KEMBAR78
Cissp Security Architecture | PDF | Computer Data Storage | Computer Security
Scribd
Upload
170 views20 pages

Cissp Security Architecture

The document summarizes key concepts in security architecture and design for CISSP certification. It covers system components like CPU, storage, and peripherals. It also discusses operating system architecture, security models, evaluation methods, and certification/accreditation processes. The presentation aims to ensure attendees understand how to securely design and implement IT infrastructure.

Uploaded by

fern12
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
170 views20 pages

Cissp Security Architecture

The document summarizes key concepts in security architecture and design for CISSP certification. It covers system components like CPU, storage, and peripherals. It also discusses operating system architecture, security models, evaluation methods, and certification/accreditation processes. The presentation aims to ensure attendees understand how to securely design and implement IT infrastructure.

Uploaded by

fern12
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

IT Networks and Security

& CERIAS
CISSP Luncheon Series

Security Architecture and Design

Presented by Rob Stanfield


Domain Overview

ƒ Identify key principles and concepts


critical to securing the infrastructure
• Design
• Implementation
• Operation
ƒ Ensure security from a hardware/software
level
• Operating Systems
• Applications
• Equipment
• Networks
CISSP Expectations

ƒ Identify physical components of IT architecture


ƒ Understand software relationships
ƒ Understand design principals for the architecture
ƒ Describe how to secure an enterprise
ƒ Identify trusted and un-trusted components
ƒ Discuss security models and architecture theory
ƒ Identify appropriate protection mechanisms
ƒ Discuss evaluation methods and criteria
ƒ Understand the role of assurance evaluations
ƒ Explain certification and accreditation
ƒ Identify techniques used to provide system security
System Architecture

Three basic components


CPU – Central Processing Unit
Storage Devices – includes both long and
short-term storage, such as memory
and disk
Peripherals – includes both input and
output devices, such as keyboards and
printer
CPU – Computer Brain

ƒ ALU – Arithmetic Logic Unit


ƒ Control Unit
ƒ Registers
• General and special registers
ƒ Bus
• Address and data
ƒ Privileged mode or user mode
ƒ Multiprocessor - symmetric or
asymmetric
CPU Example
Storage Devices

Primary Storage
Cache or registers
Memory (RAM, ROM, Cache, Flash)
Secondary Storage
Disk
CD or Tape
Virtual Memory
Memory
Peripherals or I/O Devices

Some examples are


Monitor
Keyboard
Printers
Basic Components Diagram
Operating System
Architecture
ƒ An Operating System provides an
environment to run applications
ƒ Process Management for all processes
• Process - a set of instructions and the
information & resources needed to process
it.

ƒ Multitasking – cooperative, preemptive


ƒ Process State – running, ready, blocked
Application Programs

ƒ Applications interact with the operating


system to perform a task
ƒ Each application is a process
ƒ Applications run in user mode
ƒ Threads

ƒ Other applications
• Firmware and Middleware
Protection Rings
Security Models

ƒ Security Policy – documents the security


requirements for an organization
ƒ Security Model – formally outlines the
requirements needed to support the security
policy, and how authorization is enforced

ƒ Reference Monitor – abstract machine that


provides auditable access control to objects
ƒ Trusted Computing Base (TCB)
Security Model Examples

ƒ Biba Integrity Model


ƒ Bell-LaPadula Confidentiality Model
ƒ Clark-Wilson Integrity Model
ƒ Brewer and Nash Model
ƒ Others
• State Machine Model
• Non-Interference Model
• Graham Denning Model
• Harrison-Ruzzo-Ullman Model
Bell-LaPadula Confidentiality
Model

ƒ Subject to object model


• Objects you are able to access
ƒ Used to provide confidentiality
ƒ 3 main rules used and enforced
• Simple security rule (no read up)
» Subject cannot read data at a higher level
• The *-property rule (no write down)
» Subject cannot write data to a lower level
• Strong star property rule
» Subject with read/write – only at same level
Biba Security Model

ƒ Similar to the Bell-LaPadula Model


ƒ First to address integrity
• Difference between Biba and Bell-LaPadula
ƒ Two main rules used and enforced
• *-integrity axiom (no write up)
» Subject cannot write data to objects at higher level
• Simple integrity axiom (no read down)
» Subject cannot read data from lower level

ƒ Biba and BP are informational flow models


• Concerned with data flowing up or down levels
Clark-Wilson Model

ƒ Addresses all 3 integrity model goals


• Prevent unauthorized users from
making modifications
• Prevent authorized users from making
improper modifications (separation of
duties)
• Maintain internal/external consistency
(well-formed transaction)
Other Models

ƒ Non-interference model - Actions at a higher


level (domain) cannot interfere with actions at a
lower level.
ƒ State machine model - Abstract math model
that uses state variables to represent the
system state. Failure of a state machine should
fail in a secure state.
ƒ Graham-Denning Modem – Used eight basic
protection rules.
ƒ Brewer and Nash Model (Chinese Wall Model) -
Allows for dynamically changing access
controls to protect against conflicts of interest
Evaluation Methods and
Criteria
ƒ Trusted Computer Security Evaluation Criteria (TCSEC) –
addresses confidentiality only
• A Verified protection
» A1 verified design
• B Mandatory Protection
» B3 Labeled Security
» B2 Structured Protection
» B1 Labeled Security
• C Discretionary Protection
» C2 Discretionary Protection
» C1 Controlled Access
• D Minimal Security
ƒ Others are ITSEC, SEI
ƒ Common Criteria (ISO) based on TCSEC & ITSEC
• Evaluation Assurance Levels (EAL 1 – 7 )
Certification and
Accreditation
ƒ These are distinct steps
• Certification relates to validation of the
system
» Security modes of operation
» Data sensitivity handling procedures
» System and facility configuration
» Intercommunication with other systems
• Accreditation relates to management
evaluation once the certification process is
complete. Does the system meet the needs of
the business while satisfying the security
needs?

You might also like