{"id":2551,"date":"2020-02-27T01:41:27","date_gmt":"2020-02-27T01:41:27","guid":{"rendered":"http:\/\/wiki.thomasandsofia.com\/?p=2551"},"modified":"2020-02-28T02:05:00","modified_gmt":"2020-02-28T02:05:00","slug":"domain-3-security-architecture-and-engineering","status":"publish","type":"post","link":"https:\/\/wiki.thomasandsofia.com\/?p=2551","title":{"rendered":"Domain 3 &#8211; Security Architecture and Engineering"},"content":{"rendered":"<p><a href=\"http:\/\/wiki.thomasandsofia.com\/?p=2540\">&lt; Domain 2 &#8211; Asset Security<\/a> |<\/p>\n<h1>Overview<\/h1>\n<ul>\n<li>Security Architecture and Design\n<ul>\n<li>Common security models<\/li>\n<li>Architecture, design, virtualization, cloud and solutions<\/li>\n<li>How computers work and how the are logical segmented<\/li>\n<li>Threads to our applications, systems and devices<\/li>\n<\/ul>\n<\/li>\n<li>Cryptography\n<ul>\n<li>History of<\/li>\n<li>Types of encryption<\/li>\n<li>Hashes<\/li>\n<li>Cryptography attacks<\/li>\n<li>Digital signatures<\/li>\n<\/ul>\n<\/li>\n<li>Physical Security\n<ul>\n<li>Site and facility secure design principles<\/li>\n<li>Perimiter defense<\/li>\n<li>HVAC, Power and fire suppression<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h1>S9 &#8211; Security models and concepts<\/h1>\n<h2>Security Models Fundamental Concepts<\/h2>\n<h3>Types of Security Models<\/h3>\n<ul>\n<li>DAC (Discretionary Access Control)\n<ul>\n<li>Gives subjects full control of objects they have created or been given access to<\/li>\n<\/ul>\n<\/li>\n<li>MAC (Mandatory Access Control)\n<ul>\n<li>System enforced access control based on a subject&#8217;s clearance and an object&#8217;s labels<\/li>\n<\/ul>\n<\/li>\n<li>RBAC (Role Based Access Control)\n<ul>\n<li>Access to objects is granted based on the role of the subject.<\/li>\n<\/ul>\n<\/li>\n<li>ABAC (Attribute Based Access Control)\n<ul>\n<li>Access to objects is granted based on the subjects, objects and environmental conditions<\/li>\n<li>Attributes could be:\n<ul>\n<li>Subject (user) &#8211; Name, role, ID, clearance, etc.<\/li>\n<li>Object (resource) &#8211; Name, owner, date of creation<\/li>\n<li>Environment &#8211; Location and or time of access, and threat levels.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>RUBAC (Rule Based Access Control)\n<ul>\n<li>Access is granted based on If\/Then statements<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Security Model Examples<\/h3>\n<p><span style=\"color: #ff0000;\"><strong>Exam Topic!<\/strong><\/span><\/p>\n<h4>Bell-LaPadula: (MAC \/ Confidentiality)<\/h4>\n<ul>\n<li>Simple Security property &#8220;No Read UP&#8221;\n<ul>\n<li>Subjects with Secret clearance can&#8217;t read Top Secret data.<\/li>\n<\/ul>\n<\/li>\n<li>* Security Property: &#8220;No Write DOWN&#8221;\n<ul>\n<li>Subjects with Top Secret clearance can&#8217;t write Top Secret information to Secret folders.<\/li>\n<\/ul>\n<\/li>\n<li>Strong * Property: &#8220;No Read or Write UP and DOWN&#8221;\n<ul>\n<li>Subjects can ONLY access data on their own level.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h4>BIBA: (MAC \/\u00a0 Integrity)<\/h4>\n<ul>\n<li>Simple Integrity Axiom: &#8220;No Read DOWN&#8221;\n<ul>\n<li>Subjects with Top Secret clearance cannot read Secret data.<\/li>\n<li>Integrity is the purpose here. He don&#8217;t want to have wrong or lacking lower clearance level data confuse us.<\/li>\n<\/ul>\n<\/li>\n<li>* Integrity Axiom: &#8220;No Write UP&#8221;\n<ul>\n<li>Subjects with Secret clearance can&#8217;t write Secret information to Top Secret folders<\/li>\n<li>We don&#8217;t want wrong or lacking lower level information to propagate to a higher level.<\/li>\n<\/ul>\n<\/li>\n<li>Invocation Property: No Read or Write UP&#8221;\n<ul>\n<li>Subjects can never access or alter data on a higher level.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h4>Lattice Based Access Control [LBAC] (MAC)<\/h4>\n<p><a href=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/02\/LBAC.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2556\" src=\"http:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/02\/LBAC.png\" alt=\"\" width=\"362\" height=\"308\" srcset=\"https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/02\/LBAC.png 362w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/02\/LBAC-300x255.png 300w, https:\/\/wiki.thomasandsofia.com\/wp-content\/uploads\/2020\/02\/LBAC-150x128.png 150w\" sizes=\"auto, (max-width: 362px) 100vw, 362px\" \/><\/a><\/p>\n<ul>\n<li>A subject can have multiple access rights.\n<ul>\n<li>A subject with Top Secret {crypto, chemical} would be able to access everything in this lattice.<\/li>\n<li>A subject with Secret {crypto} would only have access to that level.<\/li>\n<li>A subject with Top Secret {chemical} would have access to only {chemical} in Top Secret and Secret.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>5:30<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&lt; Domain 2 &#8211; Asset Security | Overview Security Architecture and Design Common security models Architecture, design, virtualization, cloud and solutions How computers work and how the are logical segmented Threads to our applications, systems and devices Cryptography History of Types of encryption Hashes Cryptography attacks Digital signatures Physical Security Site and facility secure design ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.thomasandsofia.com\/?p=2551\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54],"tags":[],"class_list":["post-2551","post","type-post","status-publish","format-standard","hentry","category-cissp"],"_links":{"self":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/2551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2551"}],"version-history":[{"count":4,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/2551\/revisions"}],"predecessor-version":[{"id":2557,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=\/wp\/v2\/posts\/2551\/revisions\/2557"}],"wp:attachment":[{"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2551"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.thomasandsofia.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}