CISSP (Domain 6 - Security Architecture and Design) Flashcards Preview

CISSP > CISSP (Domain 6 - Security Architecture and Design) > Flashcards

Flashcards in CISSP (Domain 6 - Security Architecture and Design) Deck (47):
1

State Machine Formal Security Model
(TR/DU)

- Trusted recovery
- Goes down and backup, no time security controls can be bypassed

2

Multi-level Lattice Formal Security Model
(RPC/SO)

Compares roles, their permissions, and clearance levels with the sensitivity level of the object to determine access level

3

Non-Interference Formal Security Model

Users are separated into different security domains

4

Information Flow Formal Security Model

Looks at the information flows in a state machine

5

Bell-LaPadula Security Model
(pc/nru-nwd/int/exe/class/secmod)

- Protects confidentiality
- *No read up, No write down
- Dealing with internal threat
- Any executed activity will always result in a secure state
- Classification of subject does not change while referenced
- Information flow security model

6

Biba Security Model
(pi/nrd-nwu/ext/cant/hier/so)

- Protects integrity
- *No read down, No write up
- Dealing with external threat
- Cant depend on less trusted object
- Based on hierarchical lattice of integrity levels
- Subjects and objects

7

Clark-Wilson Security Model
(pi/wft-sod/spo/part/prog)

- Protects integrity
- Requires a well-formed transaction and SoD
- Subject->Program->Object
- Partitions objects unlike Biba/Bell

Subject must go through a program to access and modify data

8

Clark-Wilson 3 Integrity Goals
(um/aim/mc/db)

- Prevent unauthorized users from making modifications
- Prevent authorized users from making improper modifications
- Maintains internal and external consistency

*DB's

9

4 Rules to Follow When Implementing Clark-Wilson Security Model
(prop/subp/objp/rec)

- All users need to be properly ID'd and AuthN
- Subjects can only access certain programs
- Objects can only be accessed by certain programs
- Record each transaction

10

Brewer and Nash Security Model (Chinese Wall)
(prev/a!b/fraud)

- Prevents conflict of interest
- Company A cant see Company B's data
- Tries to ensure that users do not make fraudulent modifications to objects

11

Graham-Denning Security Model
(soc/srp/oom)

- How subjects and objects are created
- How subjects are assigned rights or privileges
- How ownership of objects is managed.

12

8 Primitive Protection Rights (Graham-Denning)
(co/cs/do/ds/rar/gar/dar/tar)

- Create Object
- Create Subject
- Delete Object
- Delete Subject
- Read Access Right
- Grant Access Right
- Delete Access Right
- Transfer Access Right

13

4 Rules to the Take Grant Security Model (Like Graham-Denning)
(sco/sdo/gao/rao)

- Subject can create objects
- Subject can delete objects
- Grant access to owned object
- Remove access to owned object

14

Harrison Ruzzo Ullman Security Model (Like Graham-Denning)

More granular controls for subjects to access objects

15

ISO/SEC 15408 Common Criteria

Helps reduce complexity of the ratings and eliminating the need to understand the definition and meaning of different ratings

16

4 Components of ISO/SEC 15408 Common Criteria
(PP/TE/ST/P)

- Protection Profile: Description of needed security solution (all systems should be protected by sec software)
- Target Evaluation: Product proposed to provide needed security solution
- Security Target: Written by vendor explaining security functionality and assurance
- Packages - Evaluation Assurance Levels (EAL): Security requirements bundled into packages for re-use

17

Security Product Evaluation Ratings (1-7)
(ft/st/mtc/mdtr/sfdt/sfvdt/fvdt)

- *EAL 1: Functionally tested (Works when on)
- EAL 2: Structurally tested
- EAL 3: Methodically tested and checked
- EAL 4: Methodically designed, tested, and reviewed
- EAL 5: Semi-formally designed and tested
- EAL 6: Semi-formally verified, designed, and tested
- *EAL 7: Formally verified, designed, and tested (Very Specific)

18

Certification

Works in "my" environment

19

Accreditation

Validation in production

20

Supervisor CPU State
(km/ring/prog/both)

- Kernel/Protected/Privileged Mode
- Ring 0
- Program can access entire system
- Both privileged and non-privileged instructions

21

Problem CPU State
(um/ring/non/app)

- User/Program Mode
- Ring 3
- Only non-privileged instructions are executed
- Intended for application programs

22

Multi-threading

Tasks don't interfere with each other

23

Multi-tasking

Simultaneous execution of two or more programs

24

Multi-programming

Interleaved execution of two or more program by one CPU

25

Reference Monitor

Abstract machine that controls the access subjects have to objects

26

Security Kernel

Components in system that enforce the rules of the reference monitor(hardware, firmware, and software)

*Admin of reference monitor

27

3 Security Requires of Security Kernel
(IAM)

- Isolated: Protected from unauthorized access
- Active: Active all the time
- Monitor: Evaluate reference monitor to make sure its working properly

28

Multi-processing

More than one CPU and they can process the request in parallel.

29

Trusted Computing Base (TCB)

Total combination of protection mechanisms within a computer system.

Address the level of trust in a system, not a level of security

30

Security Perimeter of TCB

The buffer between TCB and non-TCB objects

31

Covert Channels

Sending information in an unauthorized manner using a medium in an unintended way

- Data going over HTTP but its not web traffic

32

Timing Covert Channel

A process relays information to another by modulating its use of system resources

33

Storage Covert Channel

A process writes data to a storage location, and another process of lower clearance reads it.

34

5 Threats to Software and Systems
(B/TA/BO/I/A)

- Backdoors
- Timing Attacks
- Buffer Overflows
- Inference
- Aggregation

35

Back Doors

- Accessing a system by bypassing access controls
- Attacker has access at any time

*Maintenance Hook

36

Timing Attacks

- Take advantage of the time between events in a sequence
- Time of Check/Time of Use & Race Conditions

37

Time of Check/Time of Use (TOC/TOU)

Attack takes place after the system checks a specific file of the system before the system actually uses that file

38

Race Conditions

Two processes race to carry out conflicting actions at the same time. Attacker must slow/speed up one process to get to work

39

Data Validation

Process of reviewing data against a per-established set of criteria

40

Code Injection

Input must be validated for range/type/length (SQL Injection)

41

Buffer Overflow

If an application does not verify the amount of information being input, the data can overwrite other memory segments (Execute in privilege mode)

42

Inference

Act or process of deriving logical conclusions from premises known or assumed to be true (Finding Apache version)

43

Aggregation

A massive together or clustering of independent but similar units, such as data elements (Multiple data items together DOB & First and Last)

44

Countermeasure Principals - Defense in Depth (3 Things)
(PTO)

- People
- Technology
- Operations

45

Defense in Depth - People

Achieving information assurance beings with a senior level management commitment (typically at the CIO level)

46

Defense in Depth - Technology

Wide range of technologies available for providing information assurance services and for detecting intrusions

47

Defense in Depth - Operations

Focuses on all the activities required to sustain an organizations security posture on a day to day basis