All-in-1 / CISSP All-in-One Exam Guide, Fourth Edition / Harris / 787-0 CHAPTER Security Architecture 5 and Design This chapter presents the following: • Computer hardware architecture • Operating system architectures • Trusted computing base and security mechanisms • Protection mechanisms within an operating system • Various security models • Assurance evaluation criteria and ratings • Certification and accreditation processes • Attack types Computer and information security covers many areas within an enterprise. Each area has security vulnerabilities and, hopefully, some corresponding countermeasures that raise the security level and provide better protection. Not understanding the different areas and se- curity levels of network devices, operating systems, hardware, protocols, and applications can cause security vulnerabilities that can affect the environment as a whole. Two fundamental concepts in computer and information security are the security policy and security model. A security policy is a statement that outlines how entities ac- cess each other, what operations different entities can carry out, what level of protection is required for a system or software product, and what actions should be taken when these requirements are not met. The policy outlines the expectations that the hardware and software must meet to be considered in compliance. A security model outlines the requirements necessary to properly support and implement a certain security policy. If a security policy dictates that all users must be identified, authenticated, and authorized before accessing network resources, the security model might lay out an access control matrix that should be constructed so it fulfills the requirements of the security policy. If a security policy states that no one from a lower security level should be able to view or modify information at a higher security level, the supporting security model will outline the necessary logic and rules that need to be implemented to ensure that under no cir- cumstances can a lower-level subject access a higher-level object in an unauthorized 279 cch05.inddh05.indd 227979 110/5/20070/5/2007 111:51:431:51:43 AAMM All-in-1 / CISSP All-in-One Exam Guide, Fourth Edition / Harris / 787-0 CISSP All-in-One Exam Guide 280 manner. A security model provides a deeper explanation of how a computer operating system should be developed to properly support a specific security policy. NNOTEOTE Individual systems and devices can have their own security policies. These are not the organizational security policies that contain management’s directives. The systems’ security policies, and the models they use, should enforce the higher-level organizational security policy that is in place. A system policy dictates the level of security that should be provided by the individual device or operating system. Computer security can be a slippery term because it means different things to differ- ent people. Many aspects of a system can be secured, and security can happen at various levels and to varying degrees. As stated in previous chapters, information security con- sists of the following main attributes: • Availability Prevention of loss of, or loss of access to, data and resources • Integrity Prevention of unauthorized modification of data and resources • Confidentiality Prevention of unauthorized disclosure of data and resources These main attributes branch off into more granular security attributes, such as authenticity, accountability, nonrepudiation, and dependability. How does a company know which of these it needs, to what degree they are needed, and whether the operat- ing systems and applications they use actually provide these features and protection? These questions get much more complex as one looks deeper into the questions and products themselves. Companies are not just concerned about e-mail messages being encrypted as they pass through the Internet. They are also concerned about the confi- dential data stored in their databases, the security of their web farms that are connected directly to the Internet, the integrity of data-entry values going into applications that process business-oriented information, internal users sharing trade secrets, external at- tackers bringing down servers and affecting productivity, viruses spreading, the internal consistency of data warehouses, and much more. These issues not only affect productivity and profitability, but also raise legal and liability issues with regard to securing data. Companies, and the management that runs them, can be held accountable if any one of the many issues previously mentioned goes wrong. So it is, or at least it should be, very important for companies to know what security they need and how to be properly assured that the protection is actually being provided by the products they purchase. Many of these security issues must be thought through before and during the design and architectural phase for a product. Security is best if it is designed and built into the foundation of operating systems and applications and not added as an afterthought. Once security is integrated as an important part of the design, it has to be engineered, implemented, tested, audited, evaluated, certified, and accredited. The security that a product provides must be rated on the availability, integrity, and confidentiality it claims to provide. Consumers then use these ratings to determine if specific products cch05.inddh05.indd 228080 110/5/20070/5/2007 111:51:561:51:56 AAMM All-in-1 / CISSP All-in-One Exam Guide, Fourth Edition / Harris / 787-0 Chapter 5: Security Architecture and Design 281 provide the level of security they require. This is a long road, with many entities in- volved with different responsibilities. This chapter takes you from the steps that are necessary before actually developing an operating system to how these systems are evaluated and rated by governments and other agencies, and what these ratings actually mean. However, before we dive into these concepts, it is important to understand how the basic elements of a computer system work. These elements are the pieces that make up any computer’s architecture. Computer Architecture Put the processor over there by the plant, the memory by the window, and the secondary storage upstairs. Computer architecture encompasses all of the parts of a computer system that are necessary for it to function, including the operating system, memory chips, logic cir- cuits, storage devices, input and output devices, security components, buses, and net- working components. The interrelationships and internal working of all of these parts can be quite complex, and making them work together in a secure fashion consists of complicated methods and mechanisms. Thank goodness for the smart people who figured this stuff out! Now it is up to us to learn how they did it and why. The more you understand how these different pieces work and process data, the more you will understand how vulnerabilities actually occur and how countermeasures work to impede and hinder vulnerabilities from being introduced, found, and exploited. NNOTEOTE This chapter interweaves the hardware and operating system architectures and their components to show you how they work together. The Central Processing Unit The CPU seems complex. How does it work? Response: Black magic. It uses eye of bat, tongue of goat, and some transistors. The central processing unit (CPU) is the brain of a computer. In the most general description possible, it fetches instructions from memory and executes them. Although a CPU is a piece of hardware, it has its own instruction sets (provided by the operating system) that are necessary to carry out its tasks. Each CPU type has a specific architec- ture and set of instructions that it can carry out. The operating system must be designed to work within this CPU architecture. This is why one operating system may work on a Pentium processor but not on a SPARC processor. NNOTEOTE Scalable Processor Architecture (SPARC) is a type of Reduced Instruction Set Computing (RISC) chip developed by Sun Microsystems. SunOS, Solaris, and some Unix operating systems have been developed to work on this type of processor. cch05.inddh05.indd 228181 110/5/20070/5/2007 111:51:571:51:57 AAMM All-in-1 / CISSP All-in-One Exam Guide, Fourth Edition / Harris / 787-0 CISSP All-in-One Exam Guide 282 The chips within the CPU cover only a couple of square inches, but contain over 40 million transistors. All operations within the CPU are performed by electrical signals at different voltages in different combinations, and each transistor holds this voltage, which represents 0s and 1s to the computer. The CPU contains registers that point to memory locations that contain the next instructions to be executed and that enable the CPU to keep status information of the data that need to be processed. A register is a temporary storage location. Accessing memory to get information on what instructions and data must be executed is a much slower process than accessing a register, which is a component of the CPU itself. So when the CPU is done with one task, it asks the reg- isters, “Okay, what do I have to do now?” And the registers hold the information that tells the CPU what its next job is. The actual execution of the instructions is done by the arithmetic logic unit (ALU). The ALU performs mathematical functions and logical operations on data. The ALU can be thought of as the brain of the CPU, and the CPU as the brain of the computer. Software holds its instructions and data in memory. When action needs to take place on the data, the instructions and data memory addresses are passed to the CPU registers, as shown in Figure 5-1. When the control unit indicates that the CPU can process them, the instructions and data memory addresses are passed to the CPU for actual processing, number crunching, and data manipulation. The results are sent back to the requesting process’s memory address.