Security Architecture and

Models
Security Architecture and Models :
Introduction
Defining the Trusted Computing Base –Rings of Trust
Protection Mechanisms in a Trusted Computing Base

System Security Assurance Concepts

Goals of Security Testing
Formal Security Testing models
Trusted Computer Security Evaluation Critieria.
 INTRODUCTION

The security architecture and models

domain of common body of knowledge
contains the concepts, principles,
structures and standards used to
design,monitor,and secure operating
system,equipment,networks and
applications.
 Trusted Computing Base

TCB : Totality of Protection

Mechanism
 TCB

TCB

All components in the system (Eg) Cpu

Hardware

Intermediary between the software

and hardware
Firmware

It includes Anti virus protection

Software
 TCB
TCB
• TCB includes
• 1.Access Control
• 2. Authorization
• 3.Authentication
• 4.Cryptography
• 5.Firewalls
• 6.Virus Protection
• 7.Data Backup
• Example : Real time Bio scanning
– Password in Biometric
TCB
Security Parameter
Reference Monitor Concepts
Reference Monitor Concepts
 Reference Monitor Concepts
• The Reference Monitor is a software model or
abstract model that mediates all access from any
subject(user or other device) to any object
• Object : Resources data
• Principles-Reference Monitor
• 1.Completeness-Mediate Every Access
• 2. Isolated - isolated from modification by
other system entries
• 3.Verifiable -What its programmed to do
Rings Of Trust
Rings Of Trust
RINGS OF TRUST

• TCB concept is illustrated using

rings of trust.
• The ring model of security was
originally derived from the
concept of execution domains
developed by the
multics(Multiplexed information
and computing service) project.
RINGS OF TRUST cont.

• This figures shows the rings of trust

in the context of a single computer
system.
• Here outer rings contain lower level
of security.
• Inside the inner rings. Systems
requiring higher levels of security are
located.
RINGS OF TRUST CONT.

This model divides the hosts

into rings, based on the
security rating of the services
they provide to the network,
and then uses these rings as
the basis for trust between
hosts.
TCB
 RULES TO CONSTRUCT RINGS OF TRUST IN
NETWORKED SYSTEMS

• Each host trusts those hosts in a more inner ring than

itself.
• No host trusts any host in a more outer ring than itself.
• Each host may trust those hosts in the same ring as itself.
• Where a ring has been segmented into separate
subnetworks, a host in one segment does not trust hosts
in other segments.
Protection Mechanisms in a Trusted Computing Base.

Protection Mechanisms in a Trusted Computing Base.

Protection Mechanism in a TCB
• 1.Process Isolation
• 2.Principle of least Privilege
• 3.Hardware Segmentation
• 4.Layering
• 5.Abstraction
• 6.Data Hiding
Protection Mechanisms in a Trusted Computing
Base
1. Process isolation
Every process has its own address space for storing
data and code of application. Because if process
isolation it is possible to prevent processes from
accessing other process’s data. This will prevent data
leakage and modification in the memory .
2. Principle of least privilege
Every process has least privilege which is required to
access resources to perform its function. This will
prevent data from being exploited.
 Protection Mechanisms in a Trusted Computing Base

3. Hardware segmentation
It relates to the segmentation of memory into protected segments It
prevents user processes from being able to access both another
process’s allocated memory and system memory.
4. Layering
A process operation is divided into number of layers to perform
various function Each layer deals with particular type of action.
5. Abstraction
It is a process of defining a specific set of permissible values as well as
operations for an object This will help in maintain security by ignoring
implementation details.
6. Data hiding (also known as information hiding)
It is process of assuring that information available at one processing
level is not available in another, regardless of whether it is higher or
lower
 Information Storage
• It refers to the parts of a computer system that retain a
physical state for some interval of time ,possibly even after
electrical power to the computer is removed.
• Types used for data or Information Storage
• 1.Primary Storage
• 2.Secondary Storage
• 3.Real Memory
• 4.Virtual Memory
• 5.Random Memory
• 6.Sequential Storage
• 7.Volatile Memory
Information Storage-Primary Memory
• Primary storage: It is the computer’s main
memory that is directly addressable by the
CPU.
• Primary storage is a volatile storage medium
• The content of the physical memory are lost
when the power is removed
 Information Storage-Secondary Memory
• It is Non volatile storage format
• Here Application and system code data can be
stored when system not in use.
• Example: USB drives, Memory sticks and
Tapes.
Information Storage-Real Memory
• Real Memory:
A program has been given a definite storage
location in memory and direct access to a
peripheral device.
This is common with database system that
controls how storage is used outside of the
control of the OS.
Information Storage-Virtual Memory
• Virtual Memory:
• It extends the volume of the primary storage
by using secondary storage to hold the
Memory contents.
• In this way Os can run programs larger than
the available physical Memory
• Virtual Memory swapped in and out of
primary Memory when needed for Processing
 Information Storage-Random
Memory
• Random Memory:
• It is the computer’s Primary Working and
Storage area.
• It is addressable directly by CPU and stores
application or system code in addition to data
 Information Storage-Sequential
• It is the Computer Memory that is accessed
sequentially
• Example: Magnetic Tape
 Information Storage-Volatile Memory
• Volatile Memory:
• It means that there is a complete loss of any
stored information when the power is
removed
 Open System and Closed system
• Open System vs. Closed System
• Closed systems are of a proprietary nature. They
use specific operating systems and hardware to
perform the task and generally lack standard
interfaces to allow connection to other systems
• An open system uses standard interface that
allows connections between different systems
This system gives full access to users.
• 1. Multitasking
• Multitasking is a capability of running multiple
tasks at a time in synchronized way
 Open and Closed System
2. Multiprogramming :
Multiprogramming allows execution of multiple programs.

3. Multiprocessing : Multiprocessing allows simultaneous execution

of two or more programs by more than one processor (CPU)

4..Finite-state machine:
It is a device which stores state of process at a given time. The
operation of finite state machine is based on the input given to the
device. According to the input given, it will change the output or the
state that is already stored. The new state is depending upon the
old state and input
 System Security Awareness Concepts

• 1.Functional Requirements
• 2.Goals of Security Testing
• 3.Formal Security Testing Models
 System Security Assurance Concepts
IT Security System has two types of
requirements:
1) Functional requirements : Describe
what a system should do
2) Assurance requirements : Describe
how functional requirements should
be implemented and tested.
Goals of Security Testing :
• It verifies that the functions designed
to meet a security requirement operate
as expected .
• In addition, it validates that the
implementation of the function is not
flawed or random.
Formal Security Testing Models
Formal Security Testing Models
1. Trusted Computer System Evaluation Criteria
(TCSEC) United States in the early 1980s
2. Information Technology Security Evaluation Criteria
(ITSEC) Europe in 1991 by the European Commission
3. Canadian Trusted Computer Product Evaluation
Criteria (CTCPEC) Canada in early 1993
4. Federal Criteria for Information Technology
Security (FC) United States in early 1993
5. Common Criteria Today’s standard
 Trusted Computer Security Evaluation Criteria

Trusted Computer Security Evaluation Criteria

Division D: Minimal Protection
Division C :Discretionary Protection
Division B :Mandatory Protection
Division A: Verified Protection
The Trusted Network Interpretation of the TCSEC
Trusted Computer System Evaluation Criteria (TCSEC)

• Trusted Computer System Evaluation Criteria (TCSEC) is a

United States Government Department of Defense (DOD)
standard that sets basic requirements for assessing the
effectiveness of computer security controls built into a
computer system.
• This evaluation criterion is published in a book with an
orange cover, which is called appropriately the Orange Book
• The TCSEC was used to evaluate, classify and select
computer systems being considered for the processing,
storage and retrieval of sensitive or classified information.
• TCSEC provides a graded classification of systems that is
divided into hierarchical divisions of security levels
TCSEC provided classes of trust that are roughly equivalent
to objects classifications of unclassified, secret, top secret
and beyond top secret using letters D,C,B,A, respectively.