Professional Documents
Culture Documents
Models
The security architecture of an information
system is fundamental to enforcing an
organizations information security policy.
Computer Architecture
CPU:
Software
Languages
1GL:
2GL:
3GL:
4GL:
5GL:
machine language
Assembly language
FORTRAN, BASIC, PL/1, C, etc
NATURAL, FOCUS, SQL
Prolog, LISP, other AI languages
Open:
Vendor independent
Designed & written by outsiders
Subject to review & evaluation by
outside parties not company insiders
Closed
Vendor dependent
Not typically compatible with other
systems
Distributed Architecture
Protection Mechanisms
Recovery Procedures
Assurance
Assurance:
Certification & Accreditation
Accreditation
U. S. Defense Types of
Accreditation
1.
2.
3.
4.
Coordinate security
Assess vulnerability
Build assurance
argument
Monitor security
posture
Provide security input
Access Matrix
Take-Grant Model
Bell-LaPadula Model
Department of Defense
Deals only with confidentiality not integrity or
availability
Access Matrix
Columns provide ACL for each object
Subject/Ob File:
ject
Income
File:
Salaries
Process:
Deductions
Print
Server: A
Joe
Read
Read/Write
Execute
Write
Jane
Read/Write
Read
None
Write
Process:
Check
Read
Read
Execute
None
Program:
Tax
Read/Write
Read/Write
Call
Write
Directed Graph
Grant rights to B
Subject A
Object B
Grant rights to B
Including grant right
Subject A
Subject C
A
ha
sr
igh
ts
Y
Grant subset of Y on D
to
Subject/Object D
Bell-LaPadula Model
Integrity Models
subject
Invoke
Not ok
subject
Confidential
(Project X)
Confidential
(Task 1, Project X)
Confidential
Unclassified
Confidential
(Task 2, Project X)
Composition Theories