Memory Mapping
The physical memory addresses that the CPU uses are called absolute addresses. The indexed memory addresses that software uses are referred to as logical addresses.
Protection Ring
Ring 0: OS Kernel
Ring 1: OS
Ring 2: Drivers. OS Utilities
Ring 3: Application, DB
Bell-LaPadula model
1. simple security rule: a subject at a given security level cannot read data that reside at a higher security level. => No read up
2. *-property (star property): subject in a given security level cannot write information to a lower security level. => No write down
3. strong star property rule": a subject that has read and write capabilities can only perform those functions at the same security level
Biba Model
1. *-integrity axiom: A subject cannot write data to an object at a higher integrity level => No write up
2. Simple integrity axiom: A subject cannot read data from a lower integrity level => No read down
3. Invocation property: subject cannot request service (invoke) of higher integrity.
Clark-Wilson Model
Access triple: subject (user), program (TP), and object (CDI). A user cannot modify CDI without using a TP
Integrity verification procedures (IVPs) Check the consistency of CDIs with
external reality
Covert Channels
1. Storage: uses a shred storage, such as a temporary directory, to allow two subjects to signal to each other.
2. Timing: relies on the system clock to infer sensitive information.
Brewer and Nash Model (Chinese Wall model)
access controls that can change dynamically depending upon a user’s previous actions. The main goal of the model is to protect against conflicts of interest by users’ access attempts.
TCSEC classification
A. Verified protection:
- A1: Verified Design: A more stringent change configuration is put in place with the development of an A1 system, and the overall design can be verified.
B. Mandatory protection: The architecture is based on the Bell-LaPadula security model, and
evidence of reference monitor enforcement must be available.
- B1: Labeled Security: system must compare the subject’s and object’s security labels to ensure the requested actions are acceptable
- B2: Structured Protection: Subjects and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place
- B3: Security Domains: the programming code that is not necessary to support the security
policy is excluded. The design and implementation should not provide too much complexity. system must be able to recover from failures without its security level being compromised.
C. Discretionary protection
- C1: Discretionary Security Protection:It would be a trusted environment with low security concerns.
- C2: Controlled Access Protection: isseen as the most reasonable class for commercial applications
D. Minimal security
ITSEC and TCSEC Mapping
Evaluation Assurance Level (EAL)
• EAL1 Functionally tested
• EAL2 Structurally tested
• EAL3 Methodically tested and checked
• EAL4 Methodically designed, tested, and reviewed
• EAL5 Semiformally designed and tested
• EAL6 Semiformally verified design and tested
• EAL7 Formally verified design and tested
Maintenance Hooks
are a type of back door. They are instructions within software that only the developer knows about and can invoke, and which give the developer easy access to the code.
Time-of-Check/Time-of-Use Attacks(TOC/TOU)
deals with the sequence of steps a system uses to complete a task. This type of attack takes advantage of the dependency on the timing of events that take place in a multitasking operating system. Attacker manipulates the “condition check” step and the “use” step within software to allow for unauthorized activity.
沒有留言:
張貼留言