The document discusses the concept of security architecture and design, emphasizing its role in creating secure computer systems through hardware, software, and logical models. It outlines the benefits of strong security architecture for businesses, including reducing breaches and ensuring compliance with data security standards. Additionally, it explains design techniques such as layering, abstraction, and the evaluation models used to assess system security.

1. Security Architecture
and Design

2. Security architecture is a unified security design that addresses the necessities and
potential risks involved in a certain scenario or environment. It also specifies when and
where to apply security controls.
As described in the CISSP Study Guide, Security Architecture and Design describes
fundamental logical hardware, operating system, and software security components,
and how to use those components to design, architect, and evaluate secure computer
systems.
It is further divided into 3 domains and each of them cover:
1. The hardware and software requirements to have a secure computer system.
2. The logical models required to keep the system secure
3. The evaluation models that quantify how secure the system really is.
2

3. How can businesses benefit by having a
strong Security Architecture?
 Fewer Breaches of Your Systems Architecture
 Compliance with Key Data Security Standards
 Being a Strong Security Architecture Example Helps to Earn Trust
 Preventing a Loss of Business
3

4. How to design a Secure System?
4
Security
Domains
Layering Abstraction
 The Ring
Model

5. 1. Layering
Layering separates hardware and software functionality into modular
tiers.
A generic list of security architecture layers is as follows:
1. Hardware
2. Kernel and device drivers
3. Operating System
4. Applications
5

6. 2. Abstraction
Abstraction hides unnecessary details from the user.
Complexity is the enemy of security. That said, computers are
tremendously complex machines and Abstraction provides a way to
manage that complexity.
6

7. 3. Security Domains
A security domain is the list of objects a subject is allowed to access.
More broadly defined, domains are groups of subjects and objects
with similar security requirements.
7

8. 4. The Ring Model
The ring model is a form of CPU
hardware layering that
separates and protects
domains (such as kernel mode
and user mode) from each
other.
8

9. Domain #1
The hardware and software
requirements to have a secure
computer system.
9

10. SECURE HARDWARE ARCHITECTURE
10
Secure Hardware Architecture focuses on the physical computer
hardware required to have a secure system. The hardware must
provide confidentiality, integrity, and availability for processes, data,
and users.
It is further divided into the following components:
 The System Unit and Motherboard
 The Computer Bus
 Northbridge and southbridge

11. Computer Bus:
11
Northbridge and Southbridge:

12. SECURE OPERATING SYSTEM AND
SOFTWARE ARCHITECTURE
12
Secure Operating System and Software Architecture builds upon the
secure hardware described in the previous slide, providing a secure
interface between hardware and the applications (and users) which
access the hardware. Operating systems provide memory, resource,
and process management.
The most sensitive components in which security is required are:
 The Kernel
 Virtualization

13. The Kernel
13
The Kernel is the heart of the Operating
System and they run closest to the hardware
in ring 0, which makes them more vulnerable.
There are two basic Kernel designs:
Monolithic and Microkernel.
A monolithic kernel is compiled into one
static executable and the entire kernel runs in
supervisor mode. All functionality required by
a monolithic kernel must be precompiled in.
Microkernels are modular kernels. A
microkernel is usually smaller and has less
native functionality than a typical monolithic
kernel (hence the term “micro”), but can add
functionality via loadable kernel modules.

14. Virtualization
14
Virtualization adds a software layer between an operating system and the underlying
computer hardware. This allows multiple operating systems to run simultaneously on
one physical computer.
Example: VMware
There are two basic virtualization types: Transparent virtualization (sometimes
called full virtualization) and Paravirtualization.
Transparent virtualization runs stock operating systems, such as Windows 7 or
Ubuntu Linux 9.10, as virtual guests. No changes to the guest OS are required.
Paravirtualization runs specially modified operating systems, with modified kernel
system calls.

15. Traditional vs Virtual Architecture
15

16. Domain #2
The logical models required to
keep the system secure.
16

17. Security Models
17
 Bell-LaPadula
 Biba
 Clark & Wilson
 Non-interference
 State machine
 Access Matrix
 Information flow

18. Reading Down:
18
Writing Up:

19. Subject:
A Personnel
19
Object:
A Document
US’ Department of Defense’s Clearance Labels

20. Bell-LaPadula Model
20
 This model was developed by David Elliott Bell and Leonard J. LaPadula on behalf
of the MITRE Corporation for the US’ Department of Defense.
 It follows the Reading down and Writing up method.
 It is focused on maintaining the confidentiality of objects.
It is no longer used because the model does not maintain integrity in any way.
A low-clearance operative can submit false data which moves up to high clearance
levels. Nothing to prevent unauthorized alteration of data.

21. Multi-level access Control in Bell-LaPadula Model:
21
 Reading Down
 Writing Up

22. Biba Model
22
 This model was developed by Kenneth Biba at the MITRE Corporation.
 It follows the Reading up and Writing down method.
 While many governments are primarily concerned with confidentiality, most
businesses desire to ensure that the integrity of the information is protected at
the highest level. Biba is the model of choice when integrity protection is vital.
 If a high-ranking subject issues data, everyone can trust that data. If a low-
ranking subject issues some sort of data, no one above that subject has
permission to trust it.

23. Multi-level access Control in Biba Model:
23
 Reading Up
 Writing Down

24. Domain #3
The evaluation models that
quantify how secure the
system really is.
24

25. Evaluation methods
25
Evaluation criteria provide a standard for qualifying the security of a
computer system or network.
 The Trusted Computer System Evaluation Criteria (TCSEC).
 The Trusted Network Interpretation (TNI).
 The European Information Technology Security Evaluation
Criteria (ITSEC).
 The Common Criteria.

26. 26
Thank you
srishtiahuja16@gmail.com
slashsrishti
srishtiahuja16