20 jun. 2014

CISSP: Security Architecture and Design

Computer Architecture:
Protection Mechanisms
Trusted Computer Base
Security Modes (MAC)

Reference Monitor: Kernel mediates all access between subjects and objects
Layering: Modular tiers
Abstraction: Hidden details from the user
Security Domain: Group of subjects and objects with similar security requirements

Covert Channel: Any communication that violates security policy.
Covert Storage Channel
Covert Timing channel
Race COnditions (TOCTOU)

Take Grant: Direct graphs. State transitions.
Bell-LaPadula: Confidentiality. First Mathematical model.
BIBA: Integrity. Lattice based.
Clark Wilson: Integrity. Access to object throught programs.
Information Flow Model:
Brewer and Nash: Chinese Wall model.

Evaluation Criteria
TCSEC (Orange Book): Trusted Computer System Evaluation Criteria

TCSEC Requirements:
D: Minimal protection
C: Discretionary Protection
C1: Discretionary Security Protection
C2: Controlled Access Protection
B: Mandatory Protection
B1: Labeled Security Protection
B2: Structured protection
B3: Security Domains
A: Verified Protection
A1: Verified Design

ITSEC: Information Technology Security Evaluation Criteria

Common Criteria (ISO 15408):

EAL1: Functionally Tested
EAL2: Structurally tested
EAL3: Methodically tested
EAL4: Methodically designed, tested and reviewed
EAL5: Semi-formally designed and tested
EAL6: Semi-formally verified, designed and tested
EAL7: Formally verified, designed and tested

ST: Security Target
TOE: Target Of Evaluation
PP: Protection Profile

No hay comentarios.:

Publicar un comentario