Fundamental Concepts of Data Security: Security Systems 2 Notes

Security Models:

 What are a security models and how does it differ from a security
policy
o Security models specify the conditions that must be in place
to properly support and implement a policy
 Why: Security is effective if it is inbuilt in the operating system and
application rather than an add-on the security model provides a
detailed set of instructions on how the software needs to develop to
support a chosen set of security policies
 How: Maps the abstract goals of the policy to information system
terms by specifying explicit data structures and techniques
necessary to enforce the security policy
 Who: Typical elements in a security model
o Subjects, objects, states/conditions
o Access methods
o Rules

State Machine Model:

 State machine model uses states as the name suggest describing

the working of the system
 The approach requires that all starting states, transitions and end
states be identified to ensure that the system is safe the goal is to
have the system secure in all states
 If the system security is compromised and the problem cannot be
handled the system needs to take an action to prevent further
vulnerability

Bell-LaPadula Model:

 Security goal to address: confidentiality

 Developed by the US government with aim of securing computer
system handling classified information
 Bell-LaPadula provides multilevel security based on a mathematical
model to formally describe a state machine and the associated
access conditions
 The multilevel security allows for users of varying level of security
clearance in which the trust level determines the rules applied in the
processing
 Uses a lattice of security levels
o Subject: clearance level
 o Object: classification level

 Three rules
o Rule 1: no read up that a subject at a given security level
cannot read data that resides at a higher security level
o Rule 2: no write down that a subject at a given security level
cannot write information to a lower security level
o Rule 3: for a subject to be able to read and write to an object
the clearance and classification must be equal

Biba Model:

 The biba model is like the Bell-LaPadula model and is aimed at the
handling with the issue of integrity of data within applications
 The aim of integrity based models is to prevent unauthorised
access, Illegal modifications and maintain consistency
 Unlime the bell lapadula model it uses a lattice of integrity levels
 Three rules
o Rule 1: no write up a subject cannot write data to an object at
a higher integrity level
o Rule 2: no read down a subject cannot read data from an
object at a lower integrity level
o Rule3: service request rule a subject cannot request service
(invoke) to subjects of higher integrity
o Valid for users applications processes

Clark Wilson Model:

 3 goals of integrity models

o Prevent unauthorized users from making modification
o Prevent authorized user from making improper modifcations
(separation of duties)
o Maintain internal and external consistency
o Biba only addresses the first goal
o Clark Wilson address all goals
 Five elements in the model
o Users
o Transformation procedures (TPs)
o Constrained data items (CDIs)
o Unconstrained data items (UDIs)
o Integrity verification procedures (IVPSs)
Securing Data:

 Data backup
o Backup technologies
o Frequency of backup
 Secure data erasure
 Data masking
o Masking techniques
o Static vs dynamic

Data backup:

 Why backup?
 Backup vs archive
o Backup is regularly
o Archive is long-term
 Backup technologies
o Local backup
 Takes more media
 User may have to be relied to do their own backups
 Less bandwidth taken
 HDD, Tape, CD, DVD
o Server backup
 Back up data on local or centralized server
 The local file sever stores most or all of the data of the
enterprise
 Data made available to clients via the lan using common
IP network protocols
 Backup applications protect data on the local server by
making copies of the data directly to the local backup
system
 Cons
 Takes more badwith
 User must copy data to server
 Limited data growth
 o Enterprise backup
 Enterprise-wide network clients automatically move
backup data via a network to a backup drive connected
to a backup server
 Automated libraries with multiple backup drives allow
multiple backup streams to be received from multiple
clients in parallel
 Backup clients are deployed on every system or
workstation and send data on a schedule
 Cons
 More bandwith
 More expensive
 Still limited with data growth
o Serverless backup
 Data is moved via a separate backup network or fibre
cannel SAN directly from disk to tape
 Only the main server is connected to these fast and
expensive networks
 Workstations are connected via the TCP/IP network and
data is written from the client directly to a tape
 A server must be involved in initating and controlling the
data moving over the SAN
 Cons
 Very expensive

Backup types:

 Full backup
o Everything except swap files
o Not very efficient with media or time
o Usually performed weekly
 Differential backup
o Only files modified since last full backup
o Archive bits must exist for each file and directory
 Incremental backup
o All the files that have changed since the last full or
incremental backup and sets the archive bit to 0
o Usually performed daily
o More efficient on network traffic, time and media
What to backup:

 Data files
 Domain or tree databases
 Domain controller registries
 Don’t bother with
o Program files
o Temp files
o Non critical files
o Seldom changed files

Rotation:

 Retention period
o How far back do you want to keep
 Minimum rotation
o Two media sets rotate on each backup
 Light security rotation
o Four media sets labelled mon wed fri 1 fri 2 starting on the
first Friday a full backup is done to fri 1 and then stored off
site
 Medium security rotation
o Daily backup with rotating sets
o Weekly backup with rotating sets

Offsite storage and vaulting

 Electronic vaulting: backup via third party

 It is regular and automatic
 Specialised centres against computing and physical disaster
 24x7 monitoring and user support
 Issues
o Who has access
o Speed
o Natural disaster protection
o Intrusion detection/security
o Encryption/transfer
o Guarantees
Backup Issues:

 Size needed
 Speed needed
 Cost
 Automation
 Software conflicts
 Backup software compatibility
 Locked or open files
 Tape life
 Topology
 Always perform data verification

Secure Data Erasure:

 Why?
o Confidentiality issues
o Media flow in/out of organisation
 Key
o Information classification
o Media types
 Software based
 Hardware based
 Verifiable

Should I pretend to flip it and leabe it on heads