Security Architectures - Arkansas State University

Information Systems Security Security Architecture Domain #5 Hardware Components CPU Primary Storage Control Unit Coordinates activities during instruction execution Does not process data

Arithmetic Logic Unit (ALU) Perform mathematical functions on data Memory Types Primary Memory (RAM/ROM/EPROM/EE) Real Memory Available to users Cache Memory Buffers used to increase performance Holds data that is accessed often

Virtual Memory Combination of real and secondary storage Memory Management

Keep track of used memory segments Assign memory to processes Manage swapping Memory protection Access control Control virtual memory addressing Protection Rings Organize Code and components in an operating system into concentric rings

Modern OSs use a 4-ring model Ring 0 highest privilege kernel Ring 1 remainder of the OS Ring 2 drivers and utilities Ring 3 applications and programs user mode Hardware Bus Data Bus Transfers instructions and data Differs based on architectures

EISA 8/16 MCA 16/32 VLB 32 PCI 32/64 AGP - 32 Process and Threads Process Application and users run as processes in OS Process can contain several threads of code Thread are individual instruction sets

Threads Advantages Much quicker to create than a process Much quicker to switch between threads Share data easier Used in browsers and windowing systems Disadvantages No security between threads If one user thread blocks, all are blocked

Process States Stopped not running Waiting waiting for interrupt Running being executed by the CPU Ready available and waiting for instruction System Functionality Multithreading Several threads processing at one time

Multitasking Several processes at one time Multiprocessing Multiple CPU available System Security Modes Dedicated Security Mode All users have clearance and need-to-know to access all information on the system Does not require complex methods of

controlling access between different levels Multilevel Security Mode All users have clearance but not need-to-know Two of more levels of classification Data is compartmentalized in containers Security Modes Dedicated Mode Single state system All have need to know and clearance

System High Mode All have need-to-know for some material Compartmented Mode Not all have access for all information Multilevel Mode Not all have clearance or need-to-know Levels of System Trust

Processes with higher trust can access more system instructions CPU architecture dictates the levels of trust available and the rights of access CPU executes instructions in different states depending upon the process trust level User mode less trusted Privilege mode most trusted Trusted Computing Base All mechanisms that provide protection for

the system Software, firmware, hardware Made up of processes that executed in privileged mode Term originated from the Orange Book System Protection Reference Monitor Access control concept that is referred to as an abstract machine that mediates all accesses

Controls relationship between subjects and objects Security Kernel Enforces the reference monitors rules Physical implementation of reference monitor Part of TCB concerned with access control Access Control Models Provides rules and structures used to control access and shows how decisions

are made Main components are subjects, objects, operations, and their relationships Goal is to control how objects are accessed and ensure a security principle Confidentiality, integrity Finite State Machine Execution sequence for each possible state transformation Mappings for each state change

Does not specify protection mechanisms or means of enforcing model If system comes up in a secure state and shuts down in a secure state, the system is secure Information Flow Information must flow securely through the system Bell Lapadula Biba

Clark-Wilson Take-Grant Access Control Matrix Noninterference Bell LaPadula Confidentiality Model Information cannot flow to an object of lesser classification Mathematical model uses a set theory to define access rights

Maps a subjects clearance and an objects classification and creates a relationship Rules Subjects cannot read data from an object in a higher security level No Read Up simple security property No Write Up star property No Write Up and No Read Down strong star Biba

Integrity Model No subject can depend on an object of lesser integrity Based on hierarchical lattice Prevents modification of objects by unauthorized subjects Prevents unauthorized modification by authorized users Rules of Biba No Write Up integrity axiom

No writing data at a higher integrity level No Read Down simple axiom No reading data from a lower integrity level Disadvantages Does not address confidentiality Does not address control management nor provide a way to change classification levels Clark - Wilson

Integrity Model Model for commercial integrity Requires well formed transactions and separation of duties Does not use lattice approach, partitions objects into programs and data Access triple subject must go through a program to access and modify data Separation of duties with auditing required Non-Interference

Based on theory where users are separated into different domains An output stream remains unchanged when inputs come from levels that are less dominant Subject cannot be influenced by the behavior of other subjects at higher security levels Lattice Based Every subject and object relationship has a

partially ordered set with a lower and upper bounds Rules are set that dictate how information can flow from one class to another Confidential can flow to secret but secret cannot flow to confidential Access Control Relational table Specifies the operations and rights allowed for each subject

Access Control Lists DACL, trustees Brewer - Nash Also known as Chinese Wall Mathematical theory used to implement dynamically changing access permissions Defines a wall and develops a set of rules that ensures no subject accesses objects on the other side Enforces no conflict of interest rules Allows separation of competitors data

Take Grant Mathematical framework for granting and revoking access authorization Analytical tool for auditors to test software security Rules for how users transfer their permissions to others Trusted Computer System Evaluation Criteria (TCSEC)

Developed by National Security Computer Center Based on the Bell-LaPadula model Uses a series of evaluation classes Orange Book Requirements of TCSEC

Security Policy Marking labels associated with objects Identification individual ID of subjects Accountability audit data collected Assurance each mechanism evaluated Continuous protection mechanisms always protected against unauthorized changes

TCSEC Ratings A1 Verified Protection B3,B2,B1 Mandatory Protection C2,C1 Discretionary Protection

D Minimal Security Red Book Trusted Network Interpretation Layers of TCSEC

C1 Discretionary Security Protection C2 Controlled Access Protection B1 Labeled Security B2 Structured Security (covert channels) B3 Security Domains (covert timing) A1 Verified Protection Information Technology Security Evaluation Criteria (ITSEC) Evaluates functionality and assurance separately

F1 to F10 for functionality E0 to E6 for assurance E0 = D F1+E1 = C1 F2+E2 = C2 F3+E3 = B1 etc ITSEC Advantages More granular approach

Goes beyond the Orange Book Disadvantages Increased amount of rating combinations Still does not provide all the answers Common Criteria

ISO created in 1993 TCSEC was too rigid ITSEC added too much complexity Target of Evaluation (TOE) Security Target (ST) EALs E1 (functionally tested only) E7(formally verified, designed, and tested)

Covert Channels Timing Channels conveys information by altering the performance of a system component in a predictable manner Storage Channels conveys information by writing data to a common storage area where another process can read it. Level B2 address covert channels Level B3 address covert timing Certification and Authentication

Certification 1st phase comprehensive evaluation of the security features of an IT system Accreditation Management decides the certification of the system satisfies their needs Definition, Verification, Validation, Post Accreditation

Other Threats Back Doors

Maintenance Hooks Asynchronous Attack TOC/TOU Race Attacks Data Validation (Unicode attack) Buffer Overflow (Use input controls) SYN Flood Ping of Death More Attacks TCP Session Hijacking Web Spoofing

DNS Poisoning

Recently Viewed Presentations

  • Title the next page:

    Title the next page:

    EARLY MIDDLE AGES: 500-1000 CE After the fall of Western Roman Empire Small barbarian kingdoms rose up throughout Europe Beginnings of feudalism Charlemagne (Charles the Great) expands Frankish empire HIGH MIDDLE AGES: 1000-1300 CE Christianity becomes dominating force - power...
  • Setting the Stage: The Need for Collaborative Programs

    Setting the Stage: The Need for Collaborative Programs

    Lucida Sans Unicode Arial Wingdings 3 Verdana Wingdings 2 Calibri Concourse 1_Concourse 2_Concourse 3_Concourse 4_Concourse 5_Concourse 6_Concourse 7_Concourse Microsoft Office Excel Chart Setting the Stage: The Need for Collaborative Programs Governor Nixon's Charge to Higher Education Ohio Calls on Blackboard...
  • Welcome Beta Club Members! January 26, 2016 Tuesday

    Welcome Beta Club Members! January 26, 2016 Tuesday

    Don't Forget: If you plan to complete a service project that is NOT listed on the Beta Club E-Chalk page, then you must complete an APPROVAL FORM. Located under " Resources " on E-Chalk. Please don't assume that all service...
  • Elements of Art

    Elements of Art

    Elements of Art LINE What defines a LINE? A line connects two points and can go on forever. It is made by a pointed tool such as a pen, crayon, marker, paint brush, etc. It can create shapes, texture, and...


    Simon E, Gariepy J, Cogny A, Moatti N, Simon A, Paul JL. Erythrocyte, but not plasma, vitamin E concentration is associated with carotid intima-media thickening in asymptomatic men at risk for cardiovascular disease.
  • La crisis de los años 30 -

    La crisis de los años 30 -

    La crisis de los años 30 1929-1945 José Morilla Critz * * * * * * * * * * * La capacidad productiva: Al finalizar la guerra la capacidad industrial de Europa mayor que antes y más adecuada a...
  • Hack Attack Series: SQL Injection

    Hack Attack Series: SQL Injection

    Type any of the following on the username and password section of the login page. 1′ OR '1′='1. 1 OR 1=1 1'1 1 AND 1=1. 1 EXEC SP_ (or EXEC XP_) 1′ AND 1=(SELECT COUNT(*) FROM tablenames); - If none...
  • PowerPoint Presentation Skills IOSH  Essex Branch Training Ground

    PowerPoint Presentation Skills IOSH Essex Branch Training Ground

    The 7% rule - Based on the findings of Dr Albert Mehrabian research studies in 1971 and much debated - I use this as an example of the visual impact of a pie chart and how this gets a message...