360

360


SECURITY ARCHITECTURE &
DESIGN

CC


A.
B.
B.1
B.2 PIC-DSS ISO

C.
D.
D.1
D.2

E.
E.1
E.2
E.3
E.4
E.5

Web XML SAML OWASP

F.

 Architecture

Architecture

ANSI/IEEE Std 1471-2000

I/O

, Hardware
CPU

, Firmware

BIOS
Device Firmware

, Software

CPU Central Processing Unit

Memory
/ Input / Output devices
BUS

CPU

I/O

I/O

Central Processing Unit,C

PU CPU

 CPU

CPU
(1) ALU (Arithmetic Logic Unit)

(2) (Control unit) CPU

ALU
(3) / (Registers) CPU

(Accumulator)
(Program Counter)
(Memory Address Register)
(Memory Buffer Register)
(Instruction Register)

(4) (interconnection path) CPU

CPU

CPU

CPU

CPU

Add

x+y=z

Add
x+y=z
X=3 y=2

X=3 y=2

Z=5

AL
U

CPU
Run/operating state

Application/Problem state

(nonprivileged instructions)

Supervisor state

( Privileged inst
ructions )

Wait state

CPU

Process

,
OS

Thread

Virtual Machine(VM)

(MultiProgramming)

CPU
CPU

, TOC/TOU

CPU ( )

MultiTasking

(Realtime) (Preemptive) (Coope
rative)
Windows 2000, IBM OS/390, Linux.

Multiprocessing

Multiprocessor, 2

CPU
( )

Symmetric Multiprocessing
Asymmetric MultiProcessing

MultiThread

CPU

. ,
( ) .

 (PipeLine)

(
)

IF ( Instruction Fetch)
ID ( Instruction Decoding)
EX ( Execution and effective address calcul
ation)

RISC & CISC

RISC

Reduced Instruction Set Computer

RISC (Compiler)
RISC CPU

CISC

Complex Instruction Set Computer

RISC

CPU
(
)

MEMORY

CPU




RAM

RAM: , Cache, (DRAM, SRAM)
ROM
Flash Memory

Cache
CPU
CPU CPU

(cache memory)
CPU CPU
CPU
CPU (
)

CPU L1 CPU
L2 L1 L2 CPU
L1 L2 (RAM)

RAM

Random access memory

Register
Cache
(Dynamic RAM, DRAM)
(Static RAM SRAM)
CPU

DRAM Cache

ROM

Read only memory

SRAM

PROM( programmable ROM)

EPROM( erasable PROM) ROM

EPROM

EEPROM( electrically erase PROM) ROM

MASK ROM

 Flash Memory
1984 Fujio Masuoka

(

RAM

(Flash Card) (Flash Memory)

MP3

SmartMedia(SM ) Compact Flash(CF ) MultiM

ediaCard(MMC ) Secure Digital(SD ) Memory Stick( ) XD-Picture Car
d(XD ) (MICRODRIVE)

Virtual Memory

( ) (RAM)

CPU

Cache
(DRAM)
Disk Cache
( )
( )

I/O

CPU

I/O

Programmed I/O
Interrupt-Driven I/O

CPU

Direct Memory Access (DMA)

I/O
DMA CPU
CPU I/O
DMA DM
A
CPU

DMA



CPU

( )
( )
( )
CPU

 Firmware

BIOS

Basic Input Output System, ROM BIOS

ROM

BIOS CMOS

CMOS ComplementaryMetalOxideSemiconductor
CMOS

BIOS CMOS

Firmware

MP3

SCSI ...

Multilevel security policy

 TCB
TCB ,

TCB

TCB
TCB
TCB
TCB

TCB 4

Process activation
Execution domain switching
Memory protection
I/O I/O operation

 Reference Monitor

RM

RM

RM

 Security Kernel
TCB

RM
TCB RM
TCB

 Protection Ring

(system call)
4

Ring 1
Ring 2

Ring 3

Ring 4

 Security Labels

 Security Domain

TCB

Security perimete
r

TCB

OS

Process Isolation

Hardware Isolation
TCB

Least Privilege

 Hardening

Hardening

hardening
sandbox


(dedicated)

(clearance)

(system high)

(compartmented)

(multilevel secure MLS)

(
Bell-LaPadula)

(controlled mode)
/

(limited access mode)

Access control models

(Confidentiality Model)

Information Flow Models

Bell-LaPadula

Take-Grant

Integrity Models
Biba
Clark & Wilson


State Machine Model

State

State transition
State transitio
n

secure state model

 (Information Flow Models)

( )
,

Bell-LaPadula Biba


,
.

(EAL6)

Bell-LaPadula
1973 David Bell Len LaPadula

Bell-LaPadula
( )





Need to know
(
)

Bell-LaPadula

ss (Simple Security Property

)
(No Read Up)

* The * (star) security Property

(No write Down)
Strong * property

ds (Discretionary security Pr
operty )

Content Dependent
Context Dependent

BLP

(covert channels)

(secure st
ate transition)
(multilevel security)

Biba

( )

1977 Bell-Lapadula ,

Biba (hierarchi
cal lattice of integrity levels)

( ) least upper bound (LUB)

( ) greatest lower bound (GLB)
Lattice = (IC,<= , LUB, GUB)

 Integrity Axioms

read
No read down

write
No write up

(invoke)

 Lattice
Lattice BLP

lattice BLP
lattice " " BLP "
"

Clark-Wilson
1987

Constrained Data Item (CDI)
Integrity Verification Procedure (IVP)
Transformation Procedure (TP)
Unconstrained Data Item

Clark-Wilson integrity label

TP /
separation of duty, mandatory integrity polic
y

Clark-Wilson ( )

Biba lattice Subject/Program
/Object triple Subject
Object Program

well-formed transactions program p
rogram program

separation of duties

Auditing
Clark-Wilson model restricted interface model
3 Biba


Brew and Nash: Chinese Wall,
Chinese Wall

Chinese Wall

Chinese Wall


DAC MAC
DAC MAC


Non-interference Model

(A) (C)
(B)( D) A, C:| B, D
C A D B

 - (Take-Grant)

4 access mode(4 )
1 Read
2 Write
3 Take
A take B
A B

4 Grant

grant

A B A

1 2 (inert) /

3 4 (transport)

 , Access Matrix

Access Rights
Read write execute

, Subject

Objects

(Discretionary)

 ( )

Access Control Lists (ACLs)

capability lists.
(objec
t, rights, random #.)

replay spoofin
g Kerberos ticket

R W Own

z
R W Own

R W Own

RW

RW

Bell-LaPadula

: (
)
* : (
)
* :

Biba

: (
)
* : (
)

ClarkWilson

ACL

Brewer and
Nash

GrahamDenning

NDA

NDA

NDA

NDA

TCB
reference monitor ker
nel

criteria
Trust Level

Assurance

TCSEC

Trusted Computer System Evaluation Crit

eria OS

1970 1985

TCSEC2000 Common Criteria

TCSEC

D (minimal protection)
C (discretionary protection)
C1: Discretionary Security Protection
C2: Controlled Access Protection

B (mandatory protection)
B1: Labeled Security
B2: Structure Protection
B3: Security Domain

A (verified protection)
A1: Verified Design

TCSEC

D1
C1 C2
B1 B2

B3 A1

ITSEC
Information Technology Security Evaluation Criter
ia

TCSEC

TOE(Target of Evaluation )

security target

CC: Common Criteria

CC

PDR( )

7 (EAL) 7

CC

IT

(Target of Evaluation TOE)

TOE (assurance requirement) (Protection

Profile) (Security Target)

TOE(Target of Evaluation)
PP (Protection Profile)
ST( Security Target)
(Function)
(Assurance)
(Component)
(Package)
EAL( Evaluation Assuranc
e Level)

PP

Certification vs Accreditation
, Certification

, Accreditation

DAA (Designated Approving Authority )

 Zachman

SABSA

ACL

IT IT

IT IT

,
.

 / (TOC/TOU)


Nonvolatile storage tha
t holds program instruc
tions and retains data
even when power is tu
rned off is known as w
hich type of storage?
Primary
Secondary
Virtual
Real


Which of the following
is a system that has w

ithstood benchmark te

sting and validation to

TCB
meet user and evalua

tion requirements?

TCB system
Evaluated system
Trusted system
Security kernel system


Katie has been appointed proj
ect manager of a new build-out
on the 5th floor. Along with the f
acilities, she is responsible for
selecting new hardware across
the board. Her first task is to c
hoose border routers to use on
the Extranet platform. Which e
valuation program would be m
ost suited for this task?

Orange Book
Brown Book
Red Book
Green Book

Red Book


When a system is said t
o be operating in proble
m state what does this
mean
The system is using Ring
s 0 and 1
The system is executing
an application
The system is in a fault st
ate
The system is in ready st
ate

0 1


Which of the following has an incorr
ect definition mapping?
1. Multiprogramming An operating sy
stem can load more than one program
in memory at one time.
2. Multitasking An operating system
can handle requests from several diffe
rent processes loaded into memory at
the same time.
3. Multithreading An application has
the ability to run multiple threads simul
taneously
4. Multiprocessing The computer ha
s more than one CPU

A. All of them
B. None of them
C. 4
D. 3

1 -

2 -

3 -

4 - C
PU

A.
B.
C. 4
D. 3