TCB, Security

Domain 3.1 Secure Design, TCB, Security Model,

Model, Se...
Select Saved Comment 0 Export as PNG Share

Topic Subtopic Connection Icon Note Link 10% Theme Tips

Threat modelling - reduce security defects,

severity of remaining defects

#TCSEC (orange book) - earliest, US Defense DoD address

Least Privilege - only rights to perform job
military requirement for os, NO network book. classes A1
verified , B1-3, C1-2, D minimal protection
Defense in depth - compartment, segmentation,
lattice, zone, protection ring Trusted Network Interpretation (TNI) - Red book

Fail secure/close - lock access after failure #ITSEC - EU separate functionality and assurance
Secure default
Fail safe/open - door open (human safety) Goal: test security of product,
identify and remove vulnerabilities
Separation of duties (SoD) - >1 person to complete a task , prevent fraud
protection profile - security requirements (what)
Keep it simple (KISS) - least is power Select Control
Secure Design
Common Criteria security target - doc describe ToE + requirement (how)
Zero trust - authenticate every request
target of evaluation (ToE) -
Privacy by design system/product to be tested (which)

Trust but verify - 1. authentication to secured EAL 7 level - Func Struc Meth M Semi S Form
environment --> 2. generic access control
certification - tested security control meet standard (internal audit)
Shared responsibility - customer + cloud
verification - third party/external audit
zero-knowledge proof - proof knowledge of fact to
another without revealing the fact accreditation - management formally accept

split knowledge - info/privilege to perform Executing types (Multitasking, Multiprocessing,

operation divided among multiple users Multiprogramming, Multithreading)

Trusted computing base - hw+sw+control form a trusted base.

single-state (one security level), multistate - multiple security level

Security perimeter - boundary separte TCB from outside

Protection Rings (0 - kernel/privilege, 1- OS, 2 - Driver, 3 - Application)
TCB
Properties: invoke everytime, cannot Process states (Ready, running, waiting, supervisory, stopped)
alter (temper), small enough to verify Reference monitor (Laws) - validate access

Operation modes (user-limited instruction, privilege - controlled operation)

Security kernel (Police) - implement reference monitor

Programmable PROM
Simple security - No read up Read-only memory
(ROM) - non-volatile
Bell-LaPadula (confidentiality, Erasable EPROM - ultraviolet PROM, Electronically EPROM
* security - No write down
MAC, lattice) - ^
Primary memory - Static (flip-flop, faster),
strong star - can read/write on same level Domain 3.1 Secure Random access memory Dynamic (capacitor, slower, cheaper)
Design, TCB, Memory (RAM) - volatile
Simple integrity - No read down Security Model, Cache ram - L1,L2...improved performance
Select Control,
* integrity - No write up Biba (integrity, MAC, lattice) - \ Hardware
Secondary memory - non-volatile, ssd, magnetic tapes, flash
drive, CD Data not immediately available to CPU
Invocation - prevent invoke higher level subject Hardware
Virtual memory - pagefile, swapfile
Clark-Wilson (integrity) - subject access object through program
(access triple), SoD, auditing, well-fromed transaction primary - same as memory

Brewer Nash/Chinese Wall - conflict of interest in 2 secondary - first read into primary
parties; restrict access based on previous activity memory before cpu can use the data
Storage
Non-inteference - High security A should not interfere Security Model
(way to formalize random access storage - read any point
Low security B (not seen). Prevent covert channel
security policy)
sequential access storage - require
Take-grant (Confidentiality) - how
scanning all before desired location
rights pass among subjects/objects)-
take, grant, create, remove rule
TEMPEST - spying info through leaking
electromagnetic emanations, sounds,
Information flow - design of bell+biba, brewer nash,
Emanation
flow btw different security levels
countermeasure: Faraday cage, white noise
(broadcast false traffic), Control Zone
State machine - Finite state machine (FSIM) system always
secure no matter of state; Bell, Biba, Sutherland
Input/output - monitor, printer, keyboard, modem (eavesdropping, tapping)
Goguen–Meseguer - predermined action on predetermined objects
Firmware - software stored on a ROM chip that
contains basic instruction to start a pc
Graham-Denning (DAC owner) - matrix based, secure creation of
subject&objects, assign specific rights (how), 8 rules
Dedicated mode - all
Harrison-Ruzzo-Ullman (DAC owner) - edit access right of subject (how)
System high - X need to know
Sutherland - prevent covert channel Security Mode
Comparted - X access approval, X need to know
virtualization - host one or more OS within a host computer
Multilevel- ntg
endorsement key - created when
TPM is manufacture (permanent) trusted platform module (TPM) - a chip covert timing - exchange info by
in motherboard to store encrypted key exerting some amount of control.
(authenticate laptop) user types using a specific
storage root key - created when Covert channel - pass info rhythm of Morse code
user takes ownership of TPM over a hidden path
Security capacities of IS
hardware security module (HSM) - cryptoprocessor covert storage - space accessed by 2 processes
used to manage/store digital encryption key that have different security label

interface - restrict action based on privilege maintenance hook - backdoor, provide developers with easy access

fault tolerance
 System
Domain 3.2: Information System
Topic Subtopic Connection
Row - tuple, cardinality
Column - attribute, degree
Keys: Primary key, Candidate key (sets
of attribute to uniquely identify),
Alternate key (2nd PK), Foreign key
Object oriented DB - use data+function
in code accessible
Hierarchical DB - tree. [DNS]
Relational DB - relationship btw
records in table by using PK
NoSQL - key value pair
Flat file DB - store info as lines of
text in a file [host file]
Atomicity - all or nothing (COMMIT)
Consistency - rules of data type
Isolation - 2 transaction processes
separate
Durability - completed transaction (preserve)
Aggregation - data from multiple
source to create sensitive info
Inference - deduce by using several
piece of info
semantic integrity - data type
cell suppression - hide individual db field
Polyinstantiation -identical PK
contain different data in different
classficaiton level
Noise and perturbation - insert false
data to redirect confidentiality
attack
Removing data - 1FF - logically
divide
data, 2NF partly depend PK, 3NF not
depend on PK
Expert - if..condition
Machine learning - supervised learning
Neural network - imitate biological reasoning
Applet: code object form server to client.
Java applet-sandbox, ActiveX-digital cert
Javascript
single point of failure, bypass control,
buffer overflow (ADLR), TOCTOU
emanation
TEMPEST (shielding) against Van Eck
phreaking, white noise, control
zone, faraday cage
covert channel
aggregation & inference (Polyinstantion)
salami - rounding down the last few digit
incremental attack
Data diddling - small, random changes
Saved Comment 0 Export as PNG Share
Icon Note Link 40% Theme Tips
Table- relation
large scale parallel data system -
symmetric, asymmetric, massive
grid computing - form of parallel
Server based system
distributed. Loss of privacy
peer to peer - no central management,
workloads shared, BitTorrent
Distributed control system (DCS) -
large scale env, process driven
Supervisory control and data acquisition (SCADA) -
DB Types
Industry control system standalone device, data gathering & event drive, large
geographic area. NEVER designed for internet
Programmable logic controller (PLCs) -
single purpose
Distributed system - client-server,
collection of individual system work security issues: unauthorized,
together. [blockchain] eavesdropping, lack of monitoring
Database 3 components: compute, network, storage
ACID Model High performing computing - complex
calculation
use case: RTOS, research lab
Private - dedicate resource to an
organization (cloud in your data center,
legacy, compliance)
Attack Public - multi tenant, manage by external
CSP (pay as your go, agility, scalability)
deployment model
Hybrid - sensitive in private,
non-sensitve info in public
Domain 3.2:
Information System Community - share infra with multiple
org on common needs
Cloud
Defense SaaS (browser) - customer manage identity, data, endpoint
IaaS (compute) - customer manage OS
level above. CSP manage networking,
service model hypervisor, server, data center
PaaS (deploy custom code) - customer manage
app & data. CSP manage db, os, networking,
hypervisor, server, data center
Normalization Cloud access security broker (CASB) - security policy enforcement
Internet of thing (IoT) - internet security issues: access, encryption.
connected device Keep device up to date
Knowledge-Based System
Fog computing -centralised processing of data
Edge- CDN collected by distributed sensor
Attack surface: user, physical,
sensor, output, processor
Client-Based System
Microcontroller - small computer Raspberry Pi, Arduino
Embedded system - add to existing open source 8 bit, field programmable gate array (FPGA) -
mechanical system flexible used in ICS
security concern: limited network, unable process high
end encryption, difficult patch, do not use
authentication, supply chain issues
Static system - static env dont change. E.g check in kiosk at airport, ATM
vulnerabilities in system
Network enabled device
Cyber-Physical system
Domain 3.3 Virtualization Saved Comment 0 Export as PNG Share

Topic Subtopic Connection Icon Note Link 100% Theme Tips

Microservice

Infrastructure as Code

hypervisor - VMM -
create/manage/operate virtual machine mobile device management - full drive
encryption, remote wiping, device
Virtualized System authentication, device lockout, app
Hypervisor I - install on bare metal
control

Hypervisor II - install on top of host (Virtual Box)

Bring your own device (BYOD) - staff
use his phone
Virtual Software
Domain 3.3 Corporate-owned, Personally Enabled
Virtualized Networking Mobile device
Virtualization (COPE) - company phone but use for
both personal and work matter
Software Defined everything - replacing Deployment
software with virutalization Choose your own device (CYOD) - provide
list of approved devices to select
Virtualization Security Management -
protect host, backup, VM sprawl, Corporate-owned Mobile Strategry
sensitive data within VM, unauthorized (COMS) - company phone for work
access to hypervisor purpose only

Containerization - eliminate duplication of

OS element in a virutal machine

Serverless - CSP manage platform, server

Domain 3.4: Cryptography (Symmetric,
(Symmetric, Asymmetric...
Asymmetric, Saved Comment 0 Export as PNG Share

Topic Subtopic Connection Icon Note Link 40% Theme Tips

Cryptography - Science

Cryptosystem - All in one sw, hw, algo,key

Cryptology - study Pros - fast

Cryptanalysis - decrypt/break Cons - out of band key distribution, no

nonrepudiation, only confidentiality, algorithm is
not scalable, key must generate often
Kerckhoff’s principle - algorithm is
public, key is secret
keys require = n(n-1) / 2
PAIN - privacy, authenticity,
Key clustering - same plain text with different
integrity, non-repudiation use case: encrypt bulk data
keys generate same cipher
Terminology
Key space - range of key value *AES (Rijndael)- 128B, 128/192/256 key, 10, 12, 14 rounds

One way function - math's output value #ECB - block, same encrypted block
but can't get input value
CBC - block, IV, chain (error propagate),
Initialization Vector (IV) - is a random bit string (a nonce) that is unencrypted text XORed
XORed with the message, reducing predictability and repeatability.
CFB - stream, IV, chain (error
Work function/work factor - measure strength of propagate)
Symmetric - a
cryptography, effort to decrypt msg #DES - 64B, 56 key
shared secret key
OFB - stream, IV, NO ERROR, XOR
Strength factor: algorithm, secrecy of plaintext with a seed value
key, key length, IV, random key
CTR - stream, IV, NO ERROR, use
Dual control - 2 separate increment counter instead of seed
function/process for key recovery
Galois counter mode - adds authentication
Split knowledge - 2 separate pieces of knowledge
Key management 3DES - 64B, 112 (more effective security), 168 key
Key escrow - third party hold the key Domain 3.4:
and release with condition Modern
Cryptography IDEA - PGP, 64B, 128 key
crypto (at
(Symmetric,
least 128
Rules: key length, store secure, key random, key lifetime Asymmetric, Blowfish - alternative to DES, IDEA but faster, variable
bits long)
on sensitivity of data, backup key, destroy key Quantum) lengh keys up to 448 bit

Transposition (scytale) - REARRANGE letters #Skipjack/clipper - US government, escrow of keys

Substituition (Caesar） - RREPLACE letter #RC4,5,6 - RC4 is stream cipher 40-2048 bit, WEP,
WPA, SSL (no longer secure)
Vigenere - polyalphabetic substitution
Old crypto Pros - easy key distribution, integrity,
One time pad - authentication, nonrepudiation
Requirement - random, pad protected, unbreakable
used only once, key as long as msg (vernam) Cons: Slow, small data

Enigma machine/purple machine - WWII keys require = n * 2

Confusion (substitution) - use case: PKI (verify identity), encrypt keys

relationship is complicated
Block cipher - text divide into blocks *RSA (factoring of large prime number) - Use in digital
Diffusion (transposition) - change in and encrypt one block at a time. Asymmetric - receiver's
signature, key distribution, encryption
plaintext results in multiple changes public key encrypt +
through ciphertext receiver's private key
decrypt ElGamal (discrete)- free to use but double
size of message, SLOWEST
Pros - quickly, scale, real time VoIP
Stream cipher - operate one Elliptic Curve (discrete), more efficient than RSA
Cons: less secure (RC4), require lot character/bit a time (256 bits = 3072 bits in RSA). Use in encryption, digital
randomness, processing power signature, key exchange

security: asymmetric like RSA, DH could be broken. Stream Diffie-Hellman (discrete)- key exchange, middle man
cipher least vulnerable. Lattice offer some resistance attack. Use in SSL, TLS, SSH, IPSec, PKI

not for encrypt, solves key distribution problem Quantum - replace binary
#Knapsack - obsolete
with multidimensional
quantum bits (qubits)
Grover's algo - computer speeds up to attack with halve the key length

Shor's algo - easily break all public key algo based on factoring and discrete logorithm problem
Domain 3.5 Cryptography (HASH,
(HASH, HMAC,
HMAC, digital
digital sig...
signa Saved Comment 0 Export as PNG Share

Topic Subtopic Connection Icon Note Link 60% Theme Tips

TPM - full disk encryption

Pretty good privacy (PGP) - web of trust

Integrity only Email S/MIME - RSA, x509 exchange key

5 requirement: input any length-->fix length output. key exchange - RSA, DH, ECDH
Easy to compute, one way, collision free
authentication - RSA, DSA, ECDSA
Attack: collision (2 different doc produce same
hash)--> birthday attack
Applied Web TLS/SSL encryption - AES, 3DES
Hash (MD)
#SHA1- 160 bit,224,256,512,384 message digest
hash - SHA
#MD5 - 512 block
TLS_DH_RSA_WITH_AES_256_CBC_SHA384
HAVAL - faster than MD5 with 3 rounds used
link encryption - secure tunnel btw 2
points (nodes)
RIPEMD, RIPEMD-128, RIPEMD-160 (remain secure)
Network Circuit encryption, IPSec
end-to-end encryption - btw client and
Integrity, authentication, server. Data is encrypted at origin
non-repudiation (NO CONFIDENTIALITY) and decrypt at destination
Digital Signature (Digests)
To sign/create - sender's private key encrypt hash brute force - try all possible key

To verify - sender's public key to decrypt singature cipher text

authentication, integrity, (NO ciphertext only

most difficult attack, modern crypto
NON-REPUDIATION), shared secret key guarded this attack
HMAC (MAC)
message + secret key --> MAC value plaintext + corresponding ciphertext
Domain 3.5 Cryptography known plaintext
DSA，RSA, ECDSA Digital signature standard (DSS) (HASH, HMAC, digital
signature, PKI, hybrid, vulnerable: linear cryptanalysis
cryptanalytic Attack)
authentication, confidentiality, chosen plaintext ciphertext-plaintext pair (cryptosystem)
integrity, non-repudiation

piece of ciphertext (same cipher text msg)=

cert X.509 - version, serial number,
get decrypted plaintext
signature algo, issuer, subject public key chosen ciphertext

CA - issue cert, RA - verify and register, vulnerable: RSA

CRL - contain list of revoke cert (serial Public Key Infrastructure (PKI)
number), OSCP - real time. certificate frequency analysis (eng letter) - transportation
stapling as OSCP is burden
site channel - monitor power, timing, radiation/emission
Cryptanalytic Attack
cert file: DER, PFX (Binary); PEM, P7B (Text) -
.der & .crt, .pem & crt, .pfx & .p12 implementation attack - exploit weakness in software,
protocol, encryption algorithm
cert recipient verify cert using CA's public key
fault injection - external fault like electric, temperature (physical attack)
symmetric (encrypt msg) + asymmetric (encrypt key)
timing - how long cryptographic operation
1. client browser https://www
man in the middle - fools both parties into communicating with attacker
2. server send its public key instead of directly with each other

Hybrid (TLS) differential cryptoanalysis

3. client browser generates a symmetric session key

4. client use server's public key to encrypt the replay attack - replay a valid session
symmetric key and sends it to server
pass the hash - windows active directory where attacker
5. server uses its private key to decrypt the symmetry key resubmit cached authentication token. Use mimikatz tool

ransomware - encrypt victim's file and ask for payment to unlock

Meet in the middle - 2DES, 3DES, 2 rounds of encryption

Domain 3.6 Site and facility Saved
Topic
natural access control
natural surveillance - uneasy Crime Prevention Through
Environmental Design (CPTED)
natural territorial reinforcement -
area feel cared
1.Deter
2.Deny
3.Detect
Functional in order
4.Delay
5.Determine
6.Decide
Wiring closet - locks, area tidy, no
flammable item, cctv, log entries, do
not give keys
wave - microwave
Domain 3.6 Site and facility
capacitance - electrical or magnetic Server room - away from water, gas,
smartcards and badges, motion
photoelectric - light detector, alarm
infrared - heat
Media storage - locked cabinet,
custodian, entry, drive sanitization,
integrity check
Evidence storage - dedicated storage system,
keep storage offline, block internet, limit
access, encrypt all dataset, hash
Restricted and work area security - walls, clean desk,
only authorized access
electronic combination lock/cipher lock
Locks
key card, biometric, conventional
lock, pick-and-bump resistant lock
shock
Window
glass break
Comment 0 Export as PNG Share
Subtopic Connection Icon Note Link 90% Theme Tips
power(fault, blackout), high voltage (spike,
HVAC surge), low voltage (sag/dip, brownout)
Electromagnetic interference (EMI)
Noise
Radio frequency interference (RFI)
Voltage 1k - monitor, 1.5k hard drive, 2k-system
UPS - momentary/short/temporary
Generator - longer/sustained
Power
Dual power supplies - for critical network device
and concern on power supply
Fence - 8 feet deter intruder
Light - 8 feet high with 2 feet candle power
Temperature - 60-75F (15-23C)
Humiditty - 40-60% (high-corrosion, low- static electricity
wet pipe - full of water
dry pipe - compressed gas, closed sprinkler head, filled
with compressed air until the sprinkler heads open
Water preauction system (most appropriaple) - closed sprinkler
head, 2 stage detection (1.detect and fill with water, 2.
heat then sprinkler head opened)
deluge system - large volume of water, sprinkler head
open, empty until a fire alarm sound
CO2 - effective but risk to human
Gas Halon - non environment friendly
FE-13, FM-200, Inergen- safe for human (recommded)
A - common combustibles (water or acid)
B - liquid (gas or soda acid)
C - electrical (gas)
Fire
D - metal (dry powder)
K - cooking (alkaline)
detection (flame, smoke, heat): ionization,
photoelectrial, dual