See “accreditation” - i.e. acceptance of riskSee “accreditation” - i.e. acceptance of risk