Domain4_Security Architecture & Models

8/10/2019 Domain4_Security Architecture & Models

1/26

CISSP Essentials:

Mastering the Common Body of Knowledge

Class 4:

Security architecture and

models

Lecturer Shon Harris, CISSP, MCSE

President, Logical Security


2/26

CISSP Essentials Library:

www.searchsecurity.com/CISSPessentials

Class 4 Quiz:

www.searchsecurity.com/Class4quiz

Class 4 Spotlight:

www.searchsecurity.com/Class4spotlight

CISSP Essentials:



3/26

Security architecture and models objectives

Computer architecture, software,

hardware componentsOperating system protection

mechanisms

Access control models

Evaluation assurance criterionand ratings

Certification and accreditationprocesses

Attack types


4/26

Agenda

Hardware and software

computer componentsMemory types and uses

Storage types

Processes and threads

Language generations


5/26

Hardware components - Central Processing

Unit (CPU)

CPU components Primary storage

Registers that store instructionsand data that needs to be

processed

Control unit Coordinates activities during

program instruction execution

Does not process data, butcontrols processes that carry out

execution

Arithmetic Logic Unit (ALU) Performs mathematical and

logical functions on the data


6/26

Memory management

Responsibilities

Keep track of used and unused memory segments Assign memory segments to processes

Manage swapping between main memory andsecondary storage

Memory protection Ensure that processes do not corrupt each others memory

Access control Ensure that a requesting process has the necessary rights to access a memory

section

Keeping track of software and virtual addressing schemes

Multi-user operating system requires a more complex memorymanager

MS-DOS and Windows 9xare single-user operating systems


7/26

States that processes work in

Different states

Stopped The process is not running Could be stopped by the operating system or

user

Waiting

The process is waiting for an interrupt to be able

to be processed by the CPU

Software interrupts allow time slicing andsharing of the CPU

Running The process instructions are being executed by

the CPU

Run-time

Ready Available to be used and waiting for an instruction

Waiting for a request from an application or

user


8/26

Language types

Machine Language 1GL

Executed directly by CPUAssembly Language 2GL

Written in hexadecimal representation 1 character = 8 bits

Translated into machine language by an assembler

High-Level Language 3GL, 4GL, 5GL Easier to write by working at an abstraction level

Requires a compiler or interpreter to turn source code into objectcode

Object code = machine language that still needs to be converted into binary.

Complier. All of source code is converted to object code

Interpreter. One line at a time is converted to object code


9/26

Agenda

System self protection

Levels of access to resources andtrust levels

Memory segmenting

Process isolation

Layering and data hiding Virtual machines

Protection rings

Security domains

Trusted computing base


10/26

System protection - Protection rings

Protection rings separate processes at different trust levels. The

rings are provided by the CPUs architecture. The operating

system can be written to use all or some of the rings.


11/26

What does it mean to be in a specific ring?

Protection rings

Barriers between components of different trustlevels

Requires them to communicate through strictinterfaces

When processes execute, they do so in a securitycontext - user mode or privileged mode -depending upon which ring that process

executes within

Processes can access resources in the same orlower ring only

Processes with a higher trust level have a largerdomain of system resources available to them


12/26

System protection - Trusted computing base

TCB All mechanisms that provide protection for a system

Software, firmware, hardware components

Term originated from the Orange Book These components are highly scrutinized when being evaluated for an assurance

rating

TCB is made up of trusted processes that are executed inprivileged mode

Security perimeter delineates what is within the TCB and whatprocesses are not within the TCB


13/26

System protection - Reference monitor

Reference monitor

Access control concept that is referred to as an abstract machine that

mediates all accesses to objects Controls relationship between subjects and objects

The access control security policy of a specific system

Security kernel

TCB components that enforce the reference monitors access rules Physical implementation of the reference monitor

Security kernel is a portion of the TCB that is concerned specifically withaccess control


14/26

Agenda

Models

State Machine Bell-LaPadula

Biba

Clark-Wilson

Non-interference

Information-flow

Lattice

Grant-Take

Brewer and Nash(Chinese-Wall)


15/26

Access control models

Models

Provides rules and structures used to control access and

show how access decisions are made

The main components are subjects, objects, operations andtheir relationships

The goal is to control how objects are accessed and ensure

one security principle or another (confidentiality, integrity)

A model gives formation to

a policy and providesdirection for programming.


16/26

Access control models - Bell-LaPadula

Characteristics

Confidentiality model Does not address integrity or availability

Information flow model where information cannot flow toan object of lesser or non-comparable classification

Top Secret data cannot flow to an object with Secret classification

Mathematical model that uses a set theory to define accessrights while keeping a secure operating state

Basic Security Theorem = any activity will always result in a secure state

Maps a subjects clearance and an objects classification

and creates a dominance relationship

The clearance of the subject attempting to access anobject is compared with that objects classification


17/26

Brewer and Nash Model Chinese Wall

Model characteristics

Published in 1989 to ensure fair competition

Mathematical theory used to implement dynamicallychanging access permissions

Defines a wall and develops a set of rules that ensures nosubject accesses objects on the other side of the wall

Individuals are only allowed to access data that does notpresent a conflict of interest

If a user accesses one companys data, the competitors data canautomatically be deemed off limits

Way of separating competitors data within the sameintegrated database

Tries to ensure that users do not make fraudulentmodifications to objects


18/26

Agenda

Security evaluations

Trusted Computer SystemEvaluation Criteria (TCSEC)

Information TechnologySecurity Evaluation Criteria

(ITSEC) Common Criteria


19/26

Trusted Computer System Evaluation

Criteria (TCSEC)TCSEC Characteristics

Developed by the National Computer Security Center (NCSC) Alias Orange Book

Based on the Bell-LaPadula model Deals with confidentiality, no other security principle

Uses a hierarchically ordered series of evaluation classes Each class increases by one trust factor

Six fundamental requirements Security policy well-defined policy enforced by the product

Marking labels associated with objects

Identification individual identification of subjects

Accountability audit data collected and protected

Assurance mechanisms evaluated separately to ensure that the systemenforces the security policy

Continuous protection trusted mechanisms that enforce the policy must bealways protected against unauthorized changes and tampering


20/26

TCSEC rating breakdown

A1 Verified Protection (formal methods)

B1, B2, B3 Mandatory ProtectionC1, C2 Discretionary Protection

D Minimal Security

A Full Rainbow Series was developed.

26 books in all covering items not addressed in the Orange

Book Red Book = Trusted Network Interpretation (TNI)


21/26

Common Criteria components

Protection profile

Description of needed security solution

Real world need

Target of evaluation

Product proposed to provide needed security solution

Security target Written by vendor explaining security functionality and assurance

mechanisms that meet the needed security solution

This is what our product does and how it does it

Packages Evaluation Assurance Levels (EAL) Functional and assurance requirements are bundled into packages

for re-use

Describes what must be met to achieve specific EAL ratings


22/26

Common Criteria outline

Product and its rating is put on an Evaluated Products List (EPL).


23/26

Agenda

Threats to systems

Covert channels

Backdoors

Timing attacks

Race conditions

Buffer overflowsSYN flood

Session hijacking

Man-in-the-middle

Land attacks

Ping-of-death

Distributed denial-of-service

attacks


24/26

Disclosing data in an unauthorized manner

Covert channels

Channel = path used to transfer data Flaws with channels and access controls can lead to covert channels

Overt channel = medium designed for data transfer

Covert channel = medium was not designed for data

transferring, but can be maliciously used that way Allows processes at two different security levels to communicate

Covert timing channel Process relays information to another by modulating its use of

system resources

Covert storage channel Process writes data to a storage location and another process of

lower clearance reads it


25/26

Cell phone cloning

Cloning cell phones Each cell phone has an electronic serial

number (ESN)

and a mobile identification number (MIN)

ESN = phone ID

MIN = phone number

Attacker intercepts phone signals to capture

these numbers Cloning

Reprogramming a cell phone with a ESN/MIN pair fromanother cell phone

Tumbling Changing the ESN/MIN pair values for each call


26/26

CISSP Essentials:


Lecturer Shon Harris, CISSP, MCSE

President, Logical Security

www.LogicalSecurity.com

[email protected]

Coming next:Class 5:Telecommunications and networking

Register at the CISSP Essentials Library:

www.searchsecurity.com/CISSPessentials

Domain4_Security Architecture & Models

Documents

Transcript of Domain4_Security Architecture & Models