Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
64 Cards in this Set
- Front
- Back
|
Specify how to control access to system resources
|
Security architecture
|
|
|
Trusted Computing Base
|
Hardware, firemware, and software component of a computer system that is responsible for ensuring the security policy is implement and the system is secure.
|
|
|
Trusted Computing Base
|
HW - processor
Firmware - OS protection SW - Driver |
|
|
Security perimeter
|
Imaginary line around the TCB that separates the trusted (interior) and untrusted (applications and other elements on the exterior) parts of a computer system
|
|
|
Computer Architecture Security and Design
|
1. Hardware design intiitiates system protection
2. Firemware or software development is implemented (controls elementary hardware) 3. Software protection is deigned |
|
|
If the ? is not adequately designed, developed, and implemented, the RM will be unable to control access.
|
TCB
|
|
|
Process of building security into the various components is called
|
layered protection
|
|
|
Hardware architecture components
|
1. CPU
2. Primary Storage 3. Secondary Storage 4. Virtual memory 5. I/O devices 6. Computer bus 7. Drivers |
|
|
Software Architecture
|
1. OS
2. Application |
|
|
Multitasking
|
OS divides time among the programs - single processor
|
|
|
Multithreading
|
computing technique that enables a program to split itself into 2 or more concurrently running tasks
*parallel execution of multiple treads |
|
|
Multithreading example
|
word doc - entering text and spellcheck
|
|
|
Multiprocessing
|
multiple processors, controlling all of te processors in such a way that the systems optimum performance is reached
|
|
|
Firmware
|
software used on a hardware device to control their elementary functions
BIOS |
|
|
Distributed system architecture
|
# of computers are networked together and share application processes and data
|
|
|
Security model categories
|
Lattice model
Non-interface model Information flow model BLP Model Biba Model Clark-Wilson Grahm-Denning Harrison-Ruzzo-Ullman Model Brewer-nash |
|
|
Lattice model
|
used to implement mandatory access control (MACs) where data is classified or labeled and users are cleared for access
|
|
|
Non-interface model
|
created barriers so information can not leak between them
(page for info on Whitepages) |
|
|
Information flow model
|
Controls the direction of data flow among the various security levels.
Useful for detecting covert channels (unauthorized data flows or communication paths) |
|
|
BLP Model
|
Confidentiality - prohibits classified data from moving to a lower level.
No read up No write down |
|
|
Biba Model
|
Integrity
No read down No write up |
|
|
Clark-Wilson
|
extends Biba - transactions and separation of duties
|
|
|
Grahm-Denning
|
creating and deleting objects, as well as the reading, grating, deleting, and transferring of access rights
|
|
|
Harrison-Ruzzo-Ullman Model
|
changing access rights and deleting subjects or objects
|
|
|
Brewer-nash
|
conflict of interest in a computer system
|
|
|
Trusted Computer Base (TCB) Vulnerabilities
|
Backdoor and Trapdoors
TOC/TOU - time of check/time of use Race Condition Buffer overflows |
|
|
Uses a weakness in the TCB where acesses is granted at one point in time and used much later.
|
TOC/TOU - time of check/time of use
|
|
|
TCB weakness - Occurs when 2 processes need to access & modify info at the same time
|
Race Condition
|
|
|
Blue screen of death - firmware errors and driver errors, and operating system inefficiencies and errors
|
Protects the TCB
|
|
|
TCB Compromise
|
replacing
|
|
|
When a system fails, data recovery methods can be made a 2 levels
|
1. Trusted recovery
2. Untrusted recovery |
|
|
Protection mechanism used in data recovery that ensures the security of a computer system that crashes or fails by recovering the security relevant elements in a trusted state.
|
Trusted recovery
|
|
|
1.Reboot in single user mode - with security protections enabled.
2. Recovering system files active at the crash point Example of |
Trusted recovery
|
|
|
Untrusted recovery
|
process that does not result in secure and trusted environments
|
|
|
Trusted recovery methods
|
1. Manual
2. Automatic 3. Recovery without errors (manual/automatic) 4. Recovery with limited errors |
|
|
Security Mode types - Dedicated
|
Signed NDA - A
Proper Clearance - A Formal access approval - A Need to know - A |
|
|
Security Mode types - System High
|
Signed NDA - A
Proper Clearance - A Formal access approval - A Need to know - S |
|
|
Security Mode types - Compartmented
|
Signed NDA - A
Proper Clearance - A Formal access approval - S Need to know - S |
|
|
Security Mode types - Multilevel
|
Signed NDA - A
Proper Clearance - S Formal access approval - S Need to know - Sb |
|
|
System Assurance
|
1. system architecture provides anticipated security levels
2. appropriate safeguards remain n place |
|
|
Trusted Computer System Evaluation Criteria - TCSEC
|
First attempt by the government at evaluation systems to ensure they fulfill the policy objectives
|
|
|
Evaluation criteria published in a book set called -
And the TSEC specs were in the |
Rainbow series
*Orange Book |
|
|
Trusted network Interpretation (TNI)
|
extended the TCSEC to include the secure participation in computer networks
*Red Book |
|
|
Trusted Data Interpretation (TDI)
|
Extendeds to evaluation criteria for databases implementations
Database is evaluated as a standalone system. *Purple book |
|
|
TCSEC Objectives
|
1. Policy
2. Accountability 3. Assurance 3, Documentation |
|
|
TCSEC - Policy
|
Mandatory security policy - implementing MAC
Discretionary security policy - implementing DAC |
|
|
TCSEC - Accountability
|
Identification - requires unique identification
Authentication - requires authentication process Auditing - logging of access attempts and activities |
|
|
TCSEC - Assurance
|
Architecture, system integrity, security testing, design specs and verification,
Continual protection assurance - continual verification of the TCB |
|
|
TCSEC - Documentation
|
Security features user's guide
Trusted facility manual Test and design documentation |
|
|
TCSEC Division and classes
|
A - Verified protection (design verification)
B - Mandatory protection (B3, B2, B1) C - Discretionary protection (C2 & C1) D - Minimal security (NA) |
|
|
B - Mandatory protection - B3 - Labled security
|
B3 - Defines the security administrator, trusted recovery, monitoring and automatic notification
|
|
|
B - Mandatory protection- B2 - Structured protection -
|
B2 - Device lables and subject sensitivity labes, trusted path, SoD, covert channel analysis
|
|
|
B - Mandatory protection - B1- Labled security
|
B1 - Labls and MAC, process isolation, design specs and verification
|
|
|
C - Discretionary protection C2 - Discretionary protection
|
Audit trail protection, Object reuses control
|
|
|
C - Discretionary protection C1 - Controlled access
|
I&A
Discretionary resource protection |
|
|
Info System Security Standards
|
1. ITSEC
2. Common Criteria 3. CMMI 3. ISO 27002 |
|
|
ITSEC
|
Developed in Europe- Targets of Evaluation - functionality and assurance
Fn & En #s |
|
|
Common Criteria
|
Developed in Europe, US, Canada - replace TCSEC and ITSEC
Protection profiles - Common used now EAL7 is highest level |
|
|
CMMI
|
Software engineering institute - rate the quality of software. Looks at the process - how mature
|
|
|
ISO 27002
|
British standard *current international standard
details & controls |
|
|
Certification
|
Risk evaluation
|
|
|
Accreditation
|
Acceptance of the risk
|
|
|
C&A - Certification & Accreditation
|
All systems used by the US gov must have
|
|
|
C&A phases
|
1. Establish level of security
2. Defining specific env. for use 3. Evaluating INDIVIDUAL system security 3. Evaluating NETWORK system security 5. Evaluating PHYSICAL system security 6. Compare evaluations to requirements 7. A[[roving the system 8. Evaluating and approve operation if changes occur |
