ISC(2) CISSP Revision Notes – Security Architectural Design

Building it safely and being aware of those things that can threaten things.

[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam.  These notes lack things completely that could be included on your exam.  I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning.  For further information see my CISSP Study and Exam Tips.[/alert]

ISC(2) CISSP Revision Notes – Study and Exam Tips
ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP
ISC(2) CISSP Revision Notes – Access Control
ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning
ISC(2) CISSP Revision Notes – Cryptography
ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management
ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance
ISC(2) CISSP Revision Notes – Operations Security
ISC(2) CISSP Revision Notes – Security Architectural Design (You are here)
ISC(2) CISSP Revision Notes – Software Development Security
ISC(2) CISSP Revision Notes – Telecommunications and Network Security

Architecture

Hardware

• CPU
• Arithmetic Logic Unit (ALU): + – * / etc
• Bus Interface Unit (BIU): Supervision over bus
• Control Unit: Coordinates CPU components
• Decode Unit: Individual commands
• Floating-Point Unit: Calculates floats
• Memory Management Unit (MMU):
• Pre-fetch Unit:
• Protection Test Unit (CPV):

Software

• Operating System Components
• Kernel: Allows processes, control of hardware, comms
• Device Drivers: Software to control internal and external devices
• Tools: 3^rd Party Software

Operating Systems Functions

• Process Management: Multiple independent processes
• Resource Management
• IO Device Management
• Memory Management
• File Management
• Communication Management

Virtualisation: Hypervisor and Guests

Security Architecture

Trusted Computing Base (TCB)

• Total combination of protection within a system including software, hardware and firmware
• Access control
• Reference Monitor: Enforces AC on an object
• Security Kernel: Encompassing the above
• Open vs Closed Systems: Opensource vs proprietary

Protection Rings: “Onion” with privileged center, eg MIT MULTICS

Security Modes

• How a system handles stored information
• Dedication: Users must have a clearance level appropriate to the highest level of the system (need to know)
• System High: (As Dedicated) doesn’t “need to know”
• Multilevel: Different levels on TCB, appropriate clearance level
• Limited Access: Highest confidentiality is SBU

Recovery Procedures

• Fault Tolerant: Must continue to operate after a fault and detect and correct from a fault
• Fail-safe Systems: When fault is detected execution is terminated
• Fail-soft (Resilient) Systems: Degrades performance after fault
• Failover System: Clustered approach

Vulnerabilities in Security Architectures

• Covert Channels: Unknown comms within system
• Rootkits: Difficult to detect
• Race Conditions: Thrashing over a resource
• State Attacks: Prevent session hijacking
• Emanations: Electromagnetic or acoustic energy checking

Security Countermeasures

Defense in Depth: eg firewalls, hardened OS, etc

System Hardening: Remote unneccesary components, accounts, ports, password policies, etc

Heterogeneous: Multiple OS won’t share same vulnerabilities, vs ease of admin

System Resilience

Filter Malicious Inputs: Reject inputs which may be an attack, think WAF, SQL Views

Redundant Components: eg RAID

Security Countermeasures: Reveal as little about the system as possible, least privilege for processes, disable services, strong authentication

Security Models

Confidentiality: Access and authorisation, vulnerability management, sound design

Integrity: Access and authorization, input control and output control

Availability: Resilient hardware/software. Sound configuration and change management

Access Control

Bell-LaPadula: Confidentiality

Bib & Clark-Wilson: Integrity

Evaluation Criteria

Trusted Computer System Evaluation Criteria (TCSEC)

• Measurement (assessing levels of trust)
• Acquisition (Standard for Acquisition Requirements)
• DEC, MAC, Labels, etc
• Assurance: Architecture, integrity, covert channels, trusted recovery, security testing, configuration management
• Accountability: Identification and authentication, trusted path, audit
• Documentation: User guide, admin guide, test docs, etc

Trusted Network Interpretation (TNI)

• TN1: Configuration and integrity
• TN2: Additional services such as comms and networks

European Info Tech Security Evaluation Criteria (ITSEC)

• Addresses CIA, as well as functionality and assurance

Common Criteria & EAL

System Certification & Accreditation

Formal methodology for comprehensive testing on documentation

Accreditation is an official written approval, must be updated when changes are made

Defense Information Technology Security Certification & Accreditation Process (DITSCAP)

• Used by military and government bodies
• Definition: Organisations systems, mission, environment and architecture
• Verification: Base-line security requirements
• Post-accreditation: Ongoing to maintain creditation

National Information Assurance Certification & Accreditation Process (NIACAP)

• US national security
• Site Accreditation: specific location
• Type Accreditation: Specific App or system at multiple locations
• System Accreditation: Specific App at specific location

[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam.  These notes lack things completely that could be included on your exam.  I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning.  For further information see my CISSP Study and Exam Tips.[/alert]