Please enable JavaScript.
Coggle requires JavaScript to display documents.
(CAP 8)Implement and manage engineering processes usin secure design…
(CAP 8)Implement and manage engineering processes usin secure design principles
Objects and subjects
Subject: is the use or process that makes a request to access a resource
Object: is the resource a user or process wants to access
closed and open systems
closed system: designed to work well with a narrow range of systems, from the same manufacturer -> more secure
open system: desgigned using agreed-upon industry standards
techiniques for ensuring CIA
bounds: limits set on the memory addresses and resources a process can access
isolation: a process running through enforcing bounds
confinment: the process will read/write only certain memory locations (sandbox)
Controls
MAC: mandatory access control
DAC: discretionary access control -> the subject has some ability to define objects he can access
Trust and assurance
trusted system
assurance: degree of confidence in satisfaction of security needs
Understand the fundamental concepts of security models
trusted computing base: defined in TCSEC as a combination of hardware, software and controls to enforce your security policy
security perimeter: is an imaginary boundary that separetas the TCB from the rest of the system
reference monitors and kernels
reference monitor: part of TCB that validates access to every resource
security kernel: collection of components in the TCB that implement reference monitor functions
state machine model: the system is always secure no matter what state it is in
information flow model: designed to prevent unauthorized information flow between different levels of security (Bell -Lapadula and Biba are information flow models)
noninterference model: loosely based on information flow model. Concerned with how actions of a subject at a higher security level affect the system state at a lower security level
Take-Grant model: grants passed from a subject to another through a direct graph
access control matrix: table of subjects and objects that indicates the actions that each subject can perform on each object
Bell-LaPadula model
: developed by DoD, address confidentiality of data. No read up. no write up, need to know
Biba model
: integrity focused. No read-down, no write-up
Clark-Wilson model: concerned about integrity of data. Access control triple (client - interface - resource)
Brewer adn Nash model: permit access control to change dynamicallly based on user's previuos activity. It creates security domains sensitive to conflict of interest
Goguen-Meseguer Model: integrity model
Sutherland model: integrity model
Graham-Denning model:secure creation of subjects and objects
Understand security capabilities of information systems
memory protection
virtualization
trusted platform module: specification for a crypto chip on a mainboard and the general name of the implementation
interfaces: differente gui for differents users
fault tolerance
Select controls based on systems security requirements
evaluation models
TCSEC: defined by DoD in 1980 (focus on confidentiality)
Category A - verified protection
Category B: mandatory protection
Category C: discrectionary protection
Category D: minimal protection
ITSEC (european security evaluation criteria - covers CIA - TOE target of evaluation)
Common criteria
Protection Profiles and Security Targets
Other evaluation models
PCI DSS: requirements for improving the security of electronic payment transactions
ISO: defines standards for industrial and commercial equipment, software, protocols, management, etc
formal evaluation process phases
certification: evaluation of techical and not security features of an IT system
accreditation: accaptance by the management of the system
2 standards in place for certification and accreditation
Risk Management Framework (DoD)
Committee on national security systems