SlideShare a Scribd company logo

3. security architecture and models

Download as PPT, PDF
7
7wounders

This document discusses security architecture and models at a high level. It covers security models related to confidentiality, integrity and information flow. It also discusses differences between commercial and government security requirements. The document outlines the role of evaluation criteria such as TCSEC, ITSEC and CC. It briefly discusses security practices for the Internet like IPSec. It provides an overview of technical platforms involving hardware, firmware and software. It also touches on system security techniques including preventative, detective and corrective controls.

EducationTechnologyBusiness
1 of 35
Downloaded 647 times
1
2
Most read
3
4
Most read
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Most read
31
32
33
34
35
Security Architecture and Models
Security Architecture and Models  Security models in terms of confidentiality, integrity, and information flow  Differences between commercial and government security requirements  The role of system security evaluation criteria such as TCSEC, ITSEC, and CC  Security practices for the Internet (IETF IPSec)  Technical platforms in terms of hardware, firmware, and software  System security techniques in terms of preventative, detective, and corrective controls
The Layered Approach
The Architectures  Platform Architecture  Operating System Software and Utilities  Central Processing Unit (CPU) States  Memory Management Overview  Input/Output Devices  Storage Devices • Operating System  Multitasking - Systems allow a user to perform more than one computer Task, such as the operation of an application program at the same time  Multithreading - The ability of a program or an operating system process to manage its use by more than one user at a time and to even manage multiple requests by the same user without having to have multiple copies of the programming running in the computer
The Architectures Cont…  Operating System • Multiprogramming system - System that allows for the interleaved execution of two or more programs by a processor • Multiprocessing - The coordinated processing of two or more programs by a processor that contains parallel processors  CPU States • Run - The CPU is executing instructions for the current process • Wait - The process is waiting for a defined event to occur, such as retrieving data from a hard disk • Sleep - The process is suspended and waiting for its next time slice in the CPU, or a given event to occur such as an alarm • Masked/interruptible state - Interrupts are implemented to allow system events to be synchronized. For example, if the masked bit is not set, the interruption is disabled (masked off)
The Architectures Cont…  Memory  Random Access Memory (RAM)  Dynamic Random Access Memory (DRAM)  Extended Data Output RAM (EDO RAM)  Synchronous DRAM (SDRAM)  Double Data Rate SDRAM (DDR SDRAM)  Burst Extended Data Output DRAM (BEDO DRAM)  Read-Only Memory (ROM)  Programmable Read-Only Memory (PROM)  Erasable and Programmable Read-Only Memory (EPROM)  Electrically Erasable Programmable Read-Only Memory (EEPROM)  Flash Memory
The Architectures Cont…  Storage • Primary - Main memory directly accessible to the CPU • Secondary - Nonvolatile storage medium • Real - A program is given a definite storage location in memory • Virtual - The ability to extend the apparent size of RAM • Volatile - RAM • Nonvolatile – ROM and Secodary storage devices • Write-Once Read Memory -
The Architectures Cont…  Network Environment - A data communication system allowing a number of devices to communicate with each other • Local Environment • Shared Environment • Security Environments • Dedicated security mode -processing of one particular type or classification of information • System high-security mode – system hardware/software is only trusted to provide need-to-know protection between users • Multi-level security mode - allows two or more classification levels • Controlled mode - type of multi-level security in which a more limited amount of trust • Compartmentalized security mode - process two or more types of compartmented information  Enterprise Architecture - Systematically derived and captured structural descriptions
Related Definitions  Access control - Prevention of unauthorized use or misuse of a system  ACL - Access control list  Access Mode - An operation on an object recognized by the security mechanisms - think read, write or execute actions on files  Accountability- Actions can be correlated to an entity  Accreditation - Approval to operate in a given capacity in a given environment  Asynchronous attack - An attack exploiting the time lapse between an attack action and a system reaction
Related Definitions Cont…  Audit trail - Records that document actions on or against a system  Bounds Checking - Within a program, the process of checking for references outside of declared limits. When bounds checking is not employed, attacks such as buffer overflows are possible  Compartmentalization - Storing sensitive data in isolated blocks  Configuration Control - management and control of changes to a system’s hardware, firmware, software, and documentation  confinement - Ensuring data cannot be abused when a process is executing a borrowed program and has some access to that data
Related Definitions Cont…  Contamination – Corruption of data of varying classification levels  Correctness Proof - Mathematical proof of consistency between a specification and implementation  Countermeasure - anything that neutralizes vulnerability  Covert Channel - A communication channel that allows cooperating processes to transfer information in a way that violates a system’s security policy • covert storage channel involves memory shared by processes • covert timing channel involves modulation of system resource usage (like CPU time)
Related Definitions Cont…  Criticality - Importance of system to mission  Cycle - One cycle consists of writing a zero, then a 1 in every possible location  Data Contamination - Deliberate or accidental change in the integrity of data  Discretionary Access Control - An entity with access privileges can pass those privileges on to other entities  Mandatory Access control - Requires that access control policy decisions are beyond the control of the individual owner of an object (think military security classification)
Related Definitions Cont…  DoD Trusted Computer System Evaluation Criteria (TCSEC) - orange book  Firmware - software permanently stored in hardware device (ROM, read only memory)  Formal Proof - Mathematical argument  Hacker/Cracker – Individual who cause Damage  Logic bomb - An unauthorized action triggered by a system state  Malicious logic - Evil hardware, software, or firmware included by malcontents for malcontents
Related Definitions Cont…  Principle of Least Privilege - Every entity granted least privileges necessary to perform assigned tasks  Memory bounds - The limits in a range of storage addresses for a protected memory region  Piggy Back - Unauthorized system via another’s authorized access (shoulder surfing is similar)  Privileged Instructions - Set of instructions generally executable only when system is operating in executive state  Reference Monitor - A security control which controls subjects’ access to resources - an example is the security kernel for a given hardware base
Related Definitions Cont…  Resource - Anything used while a system is functioning (eg CPU time, memory, disk space)  Resource encapsulation - Property which states resources cannot be directly accessed by subjects because subject access must be controlled by the reference monitor  Security Kernel - Hardware/software/firmware elements of the Trusted Computing Base - security kernel implements the reference monitor concept  Trusted Computing Base - From the TCSEC, the portion of a computer system which contains all elements of the system responsible for supporting the security policy and supporting the isolation of objects on which the protection is based -follows the reference monitor concept
Related Definitions Cont…  TCSEC - Trusted Computer Security Evaluation Criteria - Evaluation Guides other than the Orange Book  ITSEC - Information Technology Security Evaluation Criteria (European)  CTCPEC - Canadian Trusted Computer Product Evaluation Criteria  CC - Common Criteria
Related Definitions Cont…  Trusted System • follows from TCB • A system that can be expected to meet users’ requirements for reliability, security, effectiveness due to having undergone testing and validation  System Assurance • the trust that can be placed in a system, and the trusted ways the system can be proven to have been developed, tested, maintained, etc.
TCB Levels (from TCSEC)  D - Minimal protection  C - Discretionary Protection • C1 cooperative users who can protect their own info • C2 more granular DAC, has individual accountability  B - Mandatory Protection • B1 Labeled Security Protection • B2 Structured Protection • B3 Security Domains  A - Verified Protection • A1 Verified Design
Related Definitions Cont…  Virus - program that can infect other programs  Worm - program that propagates but doesn’t necessarily modify other programs  Bacteria or rabbit - programs that replicate themselves to overwhelm system resources  Back Doors - trap doors - allow unauthorized access to systems  Trojan horse - malicious program masquerading as a benign program
The Security Kernel
General Operating System Protection  User identification and authentication  Mandatory access control  Discretionary access control  Complete mediation  Object reuse protection  Audit  Protection of audit logs  Audit log reduction  Trusted path  Intrusion detection
Network Protection  Hash totals  Recording of sequence checking  Transmission logging  Transmission error correction  Invalid login, modem error, lost connections, CPU failure, disk error, line error, etc.  Retransmission control
The BIG Three  Confidentiality • Unauthorized users cannot access data  Integrity • Unauthorized users cannot manipulate/destroy data  Availability • Unauthorized users cannot make system resources unavailable to legitimate users
Security Models Bell-LaPadula Biba Clark & Wilson Non-interference State machine Access Matrix Information flow
Bell-LaPadula  A state machine model capturing the confidentiality aspects of access control
Biba Integrity Model  The Biba integrity model mathematically describes read and write restrictions based on integrity access classes of subjects and objects (Biba used the terms “integrity level” and “integrity compartments”)
Clark & Wilson Model  An Integrity Model, like Biba  Addresses all 3 integrity goals • Prevents unauthorized users from making modifications • Maintains internal and external consistency • Prevents authorized users from making improper modifications  T - cannot be Tampered with while being changed  L - all changes must be Logged  C - Integrity of data is Consistent
Clark & Wilson Model Cont…  Proposes “Well Formed Transactions” • perform steps in order • perform exactly the steps listed • authenticate the individuals who perform the steps  Calls for separation of duty  Well-formed transaction - The process and data items can be changed only by a specific set of trusted programs
More Models  Access matrix model - A state machine model for a discretionary access control environment  Information flow model - simplifies analysis of covert channels • A variant of the access control model • Attempts to control the transfer of information from one object into another object • helps to find covert channels
More Models Cont…  Noninterference model - Covers ways to prevent subjects operating in one domain from affecting each other in violation of security policy  State machine model - Abstract mathematical model consisting of state variables and transition functions  Chinese Wall Model – provides a model for access rules in a consultancy business where analysts have to make sure that no conflicts of interest arise  Lattice Model - The higher up in secrecy, the more constraints on the data; the lower in secrecy, the less constraints on the data
Certification & Accreditation  Procedures and judgements to determine the suitability of a system to operate in a target operational environment  Certification considers system in operational environment  Accreditation is the official management decision to operate a system
IPSEC  IETF updated 1997, 1998  Addresses security at IP layer  Key goals: • authentication • encryption  Components • IP Authentication Header (AH) • Encapsulating Security Payload (ESP) • Both are vehicles for access control • Key management via ISAKMP
Network/Host Security Concepts  Security Awareness Program  CERT/CIRT  Errors of omission vs. correction  physical security  dial-up security  Host vs. network security controls  Wrappers  Fault Tolerance
TEMPEST  Electromagnetic shielding standard  Mostly for DoD communication Equipments  Currently not widely used  See “accreditation” - i.e. acceptance of risk
?

More Related Content

What's hot (20)

PPT
Cloud interoperability
gaurav jain
 
PPT
Firewalls
Ram Dutt Shukla
 
PPT
Chapter 5 Planning for Security-students.ppt
Shruthi48
 
PPT
Web security
Subhash Basistha
 
PPTX
Virtual machine security
Jacob Zvirikuzhe
 
PPT
Security models
LJ PROJECTS
 
PPT
Tcpip services and applications
Online
 
PPTX
Identity and Access Management Introduction
Aidy Tificate
 
PPTX
Firewall in Network Security
lalithambiga kamaraj
 
PPT
Topic1 Understanding Distributed Information Systems
sanjoysanyal
 
PPT
Software Security (Vulnerabilities) And Physical Security
Nicholas Davis
 
PPTX
Security architecture, engineering and operations
Piyush Jain
 
PDF
Domain Modeling
Harsh Jegadeesan
 
PPT
Unit 4
Ravi Kumar
 
PPTX
Common Standards in Cloud Computing
mrzahidfaiz.blogspot.com
 
PPTX
Virtualization in cloud computing
Mohammad Ilyas Malik
 
PPT
Security policy
Dhani Ahmad
 
PDF
Chapter 5 database security
Syaiful Ahdan
 
ODP
Distributed operating system(os)
Dinesh Modak
 
PPTX
Introduction to Cloud Computing and Cloud Infrastructure
SANTHOSHKUMARKL1
 
Cloud interoperability
gaurav jain
 
Firewalls
Ram Dutt Shukla
 
Chapter 5 Planning for Security-students.ppt
Shruthi48
 
Web security
Subhash Basistha
 
Virtual machine security
Jacob Zvirikuzhe
 
Security models
LJ PROJECTS
 
Tcpip services and applications
Online
 
Identity and Access Management Introduction
Aidy Tificate
 
Firewall in Network Security
lalithambiga kamaraj
 
Topic1 Understanding Distributed Information Systems
sanjoysanyal
 
Software Security (Vulnerabilities) And Physical Security
Nicholas Davis
 
Security architecture, engineering and operations
Piyush Jain
 
Domain Modeling
Harsh Jegadeesan
 
Unit 4
Ravi Kumar
 
Common Standards in Cloud Computing
mrzahidfaiz.blogspot.com
 
Virtualization in cloud computing
Mohammad Ilyas Malik
 
Security policy
Dhani Ahmad
 
Chapter 5 database security
Syaiful Ahdan
 
Distributed operating system(os)
Dinesh Modak
 
Introduction to Cloud Computing and Cloud Infrastructure
SANTHOSHKUMARKL1
 

Similar to 3. security architecture and models (20)

PPT
3 securityarchitectureandmodels-120331064706-phpapp01
wardell henley
 
PPT
Security Architecture
amiable_indian
 
PPT
Chapter Last.ppt
miki304759
 
PPTX
Operating system security
Ramesh Ogania
 
PDF
Intro to Operating Systems - Introductory Lectures - Software Engineering
SohaibImran13
 
PDF
Operations Security Presentation
Wajahat Rajab
 
PPTX
501 ch 5 securing hosts and data
gocybersec
 
PPTX
security in is.pptx
selvapriyabiher
 
PPTX
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
PPTX
Coud discovery chap 5
Alain Charpentier
 
PPT
cs-intro-os.ppt
infomerlin
 
PPTX
Operating Systems- Dr.G.Sumathi AI & DS, KNCET
sumathiganesan4
 
PPTX
osy_unit_2.pptxservices and components of OS
akshatappawar10
 
PPTX
list of all Functions of operating system.pptx
ErAnjuBala
 
PPTX
Operating system 1Chapter One- Introduction(0) (1).pptx
jamsibro140
 
PPTX
Design Of Operating System_Lecture_OS_2.pptx
RakeshKumar194949
 
PDF
Ch2 operating-system structures
Welly Dian Astika
 
PPT
CH3-OS.PPT operating system structures module
deviveeranan7
 
PPTX
Lec # 1 chapter 2
rereelshahed
 
PPTX
Chapter 7
Seth Nurul
 
3 securityarchitectureandmodels-120331064706-phpapp01
wardell henley
 
Security Architecture
amiable_indian
 
Chapter Last.ppt
miki304759
 
Operating system security
Ramesh Ogania
 
Intro to Operating Systems - Introductory Lectures - Software Engineering
SohaibImran13
 
Operations Security Presentation
Wajahat Rajab
 
501 ch 5 securing hosts and data
gocybersec
 
security in is.pptx
selvapriyabiher
 
System Security Sem 2(Module 1).pptx
rahulkumarcscsf21
 
Coud discovery chap 5
Alain Charpentier
 
cs-intro-os.ppt
infomerlin
 
Operating Systems- Dr.G.Sumathi AI & DS, KNCET
sumathiganesan4
 
osy_unit_2.pptxservices and components of OS
akshatappawar10
 
list of all Functions of operating system.pptx
ErAnjuBala
 
Operating system 1Chapter One- Introduction(0) (1).pptx
jamsibro140
 
Design Of Operating System_Lecture_OS_2.pptx
RakeshKumar194949
 
Ch2 operating-system structures
Welly Dian Astika
 
CH3-OS.PPT operating system structures module
deviveeranan7
 
Lec # 1 chapter 2
rereelshahed
 
Chapter 7
Seth Nurul
 
Ad

More from 7wounders (8)

PPT
Cissp why
7wounders
 
PPT
10. law invest & ethics
7wounders
 
PPT
8. operations security
7wounders
 
PPT
7. physical sec
7wounders
 
PPT
6. cryptography
7wounders
 
PPT
5. telecomm & network security
7wounders
 
PPT
2. access control
7wounders
 
PPT
1. security management practices
7wounders
 
Cissp why
7wounders
 
10. law invest & ethics
7wounders
 
8. operations security
7wounders
 
7. physical sec
7wounders
 
6. cryptography
7wounders
 
5. telecomm & network security
7wounders
 
2. access control
7wounders
 
1. security management practices
7wounders
 
Ad

Recently uploaded (20)

PDF
Chapter-V-DED-Entrepreneurship: Institutions Facilitating Entrepreneurship
Dayanand Huded
 
PPTX
Stereochemistry-Optical Isomerism in organic compoundsptx
Tarannum Nadaf-Mansuri
 
PDF
DIGESTION OF CARBOHYDRATES,PROTEINS,LIPIDS
raviralanaresh2
 
PDF
ARAL_Orientation_Day-2-Sessions_ARAL-Readung ARAL-Mathematics ARAL-Sciencev2.pdf
JoelVilloso1
 
PDF
Knee Extensor Mechanism Injuries - Orthopedic Radiologic Imaging
Sean M. Fox
 
PPTX
How to Convert an Opportunity into a Quotation in Odoo 18 CRM
Celine George
 
PDF
Stokey: A Jewish Village by Rachel Kolsky
History of Stoke Newington
 
PDF
People & Earth's Ecosystem -Lesson 2: People & Population
marvinnbustamante1
 
PPTX
MENINGITIS: NURSING MANAGEMENT, BACTERIAL MENINGITIS, VIRAL MENINGITIS.pptx
PRADEEP ABOTHU
 
PDF
LAW OF CONTRACT (5 YEAR LLB & UNITARY LLB )- MODULE - 1.& 2 - LEARN THROUGH P...
APARNA T SHAIL KUMAR
 
PDF
Generative AI: it's STILL not a robot (CIJ Summer 2025)
Paul Bradshaw
 
PDF
The Different Types of Non-Experimental Research
Thelma Villaflores
 
PDF
Biological Bilingual Glossary Hindi and English Medium
World of Wisdom
 
PPTX
How to Set Maximum Difference Odoo 18 POS
Celine George
 
PPTX
How to Manage Large Scrollbar in Odoo 18 POS
Celine George
 
PPTX
Universal immunization Programme (UIP).pptx
Vishal Chanalia
 
PDF
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - GLOBAL SUCCESS - CẢ NĂM - NĂM 2024 (VOCABULARY, ...
Nguyen Thanh Tu Collection
 
PPTX
2025 Winter SWAYAM NPTEL & A Student.pptx
Utsav Yagnik
 
PPTX
ASRB NET 2023 PREVIOUS YEAR QUESTION PAPER GENETICS AND PLANT BREEDING BY SAT...
Krashi Coaching
 
PDF
Reconstruct, Restore, Reimagine: New Perspectives on Stoke Newington’s Histor...
History of Stoke Newington
 
Chapter-V-DED-Entrepreneurship: Institutions Facilitating Entrepreneurship
Dayanand Huded
 
Stereochemistry-Optical Isomerism in organic compoundsptx
Tarannum Nadaf-Mansuri
 
DIGESTION OF CARBOHYDRATES,PROTEINS,LIPIDS
raviralanaresh2
 
ARAL_Orientation_Day-2-Sessions_ARAL-Readung ARAL-Mathematics ARAL-Sciencev2.pdf
JoelVilloso1
 
Knee Extensor Mechanism Injuries - Orthopedic Radiologic Imaging
Sean M. Fox
 
How to Convert an Opportunity into a Quotation in Odoo 18 CRM
Celine George
 
Stokey: A Jewish Village by Rachel Kolsky
History of Stoke Newington
 
People & Earth's Ecosystem -Lesson 2: People & Population
marvinnbustamante1
 
MENINGITIS: NURSING MANAGEMENT, BACTERIAL MENINGITIS, VIRAL MENINGITIS.pptx
PRADEEP ABOTHU
 
LAW OF CONTRACT (5 YEAR LLB & UNITARY LLB )- MODULE - 1.& 2 - LEARN THROUGH P...
APARNA T SHAIL KUMAR
 
Generative AI: it's STILL not a robot (CIJ Summer 2025)
Paul Bradshaw
 
The Different Types of Non-Experimental Research
Thelma Villaflores
 
Biological Bilingual Glossary Hindi and English Medium
World of Wisdom
 
How to Set Maximum Difference Odoo 18 POS
Celine George
 
How to Manage Large Scrollbar in Odoo 18 POS
Celine George
 
Universal immunization Programme (UIP).pptx
Vishal Chanalia
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - GLOBAL SUCCESS - CẢ NĂM - NĂM 2024 (VOCABULARY, ...
Nguyen Thanh Tu Collection
 
2025 Winter SWAYAM NPTEL & A Student.pptx
Utsav Yagnik
 
ASRB NET 2023 PREVIOUS YEAR QUESTION PAPER GENETICS AND PLANT BREEDING BY SAT...
Krashi Coaching
 
Reconstruct, Restore, Reimagine: New Perspectives on Stoke Newington’s Histor...
History of Stoke Newington
 

3. security architecture and models

  • 2. Security Architecture and Models  Security models in terms of confidentiality, integrity, and information flow  Differences between commercial and government security requirements  The role of system security evaluation criteria such as TCSEC, ITSEC, and CC  Security practices for the Internet (IETF IPSec)  Technical platforms in terms of hardware, firmware, and software  System security techniques in terms of preventative, detective, and corrective controls
  • 4. The Architectures  Platform Architecture  Operating System Software and Utilities  Central Processing Unit (CPU) States  Memory Management Overview  Input/Output Devices  Storage Devices • Operating System  Multitasking - Systems allow a user to perform more than one computer Task, such as the operation of an application program at the same time  Multithreading - The ability of a program or an operating system process to manage its use by more than one user at a time and to even manage multiple requests by the same user without having to have multiple copies of the programming running in the computer
  • 5. The Architectures Cont…  Operating System • Multiprogramming system - System that allows for the interleaved execution of two or more programs by a processor • Multiprocessing - The coordinated processing of two or more programs by a processor that contains parallel processors  CPU States • Run - The CPU is executing instructions for the current process • Wait - The process is waiting for a defined event to occur, such as retrieving data from a hard disk • Sleep - The process is suspended and waiting for its next time slice in the CPU, or a given event to occur such as an alarm • Masked/interruptible state - Interrupts are implemented to allow system events to be synchronized. For example, if the masked bit is not set, the interruption is disabled (masked off)
  • 6. The Architectures Cont…  Memory  Random Access Memory (RAM)  Dynamic Random Access Memory (DRAM)  Extended Data Output RAM (EDO RAM)  Synchronous DRAM (SDRAM)  Double Data Rate SDRAM (DDR SDRAM)  Burst Extended Data Output DRAM (BEDO DRAM)  Read-Only Memory (ROM)  Programmable Read-Only Memory (PROM)  Erasable and Programmable Read-Only Memory (EPROM)  Electrically Erasable Programmable Read-Only Memory (EEPROM)  Flash Memory
  • 7. The Architectures Cont…  Storage • Primary - Main memory directly accessible to the CPU • Secondary - Nonvolatile storage medium • Real - A program is given a definite storage location in memory • Virtual - The ability to extend the apparent size of RAM • Volatile - RAM • Nonvolatile – ROM and Secodary storage devices • Write-Once Read Memory -
  • 8. The Architectures Cont…  Network Environment - A data communication system allowing a number of devices to communicate with each other • Local Environment • Shared Environment • Security Environments • Dedicated security mode -processing of one particular type or classification of information • System high-security mode – system hardware/software is only trusted to provide need-to-know protection between users • Multi-level security mode - allows two or more classification levels • Controlled mode - type of multi-level security in which a more limited amount of trust • Compartmentalized security mode - process two or more types of compartmented information  Enterprise Architecture - Systematically derived and captured structural descriptions
  • 9. Related Definitions  Access control - Prevention of unauthorized use or misuse of a system  ACL - Access control list  Access Mode - An operation on an object recognized by the security mechanisms - think read, write or execute actions on files  Accountability- Actions can be correlated to an entity  Accreditation - Approval to operate in a given capacity in a given environment  Asynchronous attack - An attack exploiting the time lapse between an attack action and a system reaction
  • 10. Related Definitions Cont…  Audit trail - Records that document actions on or against a system  Bounds Checking - Within a program, the process of checking for references outside of declared limits. When bounds checking is not employed, attacks such as buffer overflows are possible  Compartmentalization - Storing sensitive data in isolated blocks  Configuration Control - management and control of changes to a system’s hardware, firmware, software, and documentation  confinement - Ensuring data cannot be abused when a process is executing a borrowed program and has some access to that data
  • 11. Related Definitions Cont…  Contamination – Corruption of data of varying classification levels  Correctness Proof - Mathematical proof of consistency between a specification and implementation  Countermeasure - anything that neutralizes vulnerability  Covert Channel - A communication channel that allows cooperating processes to transfer information in a way that violates a system’s security policy • covert storage channel involves memory shared by processes • covert timing channel involves modulation of system resource usage (like CPU time)
  • 12. Related Definitions Cont…  Criticality - Importance of system to mission  Cycle - One cycle consists of writing a zero, then a 1 in every possible location  Data Contamination - Deliberate or accidental change in the integrity of data  Discretionary Access Control - An entity with access privileges can pass those privileges on to other entities  Mandatory Access control - Requires that access control policy decisions are beyond the control of the individual owner of an object (think military security classification)
  • 13. Related Definitions Cont…  DoD Trusted Computer System Evaluation Criteria (TCSEC) - orange book  Firmware - software permanently stored in hardware device (ROM, read only memory)  Formal Proof - Mathematical argument  Hacker/Cracker – Individual who cause Damage  Logic bomb - An unauthorized action triggered by a system state  Malicious logic - Evil hardware, software, or firmware included by malcontents for malcontents
  • 14. Related Definitions Cont…  Principle of Least Privilege - Every entity granted least privileges necessary to perform assigned tasks  Memory bounds - The limits in a range of storage addresses for a protected memory region  Piggy Back - Unauthorized system via another’s authorized access (shoulder surfing is similar)  Privileged Instructions - Set of instructions generally executable only when system is operating in executive state  Reference Monitor - A security control which controls subjects’ access to resources - an example is the security kernel for a given hardware base
  • 15. Related Definitions Cont…  Resource - Anything used while a system is functioning (eg CPU time, memory, disk space)  Resource encapsulation - Property which states resources cannot be directly accessed by subjects because subject access must be controlled by the reference monitor  Security Kernel - Hardware/software/firmware elements of the Trusted Computing Base - security kernel implements the reference monitor concept  Trusted Computing Base - From the TCSEC, the portion of a computer system which contains all elements of the system responsible for supporting the security policy and supporting the isolation of objects on which the protection is based -follows the reference monitor concept
  • 16. Related Definitions Cont…  TCSEC - Trusted Computer Security Evaluation Criteria - Evaluation Guides other than the Orange Book  ITSEC - Information Technology Security Evaluation Criteria (European)  CTCPEC - Canadian Trusted Computer Product Evaluation Criteria  CC - Common Criteria
  • 17. Related Definitions Cont…  Trusted System • follows from TCB • A system that can be expected to meet users’ requirements for reliability, security, effectiveness due to having undergone testing and validation  System Assurance • the trust that can be placed in a system, and the trusted ways the system can be proven to have been developed, tested, maintained, etc.
  • 18. TCB Levels (from TCSEC)  D - Minimal protection  C - Discretionary Protection • C1 cooperative users who can protect their own info • C2 more granular DAC, has individual accountability  B - Mandatory Protection • B1 Labeled Security Protection • B2 Structured Protection • B3 Security Domains  A - Verified Protection • A1 Verified Design
  • 19. Related Definitions Cont…  Virus - program that can infect other programs  Worm - program that propagates but doesn’t necessarily modify other programs  Bacteria or rabbit - programs that replicate themselves to overwhelm system resources  Back Doors - trap doors - allow unauthorized access to systems  Trojan horse - malicious program masquerading as a benign program
  • 21. General Operating System Protection  User identification and authentication  Mandatory access control  Discretionary access control  Complete mediation  Object reuse protection  Audit  Protection of audit logs  Audit log reduction  Trusted path  Intrusion detection
  • 22. Network Protection  Hash totals  Recording of sequence checking  Transmission logging  Transmission error correction  Invalid login, modem error, lost connections, CPU failure, disk error, line error, etc.  Retransmission control
  • 23. The BIG Three  Confidentiality • Unauthorized users cannot access data  Integrity • Unauthorized users cannot manipulate/destroy data  Availability • Unauthorized users cannot make system resources unavailable to legitimate users
  • 24. Security Models Bell-LaPadula Biba Clark & Wilson Non-interference State machine Access Matrix Information flow
  • 25. Bell-LaPadula  A state machine model capturing the confidentiality aspects of access control
  • 26. Biba Integrity Model  The Biba integrity model mathematically describes read and write restrictions based on integrity access classes of subjects and objects (Biba used the terms “integrity level” and “integrity compartments”)
  • 27. Clark & Wilson Model  An Integrity Model, like Biba  Addresses all 3 integrity goals • Prevents unauthorized users from making modifications • Maintains internal and external consistency • Prevents authorized users from making improper modifications  T - cannot be Tampered with while being changed  L - all changes must be Logged  C - Integrity of data is Consistent
  • 28. Clark & Wilson Model Cont…  Proposes “Well Formed Transactions” • perform steps in order • perform exactly the steps listed • authenticate the individuals who perform the steps  Calls for separation of duty  Well-formed transaction - The process and data items can be changed only by a specific set of trusted programs
  • 29. More Models  Access matrix model - A state machine model for a discretionary access control environment  Information flow model - simplifies analysis of covert channels • A variant of the access control model • Attempts to control the transfer of information from one object into another object • helps to find covert channels
  • 30. More Models Cont…  Noninterference model - Covers ways to prevent subjects operating in one domain from affecting each other in violation of security policy  State machine model - Abstract mathematical model consisting of state variables and transition functions  Chinese Wall Model – provides a model for access rules in a consultancy business where analysts have to make sure that no conflicts of interest arise  Lattice Model - The higher up in secrecy, the more constraints on the data; the lower in secrecy, the less constraints on the data
  • 31. Certification & Accreditation  Procedures and judgements to determine the suitability of a system to operate in a target operational environment  Certification considers system in operational environment  Accreditation is the official management decision to operate a system
  • 32. IPSEC  IETF updated 1997, 1998  Addresses security at IP layer  Key goals: • authentication • encryption  Components • IP Authentication Header (AH) • Encapsulating Security Payload (ESP) • Both are vehicles for access control • Key management via ISAKMP
  • 33. Network/Host Security Concepts  Security Awareness Program  CERT/CIRT  Errors of omission vs. correction  physical security  dial-up security  Host vs. network security controls  Wrappers  Fault Tolerance
  • 34. TEMPEST  Electromagnetic shielding standard  Mostly for DoD communication Equipments  Currently not widely used  See “accreditation” - i.e. acceptance of risk
  • 35. ?