Sunday, January 22, 2006

[CISSP] Domain Security Models and Architecture

Domain Security Models and Architecture


  • Availability Prevention of loss of access to resources and data
  • Integrity Prevention of unauthorized modification of data
  • Confidentiality Prevention of unauthorized disclosure of data
Protection rings


  • Ring 0 Operationg system kernel
  • Ring 1 Remaining parts of the operationg system
  • Ring 2 I/O drivers and utilities
  • Ring 3 Applications and programs

CPU

The CPU is made up of two parts: ALU and registers. There are two types of registers: dedicated and status. Dedicated registers are program counters that point to memory locations which hold the next instructions. Status registers hold state information.

Common Criteria works to answer two basic questions about products being evaluated: what the security mechanisms within the product do(functionality), and how sure are you of that(assurance)?

Bell-LaPadula model

A model that protects the confidentiality of the information within a system

  • No read up
  • No write down
  • read/write at the same security level.

Biba model

A model that protects the integrity of the information within a system

  • No read down
  • No write up

Clark-Wilson model

The invocation property is part of Biba security model and enforces integrity principles between subjects and objects. It ensures that subjects can only access objects through a program(access triple).

Subjects cannot acces objects directly, but rather through specified programs. This layer of protection enforces integrity. It ensures that subjects can only access objects through a program(access triple), enforces separation of duties, and requires auditing.

Brewer and Nash model

Also called the Chinese Wall model, was designed to establish access control mechanisms that can change dynamically. The system is intended to prevent conflicts of interest between users who are accessing the same system.

Trust Computer Security Evaluation Criteria(TCSEC) principles

  • Functionality
  • Effectiveness
  • Assurance

TCSCE also know as the Orange Book, mainly addresses government and military requirements. It looks specifically at the operating system and not ohter issues like networking and databases. It focuses on confidentiality, not on integrity, availability, or authenticity.

Trusted Computing Base(TCB) is the hardware, software and firmware components that work together to implement the system security policy, creating a consistent, stable and secure environment for information processing.

The Orange Book(Trusted Computer System Evaluation Criteria- TCSEC) Secrity levels

  • A Verified
  • B Mandatory protection
  • C Discretionary protection
  • D Minimal security

B1 Labeled Security

B2 Structured Protection: Covert channel analysis is required for systems evaluated at levels B2 and above.

B3 Security Domains: Requires that the integrity of the reference monitor be checked to prove that is is small enough to be tested thoroughly and tamperproof.

C1 Descretionary Security Proctection

C2 Controlled Access Protection: Object reuse protection introduced.

Information Technology Security Evaluation Criteria(ITSEC)

Became official in 1995 as Europe's own standard for evaluating computing devices. Security is based on two principles: effectiveness and correctness.

Common Criteria

Five sections

  • Descriptive elements
  • Rationale
  • Functional requirements
  • Development assurance requirements
  • Evaluation assurance requirements

Threats

Convert timing attacks manipulate system resources to access information obtained by another process.

  • Timing: One process relays information to another by modulating its use of system resources.
  • Storage: When a process writes data to a storage location and another process directly, or indirectly, reads it.

Asynchronous attacks, time-of -check versus time-of use checks are the same and use timing based attack methods that take advantage of time intervals between legitimate activities that are vulnerable to subversion.

Buffer overflows send more information to the CPU than it can process, causing malicious code to execute.

Nonvolatile storage: sequential, real space, and virtual space. Real space is used to store instructions and data during computing. It is referred to as the computer's main storage area.

Zachman Framework for enterprise architecture

  • Strategic planner
  • System user
  • System designer
  • System developer
  • Subcontractor
  • System itself

Security Modes of Operation

Dedicated Security Mode

All users have the clearance and formal need-to-know to all data processed within the system.

System-High Security Mode

All users have a security clearance or authorization to access the infromation but not necessarily a need-to-know for all the information processed on the system.

Compartmented Security Mode

All users have the clearance to access all the infromation processed by the system, but might not have the need-to-know and formal access approval.

Multilevel Security Mode

It permits tow or more classification level of information to be processed at the same time when all the users do not have the clearance or formal approval to access all the information being processed by the system.

A protection domain is also called a security domain or an execution domain. which system resources that are available to a subject.

0 Comments:

Post a Comment

<< Home