8/10/2019 Domain4_Security Architecture & Models
1/26
CISSP Essentials:
Mastering the Common Body of Knowledge
Class 4:
Security architecture and
models
Lecturer Shon Harris, CISSP, MCSE
President, Logical Security
8/10/2019 Domain4_Security Architecture & Models
2/26
CISSP Essentials Library:
www.searchsecurity.com/CISSPessentials
Class 4 Quiz:
www.searchsecurity.com/Class4quiz
Class 4 Spotlight:
www.searchsecurity.com/Class4spotlight
CISSP Essentials:
Mastering the Common Body of Knowledge
8/10/2019 Domain4_Security Architecture & Models
3/26
Security architecture and models objectives
Computer architecture, software,
hardware componentsOperating system protection
mechanisms
Access control models
Evaluation assurance criterionand ratings
Certification and accreditationprocesses
Attack types
8/10/2019 Domain4_Security Architecture & Models
4/26
Agenda
Hardware and software
computer componentsMemory types and uses
Storage types
Processes and threads
Language generations
8/10/2019 Domain4_Security Architecture & Models
5/26
Hardware components - Central Processing
Unit (CPU)
CPU components Primary storage
Registers that store instructionsand data that needs to be
processed
Control unit Coordinates activities during
program instruction execution
Does not process data, butcontrols processes that carry out
execution
Arithmetic Logic Unit (ALU) Performs mathematical and
logical functions on the data
8/10/2019 Domain4_Security Architecture & Models
6/26
Memory management
Responsibilities
Keep track of used and unused memory segments Assign memory segments to processes
Manage swapping between main memory andsecondary storage
Memory protection Ensure that processes do not corrupt each others memory
Access control Ensure that a requesting process has the necessary rights to access a memory
section
Keeping track of software and virtual addressing schemes
Multi-user operating system requires a more complex memorymanager
MS-DOS and Windows 9xare single-user operating systems
8/10/2019 Domain4_Security Architecture & Models
7/26
States that processes work in
Different states
Stopped The process is not running Could be stopped by the operating system or
user
Waiting
The process is waiting for an interrupt to be able
to be processed by the CPU
Software interrupts allow time slicing andsharing of the CPU
Running The process instructions are being executed by
the CPU
Run-time
Ready Available to be used and waiting for an instruction
Waiting for a request from an application or
user
8/10/2019 Domain4_Security Architecture & Models
8/26
Language types
Machine Language 1GL
Executed directly by CPUAssembly Language 2GL
Written in hexadecimal representation 1 character = 8 bits
Translated into machine language by an assembler
High-Level Language 3GL, 4GL, 5GL Easier to write by working at an abstraction level
Requires a compiler or interpreter to turn source code into objectcode
Object code = machine language that still needs to be converted into binary.
Complier. All of source code is converted to object code
Interpreter. One line at a time is converted to object code
8/10/2019 Domain4_Security Architecture & Models
9/26
Agenda
System self protection
Levels of access to resources andtrust levels
Memory segmenting
Process isolation
Layering and data hiding Virtual machines
Protection rings
Security domains
Trusted computing base
8/10/2019 Domain4_Security Architecture & Models
10/26
System protection - Protection rings
Protection rings separate processes at different trust levels. The
rings are provided by the CPUs architecture. The operating
system can be written to use all or some of the rings.
8/10/2019 Domain4_Security Architecture & Models
11/26
What does it mean to be in a specific ring?
Protection rings
Barriers between components of different trustlevels
Requires them to communicate through strictinterfaces
When processes execute, they do so in a securitycontext - user mode or privileged mode -depending upon which ring that process
executes within
Processes can access resources in the same orlower ring only
Processes with a higher trust level have a largerdomain of system resources available to them
8/10/2019 Domain4_Security Architecture & Models
12/26
System protection - Trusted computing base
TCB All mechanisms that provide protection for a system
Software, firmware, hardware components
Term originated from the Orange Book These components are highly scrutinized when being evaluated for an assurance
rating
TCB is made up of trusted processes that are executed inprivileged mode
Security perimeter delineates what is within the TCB and whatprocesses are not within the TCB
8/10/2019 Domain4_Security Architecture & Models
13/26
System protection - Reference monitor
Reference monitor
Access control concept that is referred to as an abstract machine that
mediates all accesses to objects Controls relationship between subjects and objects
The access control security policy of a specific system
Security kernel
TCB components that enforce the reference monitors access rules Physical implementation of the reference monitor
Security kernel is a portion of the TCB that is concerned specifically withaccess control
8/10/2019 Domain4_Security Architecture & Models
14/26
Agenda
Models
State Machine Bell-LaPadula
Biba
Clark-Wilson
Non-interference
Information-flow
Lattice
Grant-Take
Brewer and Nash(Chinese-Wall)
8/10/2019 Domain4_Security Architecture & Models
15/26
Access control models
Models
Provides rules and structures used to control access and
show how access decisions are made
The main components are subjects, objects, operations andtheir relationships
The goal is to control how objects are accessed and ensure
one security principle or another (confidentiality, integrity)
A model gives formation to
a policy and providesdirection for programming.
8/10/2019 Domain4_Security Architecture & Models
16/26
Access control models - Bell-LaPadula
Characteristics
Confidentiality model Does not address integrity or availability
Information flow model where information cannot flow toan object of lesser or non-comparable classification
Top Secret data cannot flow to an object with Secret classification
Mathematical model that uses a set theory to define accessrights while keeping a secure operating state
Basic Security Theorem = any activity will always result in a secure state
Maps a subjects clearance and an objects classification
and creates a dominance relationship
The clearance of the subject attempting to access anobject is compared with that objects classification
8/10/2019 Domain4_Security Architecture & Models
17/26
Brewer and Nash Model Chinese Wall
Model characteristics
Published in 1989 to ensure fair competition
Mathematical theory used to implement dynamicallychanging access permissions
Defines a wall and develops a set of rules that ensures nosubject accesses objects on the other side of the wall
Individuals are only allowed to access data that does notpresent a conflict of interest
If a user accesses one companys data, the competitors data canautomatically be deemed off limits
Way of separating competitors data within the sameintegrated database
Tries to ensure that users do not make fraudulentmodifications to objects
8/10/2019 Domain4_Security Architecture & Models
18/26
Agenda
Security evaluations
Trusted Computer SystemEvaluation Criteria (TCSEC)
Information TechnologySecurity Evaluation Criteria
(ITSEC) Common Criteria
8/10/2019 Domain4_Security Architecture & Models
19/26
Trusted Computer System Evaluation
Criteria (TCSEC)TCSEC Characteristics
Developed by the National Computer Security Center (NCSC) Alias Orange Book
Based on the Bell-LaPadula model Deals with confidentiality, no other security principle
Uses a hierarchically ordered series of evaluation classes Each class increases by one trust factor
Six fundamental requirements Security policy well-defined policy enforced by the product
Marking labels associated with objects
Identification individual identification of subjects
Accountability audit data collected and protected
Assurance mechanisms evaluated separately to ensure that the systemenforces the security policy
Continuous protection trusted mechanisms that enforce the policy must bealways protected against unauthorized changes and tampering
8/10/2019 Domain4_Security Architecture & Models
20/26
TCSEC rating breakdown
A1 Verified Protection (formal methods)
B1, B2, B3 Mandatory ProtectionC1, C2 Discretionary Protection
D Minimal Security
A Full Rainbow Series was developed.
26 books in all covering items not addressed in the Orange
Book Red Book = Trusted Network Interpretation (TNI)
8/10/2019 Domain4_Security Architecture & Models
21/26
Common Criteria components
Protection profile
Description of needed security solution
Real world need
Target of evaluation
Product proposed to provide needed security solution
Security target Written by vendor explaining security functionality and assurance
mechanisms that meet the needed security solution
This is what our product does and how it does it
Packages Evaluation Assurance Levels (EAL) Functional and assurance requirements are bundled into packages
for re-use
Describes what must be met to achieve specific EAL ratings
8/10/2019 Domain4_Security Architecture & Models
22/26
Common Criteria outline
Product and its rating is put on an Evaluated Products List (EPL).
8/10/2019 Domain4_Security Architecture & Models
23/26
Agenda
Threats to systems
Covert channels
Backdoors
Timing attacks
Race conditions
Buffer overflowsSYN flood
Session hijacking
Man-in-the-middle
Land attacks
Ping-of-death
Distributed denial-of-service
attacks
8/10/2019 Domain4_Security Architecture & Models
24/26
Disclosing data in an unauthorized manner
Covert channels
Channel = path used to transfer data Flaws with channels and access controls can lead to covert channels
Overt channel = medium designed for data transfer
Covert channel = medium was not designed for data
transferring, but can be maliciously used that way Allows processes at two different security levels to communicate
Covert timing channel Process relays information to another by modulating its use of
system resources
Covert storage channel Process writes data to a storage location and another process of
lower clearance reads it
8/10/2019 Domain4_Security Architecture & Models
25/26
Cell phone cloning
Cloning cell phones Each cell phone has an electronic serial
number (ESN)
and a mobile identification number (MIN)
ESN = phone ID
MIN = phone number
Attacker intercepts phone signals to capture
these numbers Cloning
Reprogramming a cell phone with a ESN/MIN pair fromanother cell phone
Tumbling Changing the ESN/MIN pair values for each call
8/10/2019 Domain4_Security Architecture & Models
26/26
CISSP Essentials:
Mastering the Common Body of Knowledge
Lecturer Shon Harris, CISSP, MCSE
President, Logical Security
www.LogicalSecurity.com
Coming next:Class 5:Telecommunications and networking
Register at the CISSP Essentials Library:
www.searchsecurity.com/CISSPessentials
Top Related