Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Systems Security Security Architecture Domain #5.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Systems Security Security Architecture Domain #5."— Presentation transcript:

1 Information Systems Security Security Architecture Domain #5

2 Hardware Components  CPU –Primary Storage –Control Unit  Coordinates activities during instruction execution  Does not process data –Arithmetic Logic Unit (ALU)  Perform mathematical functions on data

3 Memory Types  Primary Memory (RAM/ROM/EPROM/EE)  Real Memory –Available to users  Cache Memory –Buffers used to increase performance –Holds data that is accessed often  Virtual Memory –Combination of real and secondary storage

4 Memory Management  Keep track of used memory segments  Assign memory to processes  Manage swapping  Memory protection  Access control  Control virtual memory addressing

5 Protection Rings  Organize Code and components in an operating system into concentric rings  Modern OS’s use a 4-ring model  Ring 0 – highest privilege – kernel  Ring 1 – remainder of the OS  Ring 2 – drivers and utilities  Ring 3 – applications and programs – user mode

6 Hardware Bus  Data Bus –Transfers instructions and data –Differs based on architectures  EISA – 8/16  MCA – 16/32  VLB – 32  PCI – 32/64  AGP - 32

7 Process and Threads  Process –Application and users run as processes in OS –Process can contain several threads of code –Thread are individual instruction sets

8 Threads  Advantages –Much quicker to create than a process –Much quicker to switch between threads –Share data easier –Used in browsers and windowing systems  Disadvantages –No security between threads –If one user thread blocks, all are blocked

9 Process States  Stopped – not running  Waiting – waiting for interrupt  Running – being executed by the CPU  Ready – available and waiting for instruction

10 System Functionality  Multithreading –Several threads processing at one time  Multitasking –Several processes at one time  Multiprocessing –Multiple CPU available

11 System Security Modes  Dedicated Security Mode –All users have clearance and need-to-know to access all information on the system –Does not require complex methods of controlling access between different levels  Multilevel Security Mode –All users have clearance but not need-to-know –Two of more levels of classification –Data is compartmentalized in containers

12 Security Modes  Dedicated Mode –Single state system –All have need to know and clearance  System High Mode –All have need-to-know for ‘some’ material  Compartmented Mode –Not all have access for all information  Multilevel Mode –Not all have clearance or need-to-know

13 Levels of System Trust  Processes with higher trust can access more system instructions  CPU architecture dictates the levels of trust available and the rights of access  CPU executes instructions in different states depending upon the process trust level –User mode – less trusted –Privilege mode – most trusted

14 Trusted Computing Base  All mechanisms that provide protection for the system –Software, firmware, hardware  Made up of processes that executed in privileged mode  Term originated from the Orange Book

15 System Protection  Reference Monitor –Access control concept that is referred to as an abstract machine that mediates all accesses –Controls relationship between subjects and objects  Security Kernel –Enforces the reference monitors rules –Physical implementation of reference monitor –Part of TCB concerned with access control

16 Access Control Models  Provides rules and structures used to control access and shows how decisions are made  Main components are subjects, objects, operations, and their relationships  Goal is to control how objects are accessed and ensure a security principle –Confidentiality, integrity

17 Finite State Machine  Execution sequence for each possible state transformation  Mappings for each state change  Does not specify protection mechanisms or means of enforcing model  If system comes up in a secure state and shuts down in a secure state, the system is secure

18 Information Flow  Information must flow securely through the system –Bell – Lapadula –Biba –Clark-Wilson –Take-Grant –Access Control Matrix –Noninterference

19 Bell LaPadula  Confidentiality Model  Information cannot flow to an object of lesser classification  Mathematical model uses a set theory to define access rights  Maps a subject’s clearance and an object’s classification and creates a relationship

20 Rules  Subjects cannot read data from an object in a higher security level –“No Read Up” – simple security property –“No Write Up” – star property –“No Write Up and No Read Down” – strong star

21 Biba  Integrity Model –No subject can depend on an object of lesser integrity –Based on hierarchical lattice –Prevents modification of objects by unauthorized subjects –Prevents unauthorized modification by authorized users

22 Rules of Biba  “No Write Up” – integrity axiom –No writing data at a higher integrity level  “No Read Down” – simple axiom –No reading data from a lower integrity level  Disadvantages –Does not address confidentiality –Does not address control management nor provide a way to change classification levels

23 Clark - Wilson  Integrity Model –Model for commercial integrity –Requires well formed transactions and separation of duties –Does not use lattice approach, partitions objects into programs and data –Access triple – subject must go through a program to access and modify data –Separation of duties with auditing required

24 Non-Interference  Based on theory where users are separated into different domains  An output stream remains unchanged when inputs come from levels that are less dominant  Subject cannot be influenced by the behavior of other subjects at higher security levels

25 Lattice Based  Every subject and object relationship has a partially ordered set with a lower and upper bounds  Rules are set that dictate how information can flow from one class to another –Confidential can flow to secret but secret cannot flow to confidential

26 Access Control  Relational table  Specifies the operations and rights allowed for each subject  Access Control Lists – DACL, trustees

27 Brewer - Nash  Also known as “Chinese Wall”  Mathematical theory used to implement dynamically changing access permissions  Defines a wall and develops a set of rules that ensures no subject accesses objects on the other side  Enforces “no conflict of interest” rules  Allows separation of competitors’ data

28 Take Grant  Mathematical framework for granting and revoking access authorization  Analytical tool for auditors to test software security  Rules for how users transfer their permissions to others

29 Trusted Computer System Evaluation Criteria (TCSEC)  Developed by National Security Computer Center  Based on the Bell-LaPadula model  Uses a series of evaluation classes  “Orange Book”

30 Requirements of TCSEC  Security Policy  Marking – labels associated with objects  Identification – individual ID of subjects  Accountability – audit data collected  Assurance – each mechanism evaluated  Continuous protection – mechanisms always protected against unauthorized changes

31 TCSEC Ratings  A1 – Verified Protection  B3,B2,B1 – Mandatory Protection  C2,C1 – Discretionary Protection  D – Minimal Security  Red Book – Trusted Network Interpretation

32 Layers of TCSEC  C1 – Discretionary Security Protection  C2 – Controlled Access Protection  B1 – Labeled Security  B2 – Structured Security (covert channels)  B3 – Security Domains (covert timing)  A1 – Verified Protection

33 Information Technology Security Evaluation Criteria (ITSEC)  Evaluates functionality and assurance separately –F1 to F10 for functionality –E0 to E6 for assurance  E0 = D  F1+E1 = C1  F2+E2 = C2  F3+E3 = B1  etc

34 ITSEC  Advantages –More granular approach –Goes beyond the Orange Book  Disadvantages –Increased amount of rating combinations –Still does not provide all the answers

35 Common Criteria  ISO created in 1993  TCSEC was too rigid  ITSEC added too much complexity  Target of Evaluation (TOE)  Security Target (ST)  EALs – E1 (functionally tested only) – E7(formally verified, designed, and tested)

36 Covert Channels  Timing Channels – conveys information by altering the performance of a system component in a predictable manner  Storage Channels – conveys information by writing data to a common storage area where another process can read it.  Level B2 address covert channels  Level B3 address covert timing

37 Certification and Authentication  Certification –1 st phase – comprehensive evaluation of the security features of an IT system  Accreditation –Management decides the certification of the system satisfies their needs  Definition, Verification, Validation, Post Accreditation

38 Other Threats  Back Doors  Maintenance Hooks  Asynchronous Attack – TOC/TOU  Race Attacks  Data Validation (Unicode attack)  Buffer Overflow (Use input controls)  SYN Flood  Ping of Death

39 More Attacks  TCP Session Hijacking  Web Spoofing  DNS Poisoning

Download ppt "Information Systems Security Security Architecture Domain #5."

Similar presentations

Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Operating System Security

Operating System Security
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.

Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
Access Control Methodologies

Access Control Methodologies
Security Models and Architecture

Security Models and Architecture
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Verifiable Security Goals

Verifiable Security Goals
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
User Domain Policies.

User Domain Policies.
Lecture 7 Access Control

Lecture 7 Access Control
What do operating systems do? manage processes manage memory and computer resources provide security features execute user programs make solving user.

What do operating systems do? manage processes manage memory and computer resources provide security features execute user programs make solving user.
Chapter 5: Security Architecture. Architecture (281) Architecture encompasses all of the components of a computer, including Operating System Memory Storage.

Chapter 5: Security Architecture. Architecture (281) Architecture encompasses all of the components of a computer, including Operating System Memory Storage.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: System Structures.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: System Structures.
Systems Security & Audit Operating Systems security.

Systems Security & Audit Operating Systems security.
Trusted System? What are the characteristics of a trusted system?

Trusted System? What are the characteristics of a trusted system?
ISA 562 Internet Security Theory & Practice

ISA 562 Internet Security Theory & Practice
3/16/2004Biba Model1 Biba Integrity Model Presented by: Nathan Balon Ishraq Thabet.

3/16/2004Biba Model1 Biba Integrity Model Presented by: Nathan Balon Ishraq Thabet.

Similar presentations

Ads by Google