280 likes | 293 Views
Learn about security models, closed and open systems, techniques for ensuring confidentiality, integrity, and availability, controls, trust and assurance, and fundamental concepts of security models.
E N D
Chapter 8: Principles of Security Models, Design, and Capabilities
Implement and Manage Engineering Processes Using Secure Design Principles • Objects and subjects • Closed and open systems • Techniques for ensuring confidentiality, integrity, and availability • Controls • Trust and assurance
Objects and Subjects • Subject (often a user) • Object (a resource) • Managing relationship between subject and object is access control • Transitive trust
Closed and Open Systems • Closed system • Proprietary standards • Hard to integrate • Possibly more secure • Open system • Open or industry standards • Easier to integrate • Open source vs. closed source
Techniques for Ensuring Confidentiality, Integrity, and Availability • Confinement • Sandboxing • Bounds • Isolation
Controls • Discretionary access control • Mandatory access control • Rule-based access control
Trust and Assurance • Integrated before and during design • Security must be: • Engineered, implemented, tested, audited, evaluated, certified, and accredited • Trusted system • Security mechanisms work together to provide a secure computing environment • Assurance • Degree of confidence in satisfaction of security needs
Understand the Fundamental Concepts of Security Models • Trusted Computing Base • State Machine Model • Information Flow Model • Noninterference Model • Take-Grant Model • Access Control Matrix • Bell-LaPadula Model • Biba Model • Clark-Wilson Model • Brewer and Nash Model (aka Chinese Wall) • Goguen-Meseguer Model • Sutherland Model • Graham-Denning Model
Trusted Computing Base • Defined in DoD 5200.28 Orange Book • Security perimeter • Trusted paths • Reference monitor • Security kernel
State Machine Model • Always secure no matter what state it is in • Finite state machine (FSM) • State transition • Secure state machine • The basis for most other security models
Information Flow Model • Based on the state machine model • Prevent unauthorized, insecure, or restricted information flow • Controls flow between security levels • Can be used to manage state transitions
Noninterference Model • Based on information flow model • Separates actions of subjects at different security levels • Composition theories • Cascading • Feedback • Hookup
Take-Grant Model • Dictates how rights can be passed between subjects • Take rule • Grant rule • Create rule • Remove rule
Access Control Matrix • A table of subjects, objects, and access • Columns are ACLs • Rows are capability lists • Can be used in DAC, MAC, or RBAC
Bell-LaPadula Model • Based on DoD multilevel security policy • Focuses only on confidentiality • Lattice-based access control • Simple security property • * (star) security property • Discretionary security property
Biba Model • Based on the inverse of Bell-LaPadula • Focuses only on integrity • Simple integrity property • * (star) integrity property
Clark-Wilson Model • Focuses on integrity • Access control triplet • Controls access through an intermediary program or restricted interface • Well-formed transactions • Separation of duties
Brewer and Nash Model(aka Chinese Wall) • Prevents conflicts of interest • Based on dynamic access changes based on user activity • Access to conflicting data is temporarily blocked
Goguen-Meseguer Model • Focuses on integrity • The basis of the noninterference model • Based on a predetermined set/domain of objects a subject can access • Based on automation theory and domain separation
Sutherland Model • Focuses on integrity • Prevent interference in support of integrity • Defines a set of system states, initial states, and state transitions • Commonly used to prevent covert channels from influencing processes
Graham-Denning Model • Securely manage objects and subjects • Securely create object/subject • Securely delete object/subject • Securely provide read access right • Securely provide grant access right • Securely provide delete access right • Securely provide transfer access right
Select Controls and Countermeasures Based on Systems Security Evaluation Models • Rainbow Series • ITSEC Classes and Required Assurance and Functionality • Common Criteria • Industry and International Security Implementation Guidelines • Certification and Accreditation
Rainbow Series • TCSEC – Orange Book • Confidentiality • D, C1, C2, B1, B2, B3, A1 • Red Book • Trusted Network Interpretation of TCSEC • Confidentiality and integrity • None, C1, C2, B2 • Green Book • Password management guidelines
ITSEC Classes and Required Assurance and Functionality • Rates functionality (F) and assurance (E) • F-D through F-B3 • E0 through E6 • Confidentiality, integrity, and availability
Common Criteria • Designed to replace prior systems • ISO 15408 • Protection profiles • Security targets • Evaluation Assurance Level (EAL)
Industry and International Security Implementation Guidelines • Payment Card Industry – Data Security Standards (PCI-DSS) • International Organization for Standardization (ISO)
Certification and Accreditation • Certification • Comprehensive evaluation of security against security requirements • Accreditation • Formal designation by DAA that system meets organizational security needs • Risk Management Framework (RMF) • Committee on National Security Systems Policy (CNSSP) • Definition, verification, validation, post-accreditation
Understand Security Capabilities of Information Systems • Memory protection • Virtualization • Trusted Platform Module • Hardware security module (HSM) • Interfaces • Fault tolerance