2015年1月11日 星期日

電梯演說

有時光是在腦子裡想,會有盲點而不自知。你可以試著將自認為掌握到的問題核心說給別人聽,關鍵在於能否在三十秒內說完。真正的問題通常是很簡單易懂的,當你的說明太過冗長,就表示還沒抓到問題核心。

簡潔有力的發問=> 問題 + 解決策略 + 實施方法

2015年1月1日 星期四

CISSP Note(Ch4 Security Architecture and Design)

Memory Mapping

The physical memory addresses that the CPU uses are called absolute addresses. The indexed memory addresses that software uses are referred to as logical addresses.

Protection Ring

Ring 0: OS Kernel 
Ring 1: OS
Ring 2: Drivers. OS Utilities
Ring 3: Application, DB



















Bell-LaPadula model

1. simple security rule: a subject at a given security level cannot read data that reside at a higher security level. => No read up
2. *-property (star property): subject in a given security level cannot write information to a lower security level. => No write down
3. strong star property rule": a subject that has read and write capabilities can only perform those functions at the same security level

Biba Model

1. *-integrity axiom: A subject cannot write data to an object at a higher integrity level => No write up
2. Simple integrity axiom: A subject cannot read data from a lower integrity level => No read down
3. Invocation property: subject cannot request service (invoke) of higher integrity.

Clark-Wilson Model

Access triple: subject (user), program (TP), and object (CDI). A user cannot modify CDI without using a TP

Integrity verification procedures (IVPs) Check the consistency of CDIs with
external reality

Covert Channels

1. Storage: uses a shred storage, such as a temporary directory, to allow two subjects to signal to each other.
2. Timing: relies on the system clock to infer sensitive information.

Brewer and Nash Model (Chinese Wall model)

access controls that can change dynamically depending upon a user’s previous actions. The main goal of the model is to protect against conflicts of interest by users’ access attempts.

TCSEC classification

A. Verified protection:
   - A1: Verified Design: A more stringent change configuration is put in place with the development of an A1 system, and the overall design can be verified.
B. Mandatory protection: The architecture is based on the Bell-LaPadula security model, and 
evidence of reference monitor enforcement must be available. 
   - B1: Labeled Security: system must compare the subject’s and object’s security labels to ensure the requested actions are acceptable
   - B2: Structured Protection: Subjects and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place
   - B3: Security Domains: the programming code that is not necessary to support the security
policy is excluded. The design and implementation should not provide too much complexity. system must be able to recover from failures without its security level being compromised.
C. Discretionary protection
   - C1: Discretionary Security Protection:It would be a trusted environment with low security concerns.
   - C2: Controlled Access Protection: isseen as the most reasonable class for commercial applications
D. Minimal security

ITSEC and TCSEC Mapping












Evaluation Assurance Level (EAL)

• EAL1 Functionally tested
• EAL2 Structurally tested
• EAL3 Methodically tested and checked
• EAL4 Methodically designed, tested, and reviewed
• EAL5 Semiformally designed and tested
• EAL6 Semiformally verified design and tested
• EAL7 Formally verified design and tested

Maintenance Hooks

are a type of back door. They are instructions within software that only the developer knows about and can invoke, and which give the developer easy access to the code.

Time-of-Check/Time-of-Use Attacks(TOC/TOU)

deals with the sequence of steps a system uses to complete a task. This type of attack takes advantage of the dependency on the timing of events that take place in a multitasking operating system. Attacker manipulates the “condition check” step and the “use” step within software to allow for unauthorized activity.