Presentation is loading. Please wait.

Presentation is loading. Please wait.

Domain 6 Security Architecture and Models. 9-8-992 Domain Objective The objective of this domain is to understand: security models in terms of confidentiality,

Published byHortense Julia Thomas Modified over 9 years ago

Similar presentations

Presentation on theme: "Domain 6 Security Architecture and Models. 9-8-992 Domain Objective The objective of this domain is to understand: security models in terms of confidentiality,"— Presentation transcript:

1 Domain 6 Security Architecture and Models

2 9-8-992 Domain Objective The objective of this domain is to understand: security models in terms of confidentiality, integrity, availability, operations, and government versus commercial requirements system models and the different industry standards that apply to them the technical platforms that security operates on in terms of hardware, firmware, and software

3 9-8-993 Availability ConfidentialityIntegrity A-I-C Triad

4 9-8-994 Domain Summary The information for this domain represents 10% of the CISSP exam content. This domain contains information on security architecture concepts, principles, structures, and standards. Computer and network organizations that work with the security architecture. Also, architecture along with some of the common security issues pertaining to security models and system application.

5 Information Technology Technical Platforms

6 9-8-996 Operating System Utilities and Software Application Programs Utilities Operating System Computer Hardware

7 9-8-997 Computer Hardware (SRV Theory 601.1) Central Processing Unit (CPU) – the control unit, arithmetic and logic unit, and primary storage unit -Supervisor state – program can access entire system -Problem state – only non-privileged instructions executed Memory Types -real – main storage area in virtual computer memory, real and main storage are identical -virtual – storage space on a computer used as addressable memory -random memory – all of the computer’s primary working memory

8 9-8-998 Computer Hardware (SRV Theory 601.1) Bus - the internal connection inside the computer between devices, power, and internal circuit boards Channels - the path which data can be sent between main memory and a peripheral device Storage - computer memory, disks, or tapes used for holding data during processing

9 9-8-999

10 10 Computer Software (SRV Theory 601.2) Operating System Software four components: process management - controls program execution to make sure that programs share resources I/O device management - issues commands to devices that read and write to the system memory management - keeps track of which parts of memory are in use or not in use system file management - read, write, erase functions that the operating system uses to manage files

11 9-8-9911 System Recovery (SRV Theory 601.3) There are three general operating system failure recovery actions: system reboot - system is shutdown in a controlled manner and is restarted to free up resources emergency system restart - system is locked and is unresponsive; a system maintenance mode is started and system is recovered with a restart system cold start - system is locked and will not restart; physical intervention is needed to reset system and load system from bootstrap

12 Information Security Architecture Framework and Concepts

13 9-8-9913 IT Architecture (SRV Theory 602.2) Information Technology (IT) architecture is an integrated framework for managing IT goals and business Logical architecture - provides high-level description of a company’s functional requirements for information and system processing Technical architecture - defines specific IT standards and rules that are physically used to implement the logical architecture

14 9-8-9914 Security System Architecture Execution domain – OS system area protected from both deliberate tampering and inadvertent modification Enforcement of least privilege: -processes have no more privilege than needed to perform functions -only modules needing complete system privileges are located in kernel -other modules call on more privileged routines only as needed and as long as needed

15 9-8-9915 Security System Architecture Protection mechanisms: -layering – processes constructed in layers where each layer deals with specific activity -abstraction – establishment of specific set of permissible values and operations -data hiding – layer in one hierarchy has no access to data in another layer Process isolation – ensures multiple processes run concurrently without conflicting with each other Resource access control - process of limiting access to resources of a system

16 9-8-9916 Security System Architecture Token – a specific privilege or capability conferred based on authentication from an electronically coded device (SRV Theory 602.2) Capability – a defined representation (i.e. token) of the resource and access rights to a resource (SRV Theory 602.2) Security labels - a designation assigned to a resource used to identify a security purpose (SRV Theory 602.2)

17 9-8-9917 Open and Closed Systems (SRV Theory 602.4) Open system - is not a secure system -system employing standard user interfaces -user provided with access to total system capability -system open to spiteful acts -most computer systems operate in a open environment Closed system - is a secure system -system without standard user interfaces -user limited to single proprietary language or application -Lacks interoperability with other vendor systems

18 9-8-9918 Objects and Subjects (SRV Theory 602.10) Important concepts to remember for this domain: Object - a passive entity that contains or receives information –can be hardware, software, and well as system processes Subject - is an active entity that causes information to flow among objects –can be a person, process, or device

19 9-8-9919 Access Controls (SRV Theory 602.5) Mandatory - restrict access to objects based on sensitivity of information and subject’s authorization –mandatory access is usually controlled through security labels –a subject cannot delegate their access to another Discretionary - restrict access to objects based on subject’s identity and need-to-know –a subject can delegate their access to another –system has the ability to control information on an individual basis

20 9-8-9920 Reference Monitor (SRV Theory 602.11) Reference monitor – conceptual access control device that mediates all accesses to objects by subjects; a kernel –security kernel – the hardware, firmware, and software elements of a trusted computing base that implement the reference monitor concept –Trusted Computing Base (TCB) – all protection mechanisms within a computer system used for enforcing a security policy Security perimeter - a boundary in which a reference monitor operates -the security kernel as well as other security related system functions, are within the (imaginary) boundary of the TCB -system elements outside the security perimeter need not be trusted (SRV Theory 602.1)

21 9-8-9921 Architectural Foundation (SRV Theory 602.1) Elements of computer trustworthiness –trusted computing base –enforcement of security policy –domain separation domain is the set of objects that a subject can access separation is the mechanism that protects objects in the system –defined subset - only TCB controlled subjects can access all objects –resource isolation - the containment of subjects and objects to assure TCB control is maintained

22 9-8-9922 Architectural Foundation (SRV Theory 602.1) Elements of computer trustworthiness (continued) –hardware isolation – TCB separated from untrusted parts of the system –software isolation – containment of subjects and objects to an application –software meditation – control of subject access to system resources

23 9-8-9923 Modes of Operation (SRV Theory 602.14) Operation modes are the conditions a computer security system functions based on authorization and data sensitivity: Dedicated security mode - all users have access to all data System high mode – all personnel have passed clearance and formal access approval but not necessarily the need-to-know for all data Partitioned (compartmented) mode – each user with access needs must meet security criteria for area Multilevel secure (MLS) mode – not all personnel have the same clearance or formal access approval, individuals have the multiple levels of clearance to information

24 9-8-9924 Certification and Accreditation (SRV Theory 602.3) Certification and accreditation – are a set of procedures and judgements regarding suitability of a system to securely operate in its intended environment Certification - technical evaluation of system security features for the purpose of accreditation –ideally it is an ongoing set of validation processes –should be reviewed whenever a major change occurs Accreditation - official management decision to operate the system -approval of given operational concept and environment -risks formally accepted

25 Information Security Structures Standards and Models

26 9-8-9926 IETF Security Architecture (SRV Theory 602.6) IP security architecture (IPSEC) RFC 2401- IP security is designed to provide interoperable, high-quality, cryptographical based security for IP v4 and v6 -Not developed as an overall Internet security architecture -Addresses security at the Internet protocol layer – gateway and firewall systems -Critically dependent on security of environment -operating system security -system management -random number sources -system time variations

27 9-8-9927 IETF Security Architecture (SRV Theory 602.6) IPSEC protocols for communications security: IP Authentication Header (AH) -provides connectionless integrity, data origin authentication, and an optional anti-replay service Encapsulating Security Payload (ESP) -provides confidentiality (encryption) and limited traffic flow confidentiality -may provide connectionless integrity, data origin authentication, and anti-replay service

28 9-8-9928 Security Association (SA) All IPSEC implementations must support a security association Simplex - (one-way) connection that affords security services to the IP traffic carried by it Security services are afforded by the use of AH or ESP protocol but not both A security association is uniquely identified by a triple relationship -security parameter index (SPI), an IP destination address, and a security protocol (AH or ESP)

29 9-8-9929 Security Association (SA) Security associations may be combined in 2 ways -transport adjacency – applying more than one security protocol to the same IP datagram, without invoking tunneling -allows for only one level of combination -processing is performed at one IPSec instance -iterated tunneling – application of multiple layers of security protocols -allows for multiple levels of security protocol nesting -each tunnel can originate or terminate at a different IPSec site along the transmission path

30 9-8-9930 ITSEC Standard (SRV Theory 602.7) Information Technology Security Evaluation Criteria (ITSEC) - European standard for IT security criteria Scope - addresses three basic threats, has three functional levels, eight basic security functions, ten functionality classes, eight hierarchical assurance levels, and seven levels of correctness of security mechanisms –IT product - off-the-shelf hardware or software package –IT system - designed and built product for specific needs –criteria is not a design guide for secure products or systems –Target of Evaluation (TOE) - refers to product or system to be evaluated –closely maps to Orange book criteria

31 9-8-9931 TCSEC Standard (SRV Theory 602.8) Trusted Computer System Evaluation Criteria (TCSEC) - US DoD standard for security criteria (Orange book) Scope - six fundamental security requirements and four evaluation criteria divisions –standard has been superseded, no longer in use –Classes: D - minimal protection, has only one class C - discretionary protection, has two classes B - mandatory protection, has three classes A - verified protection, has only one class

32 9-8-9932 Security Models (SRV Theory 602.12) Bell – LaPadula - information flow security model -abstract formal treatment of DoD security policy -uses mathematics and set theory to define concept of secure state -explicitly defines fundamental modes of access (read, write) -rules for controlling subjects access to objects -information will not flow to an object of lesser classification

33 9-8-9933 Security Models (SRV Theory 602.12) Biba - integrity model in which no subject may depend on a less trusted object, including another subject -first to address integrity in computer systems -based on hierarchical lattice of integrity levels -elements -set of subjects (active, information processing) -set of objects (passive, information repository) -addresses first goal of integrity – prevent unauthorized users from making modifications -mathematical dual confidentiality policy

34 9-8-9934 Security Models (SRV Theory 602.12) Clark & Wilson - data integrity model for common commercial activities -addresses all 3 integrity goals -preventing unauthorized users from making modifications -maintaining internal and external consistency -preventing authorized from making improper modifications -well-formed transaction -preserve/ensure internal consistency -user can manipulate data only in ways that ensure internal consistency

35 9-8-9935 Common Flaws (SRV Theory 603) Security flaws within system architectures and designs: Covert channels - a valid communication path misused by a subject to cover an unauthorized transfer of information Asynchronous attacks - an attack that exploits the interval between a defensive act and a normal operation in order to gain operational control –TOCTOU - Time of check vs. time of use – a class of asynchronous attack

Download ppt "Domain 6 Security Architecture and Models. 9-8-992 Domain Objective The objective of this domain is to understand: security models in terms of confidentiality,"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.

Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Trusted System? What are the characteristics of a trusted system?

Trusted System? What are the characteristics of a trusted system?
ISA 562 Internet Security Theory & Practice

ISA 562 Internet Security Theory & Practice

Similar presentations

Ads by Google