Scribd
Upload
174 views

Domain4 - Security Architecture & Models

This document provides an overview of a lecture on security architecture and models from CISSP Essentials: Mastering the Common Body of Knowledge. The lecture covers hardware and software components of computer systems, operating system protection mechanisms like memory management and protection rings, access control models like Bell-LaPadula and Brewer-Nash, security evaluation methods like TCSEC and Common Criteria, and threats to systems such as covert channels, backdoors, and denial-of-service attacks. The goal is to teach students the fundamentals of security architecture and how systems can be designed and evaluated to protect against security risks.

Uploaded by

drilling moneytree
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
174 views

Domain4 - Security Architecture & Models

This document provides an overview of a lecture on security architecture and models from CISSP Essentials: Mastering the Common Body of Knowledge. The lecture covers hardware and software components of computer systems, operating system protection mechanisms like memory management and protection rings, access control models like Bell-LaPadula and Brewer-Nash, security evaluation methods like TCSEC and Common Criteria, and threats to systems such as covert channels, backdoors, and denial-of-service attacks. The goal is to teach students the fundamentals of security architecture and how systems can be designed and evaluated to protect against security risks.

Uploaded by

drilling moneytree
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

CISSP Essentials:

Mastering the Common Body of Knowledge

Class 4:
Security architecture and
models
Lecturer Shon Harris, CISSP, MCSE
President, Logical Security

CISSP Essentials:
Mastering the Common Body of Knowledge

CISSP Essentials Library:


www.searchsecurity.com/CISSPessentials
Class 4 Quiz:
www.searchsecurity.com/Class4quiz
Class 4 Spotlight:
www.searchsecurity.com/Class4spotlight

Security architecture and models objectives


Computer architecture, software,
hardware components

Operating system protection


mechanisms

Access control models


Evaluation assurance criterion
and ratings

Certification and accreditation


processes

Attack types

Agenda
Hardware and software
computer components

Memory types and uses


Storage types
Processes and threads
Language generations

Hardware components - Central Processing


Unit (CPU)
CPU components
Primary storage

Registers that store instructions


and data that needs to be
processed

Control unit
Coordinates activities during
program instruction execution

Does not process data, but


controls processes that carry out
execution

Arithmetic Logic Unit (ALU)


Performs mathematical and
logical functions on the data

Memory management
Responsibilities

Keep track of used and unused memory segments

Memory protection

Assign memory segments to processes


Manage swapping between main memory and
secondary storage

Access control

Ensure that processes do not corrupt each others memory

Ensure that a requesting process has the necessary rights to access a memory
section

Keeping track of software and virtual addressing schemes


Multi-user operating system requires a more complex memory
manager

MS-DOS and Windows 9x are single-user operating systems

States that processes work in


Different states
Stopped

The process is not running

Waiting

The process is waiting for an interrupt to be able


to be processed by the CPU

Software interrupts allow time slicing and


sharing of the CPU

Running

The process instructions are being executed by


the CPU

Could be stopped by the operating system or


user

Run-time

Ready

Available to be used and waiting for an instruction

Waiting for a request from an application or


user

Language types
Machine Language 1GL
Executed directly by CPU
Assembly Language 2GL
Written in hexadecimal representation 1 character = 8 bits
Translated into machine language by an assembler
High-Level Language 3GL, 4GL, 5GL
Easier to write by working at an abstraction level
Requires a compiler or interpreter to turn source code into object
code

Complier.

Object code = machine language that still needs to be converted into binary.

All of source code is converted to object code

Interpreter.

One line at a time is converted to object code

Agenda
System self protection
Levels of access to resources and
trust levels

Memory segmenting
Process isolation
Layering and data hiding
Virtual machines
Protection rings
Security domains
Trusted computing base

System protection - Protection rings


Protection rings separate processes at different trust levels. The
rings are provided by the CPUs architecture. The operating
system can be written to use all or some of the rings.

What does it mean to be in a specific ring?


Protection rings
Barriers between components of different trust
levels

Requires them to communicate through strict


interfaces

When processes execute, they do so in a security


context - user mode or privileged mode depending upon which ring that process
executes within

Processes can access resources in the same or


lower ring only

Processes with a higher trust level have a larger


domain of system resources available to them

System protection - Trusted computing base


TCB

All mechanisms that provide protection for a system

Software, firmware, hardware components

Term originated from the Orange Book

These components are highly scrutinized when being evaluated for an assurance
rating

TCB is made up of trusted processes that are executed in


privileged mode

Security perimeter delineates what is within the TCB and what


processes are not within the TCB

System protection - Reference monitor


Reference monitor
Access control concept that is referred to as an abstract machine that
mediates all accesses to objects

Controls relationship between subjects and objects


The access control security policy of a specific system

Security kernel
TCB components that enforce the reference monitors access rules
Physical implementation of the reference monitor
Security kernel is a portion of the TCB that is concerned specifically with
access control

Agenda
Models
State Machine
Bell-LaPadula
Biba
Clark-Wilson
Non-interference
Information-flow
Lattice
Grant-Take
Brewer and Nash
(Chinese-Wall)

Access control models


Models
Provides rules and structures used to control access and
show how access decisions are made

The main components are subjects, objects, operations and


their relationships

The goal is to control how objects are accessed and ensure


one security principle or another (confidentiality, integrity)

A model gives formation to


a policy and provides
direction for programming.

Access control models - Bell-LaPadula


Characteristics
Confidentiality model

Does not address integrity or availability

Information flow model where information cannot flow to


an object of lesser or non-comparable classification
Top Secret data cannot flow to an object with Secret classification

Mathematical model that uses a set theory to define access


rights while keeping a secure operating state
Basic Security Theorem = any activity will always result in a secure state

Maps a subjects clearance and an objects classification


and creates a dominance relationship

The clearance of the subject attempting to access an


object is compared with that objects classification

Brewer and Nash Model Chinese Wall


Model characteristics
Published in 1989 to ensure fair competition
Mathematical theory used to implement dynamically
changing access permissions

Defines a wall and develops a set of rules that ensures no


subject accesses objects on the other side of the wall

Individuals are only allowed to access data that does not


present a conflict of interest
If a user accesses one companys data, the competitors data can
automatically be deemed off limits

Way of separating competitors data within the same


integrated database

Tries to ensure that users do not make fraudulent


modifications to objects

Agenda
Security evaluations
Trusted Computer System
Evaluation Criteria (TCSEC)

Information Technology
Security Evaluation Criteria
(ITSEC)

Common Criteria

Trusted Computer System Evaluation


Criteria (TCSEC)

TCSEC Characteristics
Developed by the National Computer Security Center (NCSC)
Alias Orange Book
Based on the Bell-LaPadula model

Deals with confidentiality, no other security principle

Uses a hierarchically ordered series of evaluation classes


Each class increases by one trust factor

Six fundamental requirements

Security policy well-defined policy enforced by the product


Marking labels associated with objects
Identification individual identification of subjects
Accountability audit data collected and protected
Assurance mechanisms evaluated separately to ensure that the system
enforces the security policy
Continuous protection trusted mechanisms that enforce the policy must be
always protected against unauthorized changes and tampering

TCSEC rating breakdown


A1

Verified Protection (formal methods)

B1, B2, B3

Mandatory Protection

C1, C2

Discretionary Protection

Minimal Security

A Full Rainbow Series was developed.

26 books in all covering items not addressed in the Orange


Book

Red Book = Trusted Network Interpretation (TNI)

Common Criteria components


Protection profile
Description of needed security solution
Real world need
Target of evaluation
Product proposed to provide needed security solution
Security target
Written by vendor explaining security functionality and assurance
mechanisms that meet the needed security solution

This is what our product does and how it does it

Packages Evaluation Assurance Levels (EAL)


Functional and assurance requirements are bundled into packages
for re-use

Describes what must be met to achieve specific EAL ratings

Common Criteria outline

Product and its rating is put on an Evaluated Products List (EPL).

Agenda
Threats to systems
Covert channels
Backdoors
Timing attacks
Race conditions
Buffer overflows
SYN flood
Session hijacking
Man-in-the-middle
Land attacks
Ping-of-death
Distributed denial-of-service
attacks

Disclosing data in an unauthorized manner


Covert channels
Channel = path used to transfer data

Flaws with channels and access controls can lead to covert channels

Overt channel = medium designed for data transfer

Covert timing channel


Process relays information to another by modulating its use of

Covert channel = medium was not designed for data


transferring, but can be maliciously used that way
Allows processes at two different security levels to communicate

system resources

Covert storage channel


Process writes data to a storage location and another process of
lower clearance reads it

Cell phone cloning

Cloning cell phones

Each cell phone has an electronic serial


number (ESN)
and a mobile identification number (MIN)
ESN = phone ID
MIN = phone number

Attacker intercepts phone signals to capture


these numbers

Cloning
Reprogramming a cell phone with a ESN/MIN pair from
another cell phone

Tumbling
Changing the ESN/MIN pair values for each call

CISSP Essentials:
Mastering the Common Body of Knowledge
Lecturer Shon Harris, CISSP, MCSE
President, Logical Security
www.LogicalSecurity.com
[email protected]

Coming next: Class 5:

Telecommunications and networking


Register at the CISSP Essentials Library:
www.searchsecurity.com/CISSPessentials

You might also like