Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8: Principles of Security Models, Design, and Capabilities

Published byLawrence Matthews Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 8: Principles of Security Models, Design, and Capabilities"— Presentation transcript:

1 Chapter 8: Principles of Security Models, Design, and Capabilities

2 Implement and Manage Engineering Processes Using Secure Design Principles
Objects and subjects Closed and open systems Techniques for ensuring confidentiality, integrity, and availability Controls Trust and assurance

3 Objects and Subjects Subject (often a user) Object (a resource)
Managing relationship between subject and object is access control Transitive trust

4 Closed and Open Systems
Closed system Proprietary standards Hard to integrate Possibly more secure Open system Open or industry standards Easier to integrate Open source vs. closed source

5 Techniques for Ensuring Confidentiality, Integrity, and Availability
Confinement Sandboxing Bounds Isolation

6 Controls Discretionary access control Mandatory access control
Rule-based access control

7 Trust and Assurance Integrated before and during design
Security must be: Engineered, implemented, tested, audited, evaluated, certified, and accredited Trusted system Security mechanisms work together to provide a secure computing environment Assurance Degree of confidence in satisfaction of security needs

8 Understand the Fundamental Concepts of Security Models
Trusted Computing Base State Machine Model Information Flow Model Noninterference Model Take-Grant Model Access Control Matrix Bell-LaPadula Model Biba Model Clark-Wilson Model Brewer and Nash Model (aka Chinese Wall) Goguen-Meseguer Model Sutherland Model Graham-Denning Model

9 Trusted Computing Base
Defined in DoD Orange Book Security perimeter Trusted paths Reference monitor Security kernel

10 State Machine Model Always secure no matter what state it is in
Finite state machine (FSM) State transition Secure state machine The basis for most other security models

11 Information Flow Model
Based on the state machine model Prevent unauthorized, insecure, or restricted information flow Controls flow between security levels Can be used to manage state transitions

12 Noninterference Model
Based on information flow model Separates actions of subjects at different security levels Composition theories Cascading Feedback Hookup

13 Take-Grant Model Dictates how rights can be passed between subjects
Take rule Grant rule Create rule Remove rule

14 Access Control Matrix A table of subjects, objects, and access
Columns are ACLs Rows are capability lists Can be used in DAC, MAC, or RBAC

15 Bell-LaPadula Model Based on DoD multilevel security policy
Focuses only on confidentiality Lattice-based access control Simple security property * (star) security property Discretionary security property

16 Biba Model Based on the inverse of Bell-LaPadula
Focuses only on integrity Simple integrity property * (star) integrity property

17 Clark-Wilson Model Focuses on integrity Access control triplet
Controls access through an intermediary program or restricted interface Well-formed transactions Separation of duties

18 Brewer and Nash Model (aka Chinese Wall)
Prevents conflicts of interest Based on dynamic access changes based on user activity Access to conflicting data is temporarily blocked

19 Goguen-Meseguer Model
Focuses on integrity The basis of the noninterference model Based on a predetermined set/domain of objects a subject can access Based on automation theory and domain separation

20 Sutherland Model Focuses on integrity
Prevent interference in support of integrity Defines a set of system states, initial states, and state transitions Commonly used to prevent covert channels from influencing processes

21 Graham-Denning Model Securely manage objects and subjects
Securely create object/subject Securely delete object/subject Securely provide read access right Securely provide grant access right Securely provide delete access right Securely provide transfer access right

22 Select Controls and Countermeasures Based on Systems Security Evaluation Models
Rainbow Series ITSEC Classes and Required Assurance and Functionality Common Criteria Industry and International Security Implementation Guidelines Certification and Accreditation

23 Rainbow Series TCSEC – Orange Book Red Book Green Book Confidentiality
D, C1, C2, B1, B2, B3, A1 Red Book Trusted Network Interpretation of TCSEC Confidentiality and integrity None, C1, C2, B2 Green Book Password management guidelines

24 ITSEC Classes and Required Assurance and Functionality
Rates functionality (F) and assurance (E) F-D through F-B3 E0 through E6 Confidentiality, integrity, and availability

25 Common Criteria Designed to replace prior systems ISO 15408
Protection profiles Security targets Evaluation Assurance Level (EAL)

26 Industry and International Security Implementation Guidelines
Payment Card Industry – Data Security Standards (PCI-DSS) International Organization for Standardization (ISO)

27 Certification and Accreditation
Comprehensive evaluation of security against security requirements Accreditation Formal designation by DAA that system meets organizational security needs Risk Management Framework (RMF) Committee on National Security Systems Policy (CNSSP) Definition, verification, validation, post-accreditation

28 Understand Security Capabilities of Information Systems
Memory protection Virtualization Trusted Platform Module Hardware security module (HSM) Interfaces Fault tolerance

Download ppt "Chapter 8: Principles of Security Models, Design, and Capabilities"

Similar presentations

Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.

Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.
Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.

Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.
Access Control Methodologies

Access Control Methodologies
Security Models and Architecture

Security Models and Architecture
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Verifiable Security Goals

Verifiable Security Goals
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
User Domain Policies.

User Domain Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
FORESEC Academy FORESEC Academy Security Essentials (II)

FORESEC Academy FORESEC Academy Security Essentials (II)
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
Trusted System? What are the characteristics of a trusted system?

Trusted System? What are the characteristics of a trusted system?
ISA 562 Internet Security Theory & Practice

ISA 562 Internet Security Theory & Practice
Security Architecture & Models “The security architecture of an information system is fundamental to enforcing an organization’s information security policy.”

Security Architecture & Models “The security architecture of an information system is fundamental to enforcing an organization’s information security policy.”

Similar presentations

Ads by Google