Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.

Published bySpencer Cannon Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise."— Presentation transcript:

1 1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise Security Architectures  Trusted Systems

2 Introduction Security architecture describes how system security is integrated to satisfy security requirements. Balance requirements  capability, flexibility,, security, performance…  Security architecture is one aspect of system architecture Security requirements are not just added steps to the development process but they are specifications or guidelines influencing the life cycle 2

3 Process framework for a Security Architecture 3

4 Good and bad architectures  Good security architecture ◦ Strategic, holistic, allows multiple implementations. ◦ Manages the process of setting the architecture, Implementation, Compliance, and Monitoring  Bad architectural planning can result in ◦ No support for new business services ◦ Security breaches and vulnerabilities ◦ Poor understanding by usersof security goals and objectives 4

5 A High-Level Design 5

6 Enterprise Architecture Frameworks  PDCA Approach ( ISO 17799 or ISO 27001 )  TQM and ISO 9001:2000 Total Quality Management 6

7 Enterprise Architecture Frameworks  What is an ISMS? ◦ ISMS = Information Security Management System.  What is for? ◦ Incorporate process into a business which  Influences the quality of the system  Increases product and service quality  Aligns process with business objectives  Implementing an ISMS ◦ Define the IS policy ◦ Define the Scope of ISMS coverage ◦ Go through a security Risk assessment ◦ Identify risks and manage them ◦ Select security controls ◦ Prepare a statement of applicability 7

8 Enterprise Architecture Frameworks  Six Sigma (process variance control framework) ◦ Data driven and measurement based  DMAIC  DMADV  COSO (Committee of Sponsoring Organizations) ◦ The importance of Identifying and managing risk  CMMI (Capability Maturity Model Integration) ◦ Based on TQM ◦ Improving process ◦ Different Maturity levels 8

9 System Level Architectural Concepts  Components which provide basic security services ◦ Integrity of computing processes ◦ Controlled access to system resources ◦ Predictable computing services  Two components: ◦ Hardware ◦ Software  Computer layers include ◦ End user ◦ Application, which sits on top of ◦ Utilities, that sit on top of ◦ Operating systems, which sit on top of ◦ Hardware 9

10 System Level Architecture Concepts  Some of the operating system services are ◦ Process execution ◦ Input and output processing ◦ Error detection and handling ◦ Communication  Security kernel provides critical security services  CPU - two different privilege states ◦ Supervisor state where system programs execute ◦ Application state where application programs and non-privileged programs execute ◦ Process states  Stopped, running, waiting, etc 10

11 System Level Architecture Concepts  Applications ◦ Current applications are portable and execute in a multi-threaded OS.  System approaches ◦ Open or Closed systems ◦ Single level or multi-level systems  System architectures ◦ Centralized vs. Distributed 11

12 System Level Architecture Concepts  Memory management requirements ◦ Protection: users cannot generate address, users can share access, etc ◦ Relocation and Sharing ◦ Logical and Physical organization  Memory Addressing ◦ Logical: requires translation to a physical address ◦ Relative: location relative to known point ( ex: array) ◦ Physical: absolute address or actual location 12

13 System Level Architecture Concepts  Virtual memory ◦ A process uses more memory than what is available in the physical memory ◦ Limited by swap space on disk ◦ Uses the concept of pages and segments  I/O ◦ Inter-process communication which involves locating and relocation data and instructions between a number of storage facilities ( I/O controller, managing memory, etc) 13

14 Basic System Security Concepts  Trusted Computing base (TCB) ◦ Includes all the components and their operating processes and procedures that ensure the security policy of the organization is enforced ◦ It should also be simple and testable ◦ Enforces security policy ◦ Monitors  Process activation  Execution Domain Switching  Memory protection  Input/output Operations 14

15 Basic System Security Concepts  Objects that require protection ◦ Anything on the system such as: Memory, Operating system tables, Directory files, Data structures, etc  Reference Monitor Concept ◦ Abstract machine  Tamperproof  Verifiable  Always invoked (cannot bypass) ◦ Includes  Subjects and objects  What is a Security Kernel? ◦ Hardware, firmware, and software elements of a trusted computing base that implements the reference monitor 15

16 Establishing Confidence in Trusted Systems  Evaluation criteria are standardized methods for establishing confidence that products satisfy the functional and assurance requirements of the organization ◦ Trusted Computer System Evaluation Criteria (TCSEC) – The Orange book (1983-1999) ◦ Information Technology Security Evaluation Criteria (ITSEC) (1991-2001) ◦ Federal criteria 1992 ◦ FIPS 140-1 of 1994 and FIPS-2 of 2001 ◦ Common Criteria (ISO 15408) (1998-present) 16

17 17

Download ppt "1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise."

Similar presentations

CSC 360- Instructor: K. Wu Overview of Operating Systems.

CSC 360- Instructor: K. Wu Overview of Operating Systems.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.

OS Fall ’ 02 Introduction Operating Systems Fall 2002.
CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.

CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Disco Running Commodity Operating Systems on Scalable Multiprocessors.

Disco Running Commodity Operating Systems on Scalable Multiprocessors.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
Chapter 8 Operating System Support

Chapter 8 Operating System Support
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
Modified from Silberschatz, Galvin and Gagne Lecture 15 Chapter 8: Main Memory.

Modified from Silberschatz, Galvin and Gagne Lecture 15 Chapter 8: Main Memory.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.

Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.
Chapter 2: Impact of Machine Architectures What is the Relationship Between Programs, Programming Languages, and Computers.

Chapter 2: Impact of Machine Architectures What is the Relationship Between Programs, Programming Languages, and Computers.
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
The Origin of the VM/370 Time-sharing system Presented by Niranjan Soundararajan.

The Origin of the VM/370 Time-sharing system Presented by Niranjan Soundararajan.
Fraud Prevention and Risk Management

Fraud Prevention and Risk Management
Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Chapter 3.1:Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access.

Similar presentations

Ads by Google