Security Architectures - Arkansas State University

Security Architectures - Arkansas State University

Information Systems Security Security Architecture Domain #5 Hardware Components CPU Primary Storage Control Unit Coordinates activities during instruction execution Does not process data

Arithmetic Logic Unit (ALU) Perform mathematical functions on data Memory Types Primary Memory (RAM/ROM/EPROM/EE) Real Memory Available to users Cache Memory Buffers used to increase performance Holds data that is accessed often

Virtual Memory Combination of real and secondary storage Memory Management

Keep track of used memory segments Assign memory to processes Manage swapping Memory protection Access control Control virtual memory addressing Protection Rings Organize Code and components in an operating system into concentric rings

Modern OSs use a 4-ring model Ring 0 highest privilege kernel Ring 1 remainder of the OS Ring 2 drivers and utilities Ring 3 applications and programs user mode Hardware Bus Data Bus Transfers instructions and data Differs based on architectures

EISA 8/16 MCA 16/32 VLB 32 PCI 32/64 AGP - 32 Process and Threads Process Application and users run as processes in OS Process can contain several threads of code Thread are individual instruction sets

Threads Advantages Much quicker to create than a process Much quicker to switch between threads Share data easier Used in browsers and windowing systems Disadvantages No security between threads If one user thread blocks, all are blocked

Process States Stopped not running Waiting waiting for interrupt Running being executed by the CPU Ready available and waiting for instruction System Functionality Multithreading Several threads processing at one time

Multitasking Several processes at one time Multiprocessing Multiple CPU available System Security Modes Dedicated Security Mode All users have clearance and need-to-know to access all information on the system Does not require complex methods of

controlling access between different levels Multilevel Security Mode All users have clearance but not need-to-know Two of more levels of classification Data is compartmentalized in containers Security Modes Dedicated Mode Single state system All have need to know and clearance

System High Mode All have need-to-know for some material Compartmented Mode Not all have access for all information Multilevel Mode Not all have clearance or need-to-know Levels of System Trust

Processes with higher trust can access more system instructions CPU architecture dictates the levels of trust available and the rights of access CPU executes instructions in different states depending upon the process trust level User mode less trusted Privilege mode most trusted Trusted Computing Base All mechanisms that provide protection for

the system Software, firmware, hardware Made up of processes that executed in privileged mode Term originated from the Orange Book System Protection Reference Monitor Access control concept that is referred to as an abstract machine that mediates all accesses

Controls relationship between subjects and objects Security Kernel Enforces the reference monitors rules Physical implementation of reference monitor Part of TCB concerned with access control Access Control Models Provides rules and structures used to control access and shows how decisions

are made Main components are subjects, objects, operations, and their relationships Goal is to control how objects are accessed and ensure a security principle Confidentiality, integrity Finite State Machine Execution sequence for each possible state transformation Mappings for each state change

Does not specify protection mechanisms or means of enforcing model If system comes up in a secure state and shuts down in a secure state, the system is secure Information Flow Information must flow securely through the system Bell Lapadula Biba

Clark-Wilson Take-Grant Access Control Matrix Noninterference Bell LaPadula Confidentiality Model Information cannot flow to an object of lesser classification Mathematical model uses a set theory to define access rights

Maps a subjects clearance and an objects classification and creates a relationship Rules Subjects cannot read data from an object in a higher security level No Read Up simple security property No Write Up star property No Write Up and No Read Down strong star Biba

Integrity Model No subject can depend on an object of lesser integrity Based on hierarchical lattice Prevents modification of objects by unauthorized subjects Prevents unauthorized modification by authorized users Rules of Biba No Write Up integrity axiom

No writing data at a higher integrity level No Read Down simple axiom No reading data from a lower integrity level Disadvantages Does not address confidentiality Does not address control management nor provide a way to change classification levels Clark - Wilson

Integrity Model Model for commercial integrity Requires well formed transactions and separation of duties Does not use lattice approach, partitions objects into programs and data Access triple subject must go through a program to access and modify data Separation of duties with auditing required Non-Interference

Based on theory where users are separated into different domains An output stream remains unchanged when inputs come from levels that are less dominant Subject cannot be influenced by the behavior of other subjects at higher security levels Lattice Based Every subject and object relationship has a

partially ordered set with a lower and upper bounds Rules are set that dictate how information can flow from one class to another Confidential can flow to secret but secret cannot flow to confidential Access Control Relational table Specifies the operations and rights allowed for each subject

Access Control Lists DACL, trustees Brewer - Nash Also known as Chinese Wall Mathematical theory used to implement dynamically changing access permissions Defines a wall and develops a set of rules that ensures no subject accesses objects on the other side Enforces no conflict of interest rules Allows separation of competitors data

Take Grant Mathematical framework for granting and revoking access authorization Analytical tool for auditors to test software security Rules for how users transfer their permissions to others Trusted Computer System Evaluation Criteria (TCSEC)

Developed by National Security Computer Center Based on the Bell-LaPadula model Uses a series of evaluation classes Orange Book Requirements of TCSEC

Security Policy Marking labels associated with objects Identification individual ID of subjects Accountability audit data collected Assurance each mechanism evaluated Continuous protection mechanisms always protected against unauthorized changes

TCSEC Ratings A1 Verified Protection B3,B2,B1 Mandatory Protection C2,C1 Discretionary Protection

D Minimal Security Red Book Trusted Network Interpretation Layers of TCSEC

C1 Discretionary Security Protection C2 Controlled Access Protection B1 Labeled Security B2 Structured Security (covert channels) B3 Security Domains (covert timing) A1 Verified Protection Information Technology Security Evaluation Criteria (ITSEC) Evaluates functionality and assurance separately

F1 to F10 for functionality E0 to E6 for assurance E0 = D F1+E1 = C1 F2+E2 = C2 F3+E3 = B1 etc ITSEC Advantages More granular approach

Goes beyond the Orange Book Disadvantages Increased amount of rating combinations Still does not provide all the answers Common Criteria

ISO created in 1993 TCSEC was too rigid ITSEC added too much complexity Target of Evaluation (TOE) Security Target (ST) EALs E1 (functionally tested only) E7(formally verified, designed, and tested)

Covert Channels Timing Channels conveys information by altering the performance of a system component in a predictable manner Storage Channels conveys information by writing data to a common storage area where another process can read it. Level B2 address covert channels Level B3 address covert timing Certification and Authentication

Certification 1st phase comprehensive evaluation of the security features of an IT system Accreditation Management decides the certification of the system satisfies their needs Definition, Verification, Validation, Post Accreditation

Other Threats Back Doors

Maintenance Hooks Asynchronous Attack TOC/TOU Race Attacks Data Validation (Unicode attack) Buffer Overflow (Use input controls) SYN Flood Ping of Death More Attacks TCP Session Hijacking Web Spoofing

DNS Poisoning

Recently Viewed Presentations

  • The impact of cloud water schemes on seasonal

    The impact of cloud water schemes on seasonal

    The relationships between relative humidity and cloud water (Fig.1b) for each cloud are similar to those between relative humidity and cloud amount. It shows that cloud water paths spread for a given relative humidity.
  • Page 1

    Page 1

    Everyone agrees Mary is the Mother of Jesus Catholic Position: Theotokos- Mary is the God Bearer- Council of Ephesus- present day Turkey ( Asia Minor) Ascending Christology- emphasizes the humanity of Jesus Descending Christology- emphasize the divinity of Jesus Jesus:...
  • Dark Store Litigation Legislative Update Michigan Wisconsin Assessors

    Dark Store Litigation Legislative Update Michigan Wisconsin Assessors

    Sec. 27.(1) As used in this act, "true cash value" means the usual selling price at the place where the property to which the term is applied is at the time of assessment, being the price that could be obtained...
  • Comparison ?s A. How many of the following

    Comparison ?s A. How many of the following

    Study Ideas Make lists of structures for common purposes, and learn which organisms posses which structures: e.g. Book lungs, book gills, trachea, spiracles papulae, lungs & gills.


    Nostoc occurs in both aquatic and subaerial habitats. A dense mucilage covering (labeled as B in the given figure is present on the outside. Each trichome is beaded, S-shaped and consists of a large number of vegetative cells, a few...
  • 12.5 - Kingdoms of Southeast Asia & Korea

    12.5 - Kingdoms of Southeast Asia & Korea

    12.5 - Kingdoms of Southeast Asia & Korea Geography of SE Asia Two Parts: 1) Indochina - borders China & India 2) Islands - Sumatra, Borneo, Java, etc. Warm, Humid = Monsoon Winds = rain Rivers & valleys intersected by...
  • Mediastinum: It is the partition between the two

    Mediastinum: It is the partition between the two

    Interventricular septum Thickness Opening in LV: Mitral opening and valve Aortic opening and valve Pulmonary valve Aortic valve Mitral valve Tricuspid valve Papillary muscle Conducting system of the heart: Formed of modified myocardial fibers called (Purkinje fibers) which are specialized...
  • Determined - "સુરતી ઉંધીયુ"

    Determined - "સુરતી ઉંધીયુ"

    Remembering that I'll be dead soon is the most important tool I've ever encountered to help me make the big choices in life. Because almost everything — all external expectations, all pride, all fear of embarrassment or failure — these...