Scribd Logo
Upload

Welcome to Scribd!

  • Cissp Security Architecture

    Uploaded by

    fern12
    48 views20 pages
    The document summarizes key concepts in security architecture and design for CISSP certification. It covers system components like CPU, storage, and peripherals. It also discusses operating system architecture, security models, evaluation methods, and certification/accreditation processes. The presentation aims to ensure attendees understand how to securely design and implement IT infrastructure.

    Original Description:

    Secrity architecture

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document summarizes key concepts in security architecture and design for CISSP certification. It covers system components like CPU, storage, and peripherals. It also discusses operating system architecture, security models, evaluation methods, and certification/accreditation processes. The presentation aims to ensure attendees understand how to securely design and implement IT infrastructure.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    48 views20 pages

    Cissp Security Architecture

    Uploaded by

    fern12
    The document summarizes key concepts in security architecture and design for CISSP certification. It covers system components like CPU, storage, and peripherals. It also discusses operating system architecture, security models, evaluation methods, and certification/accreditation processes. The presentation aims to ensure attendees understand how to securely design and implement IT infrastructure.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 20

    IT Networks and Security

    & CERIAS
    CISSP Luncheon Series

    Security Architecture and Design

    Presented by Rob Stanfield


    Domain Overview

    ƒ Identify key principles and concepts


    critical to securing the infrastructure
    • Design
    • Implementation
    • Operation
    ƒ Ensure security from a hardware/software
    level
    • Operating Systems
    • Applications
    • Equipment
    • Networks
    CISSP Expectations

    ƒ Identify physical components of IT architecture


    ƒ Understand software relationships
    ƒ Understand design principals for the architecture
    ƒ Describe how to secure an enterprise
    ƒ Identify trusted and un-trusted components
    ƒ Discuss security models and architecture theory
    ƒ Identify appropriate protection mechanisms
    ƒ Discuss evaluation methods and criteria
    ƒ Understand the role of assurance evaluations
    ƒ Explain certification and accreditation
    ƒ Identify techniques used to provide system security
    System Architecture

    Three basic components


    CPU – Central Processing Unit
    Storage Devices – includes both long and
    short-term storage, such as memory
    and disk
    Peripherals – includes both input and
    output devices, such as keyboards and
    printer
    CPU – Computer Brain

    ƒ ALU – Arithmetic Logic Unit


    ƒ Control Unit
    ƒ Registers
    • General and special registers
    ƒ Bus
    • Address and data
    ƒ Privileged mode or user mode
    ƒ Multiprocessor - symmetric or
    asymmetric
    CPU Example
    Storage Devices

    Primary Storage
    Cache or registers
    Memory (RAM, ROM, Cache, Flash)
    Secondary Storage
    Disk
    CD or Tape
    Virtual Memory
    Memory
    Peripherals or I/O Devices

    Some examples are


    Monitor
    Keyboard
    Printers
    Basic Components Diagram
    Operating System
    Architecture
    ƒ An Operating System provides an
    environment to run applications
    ƒ Process Management for all processes
    • Process - a set of instructions and the
    information & resources needed to process
    it.

    ƒ Multitasking – cooperative, preemptive


    ƒ Process State – running, ready, blocked
    Application Programs

    ƒ Applications interact with the operating


    system to perform a task
    ƒ Each application is a process
    ƒ Applications run in user mode
    ƒ Threads

    ƒ Other applications
    • Firmware and Middleware
    Protection Rings
    Security Models

    ƒ Security Policy – documents the security


    requirements for an organization
    ƒ Security Model – formally outlines the
    requirements needed to support the security
    policy, and how authorization is enforced

    ƒ Reference Monitor – abstract machine that


    provides auditable access control to objects
    ƒ Trusted Computing Base (TCB)
    Security Model Examples

    ƒ Biba Integrity Model


    ƒ Bell-LaPadula Confidentiality Model
    ƒ Clark-Wilson Integrity Model
    ƒ Brewer and Nash Model
    ƒ Others
    • State Machine Model
    • Non-Interference Model
    • Graham Denning Model
    • Harrison-Ruzzo-Ullman Model
    Bell-LaPadula Confidentiality
    Model

    ƒ Subject to object model


    • Objects you are able to access
    ƒ Used to provide confidentiality
    ƒ 3 main rules used and enforced
    • Simple security rule (no read up)
    » Subject cannot read data at a higher level
    • The *-property rule (no write down)
    » Subject cannot write data to a lower level
    • Strong star property rule
    » Subject with read/write – only at same level
    Biba Security Model

    ƒ Similar to the Bell-LaPadula Model


    ƒ First to address integrity
    • Difference between Biba and Bell-LaPadula
    ƒ Two main rules used and enforced
    • *-integrity axiom (no write up)
    » Subject cannot write data to objects at higher level
    • Simple integrity axiom (no read down)
    » Subject cannot read data from lower level

    ƒ Biba and BP are informational flow models


    • Concerned with data flowing up or down levels
    Clark-Wilson Model

    ƒ Addresses all 3 integrity model goals


    • Prevent unauthorized users from
    making modifications
    • Prevent authorized users from making
    improper modifications (separation of
    duties)
    • Maintain internal/external consistency
    (well-formed transaction)
    Other Models

    ƒ Non-interference model - Actions at a higher


    level (domain) cannot interfere with actions at a
    lower level.
    ƒ State machine model - Abstract math model
    that uses state variables to represent the
    system state. Failure of a state machine should
    fail in a secure state.
    ƒ Graham-Denning Modem – Used eight basic
    protection rules.
    ƒ Brewer and Nash Model (Chinese Wall Model) -
    Allows for dynamically changing access
    controls to protect against conflicts of interest
    Evaluation Methods and
    Criteria
    ƒ Trusted Computer Security Evaluation Criteria (TCSEC) –
    addresses confidentiality only
    • A Verified protection
    » A1 verified design
    • B Mandatory Protection
    » B3 Labeled Security
    » B2 Structured Protection
    » B1 Labeled Security
    • C Discretionary Protection
    » C2 Discretionary Protection
    » C1 Controlled Access
    • D Minimal Security
    ƒ Others are ITSEC, SEI
    ƒ Common Criteria (ISO) based on TCSEC & ITSEC
    • Evaluation Assurance Levels (EAL 1 – 7 )
    Certification and
    Accreditation
    ƒ These are distinct steps
    • Certification relates to validation of the
    system
    » Security modes of operation
    » Data sensitivity handling procedures
    » System and facility configuration
    » Intercommunication with other systems
    • Accreditation relates to management
    evaluation once the certification process is
    complete. Does the system meet the needs of
    the business while satisfying the security
    needs?

    You might also like