1 / 28

Principles of Security Models, Design, and Capabilities

Learn about security models, closed and open systems, techniques for ensuring confidentiality, integrity, and availability, controls, trust and assurance, and fundamental concepts of security models.

spadaforaa
Télécharger la présentation

Principles of Security Models, Design, and Capabilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 8: Principles of Security Models, Design, and Capabilities

  2. Implement and Manage Engineering Processes Using Secure Design Principles • Objects and subjects • Closed and open systems • Techniques for ensuring confidentiality, integrity, and availability • Controls • Trust and assurance

  3. Objects and Subjects • Subject (often a user) • Object (a resource) • Managing relationship between subject and object is access control • Transitive trust

  4. Closed and Open Systems • Closed system • Proprietary standards • Hard to integrate • Possibly more secure • Open system • Open or industry standards • Easier to integrate • Open source vs. closed source

  5. Techniques for Ensuring Confidentiality, Integrity, and Availability • Confinement • Sandboxing • Bounds • Isolation

  6. Controls • Discretionary access control • Mandatory access control • Rule-based access control

  7. Trust and Assurance • Integrated before and during design • Security must be: • Engineered, implemented, tested, audited, evaluated, certified, and accredited • Trusted system • Security mechanisms work together to provide a secure computing environment • Assurance • Degree of confidence in satisfaction of security needs

  8. Understand the Fundamental Concepts of Security Models • Trusted Computing Base • State Machine Model • Information Flow Model • Noninterference Model • Take-Grant Model • Access Control Matrix • Bell-LaPadula Model • Biba Model • Clark-Wilson Model • Brewer and Nash Model (aka Chinese Wall) • Goguen-Meseguer Model • Sutherland Model • Graham-Denning Model

  9. Trusted Computing Base • Defined in DoD 5200.28 Orange Book • Security perimeter • Trusted paths • Reference monitor • Security kernel

  10. State Machine Model • Always secure no matter what state it is in • Finite state machine (FSM) • State transition • Secure state machine • The basis for most other security models

  11. Information Flow Model • Based on the state machine model • Prevent unauthorized, insecure, or restricted information flow • Controls flow between security levels • Can be used to manage state transitions

  12. Noninterference Model • Based on information flow model • Separates actions of subjects at different security levels • Composition theories • Cascading • Feedback • Hookup

  13. Take-Grant Model • Dictates how rights can be passed between subjects • Take rule • Grant rule • Create rule • Remove rule

  14. Access Control Matrix • A table of subjects, objects, and access • Columns are ACLs • Rows are capability lists • Can be used in DAC, MAC, or RBAC

  15. Bell-LaPadula Model • Based on DoD multilevel security policy • Focuses only on confidentiality • Lattice-based access control • Simple security property • * (star) security property • Discretionary security property

  16. Biba Model • Based on the inverse of Bell-LaPadula • Focuses only on integrity • Simple integrity property • * (star) integrity property

  17. Clark-Wilson Model • Focuses on integrity • Access control triplet • Controls access through an intermediary program or restricted interface • Well-formed transactions • Separation of duties

  18. Brewer and Nash Model(aka Chinese Wall) • Prevents conflicts of interest • Based on dynamic access changes based on user activity • Access to conflicting data is temporarily blocked

  19. Goguen-Meseguer Model • Focuses on integrity • The basis of the noninterference model • Based on a predetermined set/domain of objects a subject can access • Based on automation theory and domain separation

  20. Sutherland Model • Focuses on integrity • Prevent interference in support of integrity • Defines a set of system states, initial states, and state transitions • Commonly used to prevent covert channels from influencing processes

  21. Graham-Denning Model • Securely manage objects and subjects • Securely create object/subject • Securely delete object/subject • Securely provide read access right • Securely provide grant access right • Securely provide delete access right • Securely provide transfer access right

  22. Select Controls and Countermeasures Based on Systems Security Evaluation Models • Rainbow Series • ITSEC Classes and Required Assurance and Functionality • Common Criteria • Industry and International Security Implementation Guidelines • Certification and Accreditation

  23. Rainbow Series • TCSEC – Orange Book • Confidentiality • D, C1, C2, B1, B2, B3, A1 • Red Book • Trusted Network Interpretation of TCSEC • Confidentiality and integrity • None, C1, C2, B2 • Green Book • Password management guidelines

  24. ITSEC Classes and Required Assurance and Functionality • Rates functionality (F) and assurance (E) • F-D through F-B3 • E0 through E6 • Confidentiality, integrity, and availability

  25. Common Criteria • Designed to replace prior systems • ISO 15408 • Protection profiles • Security targets • Evaluation Assurance Level (EAL)

  26. Industry and International Security Implementation Guidelines • Payment Card Industry – Data Security Standards (PCI-DSS) • International Organization for Standardization (ISO)

  27. Certification and Accreditation • Certification • Comprehensive evaluation of security against security requirements • Accreditation • Formal designation by DAA that system meets organizational security needs • Risk Management Framework (RMF) • Committee on National Security Systems Policy (CNSSP) • Definition, verification, validation, post-accreditation

  28. Understand Security Capabilities of Information Systems • Memory protection • Virtualization • Trusted Platform Module • Hardware security module (HSM) • Interfaces • Fault tolerance

More Related