The security model is just a concept. to apply it to practice, you need to use the protection mechanism described in this article. It is more specific than the security model and closer to the actual application concept, the foundation of many operating systems and security software products is built on it (remind me that the cissp test does not involve specific product and technical details ).
The purpose of the protection mechanism is to isolate all entities (data, users, programs, etc.) in the system and allow access between entities through certain rules. Therefore, the protection mechanism can be divided into active and passive actions based on the defined rules, actively blocks access to a specified object. Access Control, memory protection, and other technologies are actively protected. The passive protection mechanism itself does not block access to a specified object, however, the protection function is implemented by blocking the use of specified entities. encryption technology is used to prevent information leakage and checksum to detect unauthorized changes to information, all belong to the passive protection mechanism.
The protection mechanism is usually deployed on the operating system, hardware, or firmware. cissp CBK divides it into three types based on the deployment location: Platform, mainframe, and network ), the following j0ker will introduce the protection mechanisms used in these three categories one by one:
Platform protection and mainframe protection mechanisms:Platform protection is mainly used for protection mechanisms on general operating systems, mainly for software implementation; Mainframe protection is mainly used for protection mechanisms on the mainframe, generally using dedicated security hardware. However, with the development of hardware and software technologies in recent years, the protection technologies used by these two categories are integrated with each other. As the hardware product integration increases and the price decreases greatly, many PCs and workstations have integrated security hardware that was originally used only on the mainframe. In order to reduce manufacturing costs, the mainframe is also implementing more and more protection functions through software, therefore, in cisspofficialguide, platform protection and mainframe protection are not separated, but the protection technologies they use are listed together.
Protection technologies used in these two categories
Trusted Computing base (TCB): TCB is a general term for all components in a computer system that provide protection functions, including hardware, software, firmware, processes, and communication between some processes. It implements security policies through these components. The TCP function is implemented based on its built-in protection mechanism or user input parameters to ensure the implementation of security policies or to meet the corresponding security standards (such as TCSEC ). However, it should be noted that TCB is a definition rather than a specific product. Most operating systems do not fully use all components of TCB, and only use TCB to execute functions, this section describes the reference monitor ).
The design requirements of TCB are as follows:
1. TCB should be executed in a self-owned domain not affected by external interference
2. resources controlled by TCB should be divided into user (subject) and target (object) subsets Based on the Usage relationship.
3. TCB should isolate resources for access control and audit.
Basic functions provided by TCB:
1. Process activation: Provides management functions for registers, file access lists, Process status information, pointers, and other sensitive information when processes are activated/suspended in a multi-processing environment.
2. Perform domain switching: ensure that the processes executed in one domain do not affect other processes in other domains.
3. Memory protection: ensure the security of the memory used by each domain
4. Input/Output operations: the monitoring program performs direct or indirect input/output operations on the device.
Reference monitor ):The RM function controls access to the target by all users in the abstract system according to the definition of the access control database.
Security Kernel ):The security kernel is composed of TCB hardware, software, and firmware plus a reference monitor. We can distinguish the security kernel from the reference monitor in this way: the functionality of the reference Monitor and the security kernel is the same, however, the reference monitor is an abstract model for implementing the access control function, while the security kernel is used for specific implementation in various systems. The security kernel structure is as follows:
To ensure the implementation of security functions, the security kernel must meet the following three requirements:
1. safe nuclear energy governance all access (global)
2. safe nuclear energy protects itself from intentional or accidental modification (isolation)
3. The security kernel can be verified to determine its validity (verifiable)
The three concepts of TCB, RM, and security kernel are quite confusing. cissp is also frequently used to assess the content related to them. You should pay attention to them during review.
Security perimeter ):It is used to isolate resources inside and outside the security kernel. resources outside the security boundary are untrusted. Pay attention to the difference between it and the "Border Security" that has been said in the past two years.
Layering ):Hierarchy refers to the hierarchy of functions and implementations according to certain principles during system design. The lower the hierarchy, the higher the permissions, the operations and data used at each layer do not affect other layers as much as possible. Here we will introduce a technology called data hiding ). In addition, the lower the level of security measures to be deployed, the better the efficiency and control scope of security measures. Therefore, security measures should be deployed at the lowest level of the system, the following is an example of system hierarchy:
TOC/tou protection:During system design, you need to use resource locking to prevent low-permission processes/users from hijacking or modifying privileged users' operations to access sensitive information.
Guard protection ):Systems often need other solutions to provide additional protection. For example, in a database system, apart from the database itself's control over user access permissions, in general, a query Check interface is provided to restrict users from submitting queries that do not comply with security policy requirements.
Process isolation ):The system isolates processes that are executed at the same time to prevent mutual interference between processes. This function is a basic function in modern operating systems.
Least Privilege ):All the permissions in the system are granted with the minimum permissions required for the operation. This can be seen in many other fields. For example, many Intranet users only have the user permission, if you cannot install or modify software on your own machine, the Administrator must intervene to add new software.
Reinforcement (hardening ):Reinforcement improves the security of the system through certain operations and configurations. It does not belong to the system design stage, but to the system deployment and maintenance stage.
These are the security measures that are often used in system design. In addition, security measures are deployed at different levels in the system, it can also be divided into general OS-level protection, application-level protection, storage device protection, and network-level protection. Where:
Operating System-level protection needs to meet the following requirements:
User identification and authentication)
Mandatory Access Control)
Discretionary Access Control)
Complete mediation)
Object reuse Protection)
Audit (Audit)
Protection of audit logs)
Log Filtering)
Trusted Path)
Intrusion Detection)
The protection measures provided at the application level are mainly to protect and filter user input and program output. The guard protection technology mentioned above is also used to provide additional security functions.
Storage Device Protection focuses on protecting the confidentiality and integrity of sensitive information stored on a variety of devices. In recent years, enterprise-level mobile device security and enterprise-level encryption, which have attracted more attention in the security industry, belong to this field.
Network-level protection focuses on the confidentiality and integrity of the information transmission process. The content of this field will be detailed in cissp's other CBK-telecommunications and network security.