Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.

Slides:

Advertisements

Similar presentations

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

Advertisements

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Chapter 3 Multics. Chapter Overview Multics contribution to technology Multics History Multics System – Fundamentals – Security Fundamentals – Protection.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

Effective Design of Trusted Information Systems Luděk Novák,

Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.

Access Control Methodologies

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Security Models and Architecture

Secure Operating Systems Lesson 0x11h: Systems Assurance.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

Security Controls – What Works

COEN 351: E-Commerce Security Public Key Infrastructure Assessment and Accreditation.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Information Systems Security Security Architecture Domain #5.

SEC835 Database and Web application security Information Security Architecture.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Storage Security and Management: Security Framework

Trusted System? What are the characteristics of a trusted system?

Chapter 5 – Designing Trusted Operating Systems  What makes an operating system “secure”? Or “trustworthy?  How are trusted systems designed, and which.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Chapter 5 Network Security

Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.

Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.

Domain 6 Security Architecture and Models Domain Objective The objective of this domain is to understand: security models in terms of confidentiality,

AUTHORS – X. NIE, D. FENG, J. CHE, X. WANG PRESENTED BY- PREOYATI KHAN KENT STATE UNIVERSITY Design and Implementation of Security Operating System based.

ISA 400 Management of Information Security

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Chapter 5 – Designing Trusted Operating Systems

Trusted Operating Systems

Security Architecture and Design: Part II

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.

Chapter 8: Principles of Security Models, Design, and Capabilities

Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK

CSCE 727 Awareness and Training Secure System Development and Monitoring.

Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.

@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.

Chap5: Designing Trusted Operating Systems.  What makes an operating system “secure”? Or “trustworthy”?  How are trusted systems designed, and which.

Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 5: Security Architecture and Models.

1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.

9- 1 Last time ● User Authentication ● Beyond passwords ● Biometrics ● Security Policies and Models ● Trusted Operating Systems and Software ● Military.

MLS/MCS on SE Linux Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework Uses.

Computer Security Introduction

CS457 Introduction to Information Security Systems

TCSEC: The Orange Book.

Access Control Model SAM-5.

Information Security, Theory and Practice.

Security+ All-In-One Edition Chapter 1 – General Security Concepts

Security Models and Designing a Trusted Operating System

Chapter 1: Introduction

Secure Software Confidentiality Integrity Data Security Authentication

Official levels of Computer Security

Chapter 19: Building Systems with Assurance

CP3397 Design of Networks and Security

THE ORANGE BOOK Ravi Sandhu

Operating System Security

Operating System Concepts

CSE 542: Operating Systems

Presentation transcript:

Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416

Information Flow Model Example: Bell-LaPadula – Prevent flow from high to low security

Covert Channels 1=FileA is locked 0=FileA is not locked Countermeasures – Common Criteria EAL6 has formally verified the absence of covert channels.

Noninterference Model If a lower-level entity is aware of activity at a higher level Inference attack = Information leaking attack – Observe executives from Staples and Home Depot meeting? Merger affecting stock prices!

Lattice Models Table 4-1 on page 381

Brewer and Nash Model Chinese Wall Figure 4-25 on page 384

Graham-Denning Model Details for 8 primitive rights on page 384

Dedicated Security Mode All users have clearance for and need-to-know for all data processed in the system Many military systems can handle only one level of security

System High-Security Mode All users have high security mode but may not have need-to-know for all data

Compartmented Security Mode All user have security clearance May not have need-to-know May not have formal access approval

Multilevel Security Mode System has various security levels – Example: Bell-LaPadula User also must have need-to-know and formal approval

Guards Software and hardware protections for flow of information between low-assurance and high- assurance systems

Trust and Assurance Trust level – how much protection to expect out of a system Assurance – the system will act correctly and predictably in each and every situation, more in depth Orange book – different levels of evaluation of assurance

Orange Book U.S. Department of Defense Division D: Minimal protection Division C: Discretionary Protection C1: Discretionary Security Protection – Same security level C2: Controlled Access Protection – Authentication and Authorization – Auditing – Memory erased after use

Orange Book Division B: Mandatory Protection B1: Labeled Security – Objects- Classification Labels – Subject – Clearance Labels

Orange Book B2: Structured Protection – Security policy defined and documented – Design and implementation reviewed and tested – No covert channels – Trusted path for authentication and authorization – Higher level of assurance

Orange Book B3 – Security Domains – Design and implementation of security code must not be too complex so can be tested – For highly secure environment that processes sensitive information – Highly resistant to penetration

Orange Book Division A – Verified Protection A1 – Verified Design – More assurance than B3 because formally (mathematically) designed and verified

Red Book Framework for network security Encryption and protocols Communication integrity – Authentication, message integrity, non- repudiation Denial of Service protection Data Flow protection – Confidentiality, Traffic-flow confidentiality

ITSEC European Functionality: F1 to F10 – Evaluation of the functionality of security protection mechanisms Assurance: E0 to E6 – Correctness and effectiveness

Common Criteria ISO global standard EAL – Evaluation Assurance Level Page 402 EAL1 – Functionally tested EAL2 – Structurally tested EAL3 – Methodically tested and checked

Common Criteria EAL4 – Methodically designed, tested, and reviewed EAL5 – Semiformally designed and tested EAL6 – Semiformally verified design and tested EAL7 – Formally verified design and tested

Common Criteria Allows consumers to compare products

Certification vs Accreditation Certification – Technical evaluation of a security component Accreditation – Formal acceptance of system and risk

Open vs Closed System Open – built upon standards, protocols, specifications that are published. – Windows, Linux, Mac – More security tools – More attacks Closed – Proprietary, communicates only with like systems – Security through obscurity

Bugs “Carnegie Mellon University estimates that there are 5 to15 bugs in every 1,000 lines of code. Windows 2008 has million lines of code.” The rich functionality demanded by users brings about deep complexity, which usually opens the doors to vulnerabilities.

Maintenance Hook Backdoor for developers Countermeasures – Host intrusion detection system to watch for hackers using a backdoor – File system encryption

TOC/TOU Time –of-check/Time-of-use OS validates access to file/ User changes file to point to Password file/ User accesses the file Race Condition