Download presentation
Presentation is loading. Please wait.
Published byNelson Roberts Modified over 7 years ago
1
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416
2
Information Flow Model Example: Bell-LaPadula – Prevent flow from high to low security
3
Covert Channels 1=FileA is locked 0=FileA is not locked Countermeasures – Common Criteria EAL6 has formally verified the absence of covert channels.
4
Noninterference Model If a lower-level entity is aware of activity at a higher level Inference attack = Information leaking attack – Observe executives from Staples and Home Depot meeting? Merger affecting stock prices!
5
Lattice Models Table 4-1 on page 381
6
Brewer and Nash Model Chinese Wall Figure 4-25 on page 384
7
Graham-Denning Model Details for 8 primitive rights on page 384
8
Dedicated Security Mode All users have clearance for and need-to-know for all data processed in the system Many military systems can handle only one level of security
9
System High-Security Mode All users have high security mode but may not have need-to-know for all data
10
Compartmented Security Mode All user have security clearance May not have need-to-know May not have formal access approval
11
Multilevel Security Mode System has various security levels – Example: Bell-LaPadula User also must have need-to-know and formal approval
12
Guards Software and hardware protections for flow of information between low-assurance and high- assurance systems
13
Trust and Assurance Trust level – how much protection to expect out of a system Assurance – the system will act correctly and predictably in each and every situation, more in depth Orange book – different levels of evaluation of assurance
14
Orange Book U.S. Department of Defense Division D: Minimal protection Division C: Discretionary Protection C1: Discretionary Security Protection – Same security level C2: Controlled Access Protection – Authentication and Authorization – Auditing – Memory erased after use
15
Orange Book Division B: Mandatory Protection B1: Labeled Security – Objects- Classification Labels – Subject – Clearance Labels
16
Orange Book B2: Structured Protection – Security policy defined and documented – Design and implementation reviewed and tested – No covert channels – Trusted path for authentication and authorization – Higher level of assurance
17
Orange Book B3 – Security Domains – Design and implementation of security code must not be too complex so can be tested – For highly secure environment that processes sensitive information – Highly resistant to penetration
18
Orange Book Division A – Verified Protection A1 – Verified Design – More assurance than B3 because formally (mathematically) designed and verified
19
Red Book Framework for network security Encryption and protocols Communication integrity – Authentication, message integrity, non- repudiation Denial of Service protection Data Flow protection – Confidentiality, Traffic-flow confidentiality
20
ITSEC European Functionality: F1 to F10 – Evaluation of the functionality of security protection mechanisms Assurance: E0 to E6 – Correctness and effectiveness
21
Common Criteria ISO global standard EAL – Evaluation Assurance Level Page 402 EAL1 – Functionally tested EAL2 – Structurally tested EAL3 – Methodically tested and checked
22
Common Criteria EAL4 – Methodically designed, tested, and reviewed EAL5 – Semiformally designed and tested EAL6 – Semiformally verified design and tested EAL7 – Formally verified design and tested
23
Common Criteria Allows consumers to compare products
24
Certification vs Accreditation Certification – Technical evaluation of a security component Accreditation – Formal acceptance of system and risk
25
Open vs Closed System Open – built upon standards, protocols, specifications that are published. – Windows, Linux, Mac – More security tools – More attacks Closed – Proprietary, communicates only with like systems – Security through obscurity
26
Bugs “Carnegie Mellon University estimates that there are 5 to15 bugs in every 1,000 lines of code. Windows 2008 has 40-60 million lines of code.” The rich functionality demanded by users brings about deep complexity, which usually opens the doors to vulnerabilities.
27
Maintenance Hook Backdoor for developers Countermeasures – Host intrusion detection system to watch for hackers using a backdoor – File system encryption
28
TOC/TOU Time –of-check/Time-of-use OS validates access to file/ User changes file to point to Password file/ User accesses the file Race Condition
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.