SECURITY MODELS AND ARCHITECTURES

  1. The Trusted Computing Base (TCB) is the total combination of protection mechanisms, including hardware, software, and firmware within a computer system that maintain security.
  2. The reference monitor is an access-control concept referring to an abstract machine that mediates all accesses to objects by subjects.
  3. The security kernel implements the reference monitor concept. The reference monitor concept has the following properties:

    Provides isolation

    Is invoked for every access attempt

    Is impossible to circumvent and be foolproof

    Is complete, verified, and tested

  4. Resource isolation is the process of segmentation so that memory is separated physically, not just logically.
  5. Rings of protection are used to isolate processes. The closer to the center, the more protected the resource. Lower numbers have higher levels of privileges.
  6. Security models define the structure by which data structures and systems are designed to enforce security policy. Common security models include

    Bell-LaPadula Enforces confidentiality and uses three rules: the simple security rule, the * property, and the strong star rule.

    Biba Integrity model that has two basic rules: "no write up" and "no read down."

    Clark-Wilson Integrity model with three goals: maintaining consistency, preventing unauthorized access, and preventing improper modification. Makes use of an access triple through a restricted interface.

    Noninterference Prevents a subject or process from one sensitivity level from affecting subjects or process at other sensitivity levels.

  7. State machineSystems that operate in this mode are in a secure state upon bootup, during operation, and for each operation performed.

The CISSP Cram Sheet

A Note from Series Editor Ed Tittel

About the Author

Acknowledgments

We Want to Hear from You!

Introduction

Self-Assessment

The CISSP Certification Exam

Physical Security

Security-Management Practices

Access-Control Systems and Methodology

System Architecture and Models

Telecommunications and Network Security

Applications and Systems-Development Security

Operations Security

Business Continuity Planning

Law, Investigations, and Ethics

Cryptography

Practice Exam 1

Answers to Practice Exam 1

Practice Exam 2

Answers to Practice Exam 2



CISSP Exam Cram 2
CISSP Exam Cram 2
ISBN: 078973446X
EAN: 2147483647
Year: 2003
Pages: 204
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net