U2.2 Fundamentals


Masters Comp Sec Mapa Mental sobre U2.2 Fundamentals, creado por Craig Parker el 03/11/2013.
Craig Parker
Mapa Mental por Craig Parker, actualizado hace más de 1 año
Craig Parker
Creado por Craig Parker hace más de 11 años

Resumen del Recurso

U2.2 Fundamentals


  • 1. Where to FOCUS 2.Where to PLACE 3. Complexity or Assurance 4.Centralise or Decentralise 5. Block access to layer below
  1. Dilemma
    1. Security unaware users have specific security requirements but no security expertise
      1. Orange Book
        1. Can predefined evaluation criteria meet specific user requirements
        2. IT SEC
          1. How can a security unaware user assess a specific target of valuation
      2. 1st Design Decision
        1. Where to focus Sec Ctrls
          1. Can be placed almost anywhere
            1. Tends to be on Data and Users, sometimes Operations
              1. Controls can be enforcd by the operating system
                1. Controls can be procedural
            2. 2nd Design Descision
              1. Where to place Sec Ctrls
                1. Can be placed at any layer from App to Physical
                  1. As you move down the layers you apply a more universal control
                    1. The lower you go the more flexibility is compromised
                      1. Application Sec provides greater flexibility
                    2. Higher layers are more complex to secure, most expensive and more dev time required
                    3. Man - Machine Scale
                  2. 3rd Decision
                    1. Complexity or Assurance
                      1. Hardware based = Simple controls
                        1. Application Based = feature rich & complex
                          1. Problem is, simplicity gives higher assurance levels of secuirity
                            1. To achieve high assurance products must be examined in great detail
                              1. Complex controls are harder to analyse and therefore harder to provide great arrurances
                                1. Obvious tradeoff between complexity and assurance
                            2. 4th Descision
                              1. Centralise or decentralise control
                                1. Single entity
                                  1. Consistent, Uniform, may become less efficient
                                  2. Distributed Control
                                    1. More efficient but more management and concerns about consistency
                                2. 5th Descision
                                  1. Blocking access to the layer below
                                    1. Protection mechanisims define a security perimiter
                                      1. Once an attacker is inside, defence it breached
                                      2. If a particular Sec mech is placed at the services layer, how do you stop an attacker from defeating that mechanisim by breaking the OS at the layer below
                                        1. A total solution is required
                                    Mostrar resumen completo Ocultar resumen completo


                                    U2.1 Comp Sec: deals with prevention & detection of unauthorised actions by users of a comp system
                                    Craig Parker
                                    U3.2 Access Control Structures
                                    Craig Parker
                                    U3. Labels & Access Control
                                    Craig Parker
                                    U3.1 Access Control
                                    Craig Parker
                                    U3.3 Administration
                                    Craig Parker
                                    U4. Security Models & Policy
                                    Craig Parker
                                    U4. Bell-LaPladula
                                    Craig Parker
                                    U4. Biba
                                    Craig Parker
                                    U4. Further Aspects of BLP
                                    Craig Parker
                                    U4. Harrison–Ruzzo–Ullman
                                    Craig Parker
                                    U4. Chinese Wall
                                    Craig Parker