Security Architecture and Design

Concepts, Principles, Structures, and Standards used to Design, Monitor, and Secure Operating Systems, Equipment, Networks, and Applications. Control of Availability, Integrity, and Confidentiality

  • Trusted Computing Base (TCB)
    • The totality of the Protection Mechanism of Computer System (Hardware, Firmware, Software, etc..)
    • Enforce via Security Policy over a product or system
    • A system mediates accesses to objects by subjects
    • A trusted system must meet the object’s requirements for Reliability, Security, and Effectiveness
    • Mandatory Access Control (MAC) – National Security
  • Concept of Rings of Trust.
    • Outer rings = Lower level of Security, and Inner = Higher.
  • Distinguish Protection Mechanisms used in a TCB
  • Purposes of Security Assurance Testing
  • Trusted Computer Security Evaluation Criteria (TCSEC) for software evaluations
  • Trusted Network Interpretation of the TCSEC
  • Role of the Federal Criteria for Information Technology Security
  • Common Criteria for Information Security Evaluation
  • Principles behind Confidentiality and Integrity models, and their Role in Security Architectures