Research paper
Threat Modeling
A new medium-sized health care facility just opened and you are hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation. Review this weeks readings, conduct your own research, then choose a model to recommend with proper justifications. Items to include (at a minimum) are:
User authentication and credentials with third-party applications
3 common security risks with ratings: low, medium or high
Justification of your threat model (why it was chosen over the other two: compare and contrast)
You will research several threat models as it applies to the health care industry, summarize three models and choose one as a recommendation to the CEO in a summary with a model using UML Diagrams (Do not copy and paste images from the Internet). In your research paper, be sure to discuss the security risks and assign a label of low, medium or high risks and the CEO will make the determination to accept the risks or mitigate them.
Your paper should meet the following requirements:
Be approximately four to six pages in length, not including the required cover page and reference page.
Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
Support your answers with the readings from the course and at least two scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. The UC Library is a great place to find resources.
Be clearly and well-written, concise, and logical, using excellent grammar and style techniques. You are being graded in part on the quality of your writing.
Chapter 8
Principles of Security Models, Design, and Capabilities
Implement and Manage Engineering Processes Using Secure Design Principles
Objects and Subjects
Closed and Open Systems
Techniques for Ensuring Confidentiality, Integrity, and Availability
Controls
Trust and Assurance
overview
Objects and Subjects
Subject often a user
Object a resource
Managing relationship between subject and object is access control
Transitive trust
Closed and Open Systems
Closed system
Proprietary standards
Hard to integrate
Possibly more secure
Open system
Open or industry standards
Easier to integrate
Open source vs. closed source
Techniques for Ensuring Confidentiality, Integrity, and Availability
Confinement
Sandboxing
Bounds
Isolation
Controls
Discretionary access control
Mandatory access control
Rule-based access control
Trust and Assurance
Integrated before and during design
Security must be:
Engineered, implemented, tested, audited, evaluated, certified, and accredited
Trusted system
Security mechanisms work together to provide a secure computing environment
Assurance
Degree of confidence in satisfaction of security needs
Understand the Fundamental Concepts of Security Models
Trusted Computing Base
State Machine Model
Information Flow Model
Noninterference Model
Take-Grant Model
Access Control Matrix
Bell-LaPadula Model
Biba Model
Clark-Wilson Model
Brewer and Nash Model (aka Chinese Wall)
Goguen-Meseguer Model
Sutherland Model
Graham-Denning Model
overview
Trusted Computing Base
Defined in DoD 5200.28 Orange Book
Trusted Computer System Evaluation Criteria (TCSEC)
Security
perimeter
Trusted paths
Reference
Monitor
Security kernel
State Machine Model
Always secure no matter what state it is in
Finite state machine (FSM)
State transition
Secure state machine
The basis for most other security models
Information Flow Model
Based on the state machine model
Prevent unauthorized, insecure, or restricted information flow
Controls flow between security levels
Can be used to manage state transitions
Noninterference Model
Based on information flow model
Separates actions of subjects at different security levels
Composition theories
Cascading
Feedback
Hookup
Take-Grant Model
Dictates how rights can be passed between subjects
Take rule
Grant rule
Create rule
Remove rule
Access Control Matrix
A table of subjects, objects, and access
Columns are ACLs
Rows are capability lists
Can be used in DAC, MAC, or RBAC
Bell-LaPadula Model 1/2
Based on DoD multilevel security policy
Focuses only on confidentiality
Lattice based access control
Simple security property
No read up
* (star) security property
No write down
Discretionary security property
Access control matrix for DAC
Bell-LaPadula Model 2/2
Biba Model 1/2
Based on the inverse of Bell-LaPadula
Focuses only on integrity
Simple integrity property
No read up
* (star) integrity property
No write down
Prevent modification by unauthorized subjects
Prevent unauthorized modifications
Protect internal and external consistency
Biba Model 2/2
Clark-Wilson Model 1/2
Focuses on integrity
Access control triplet
Controls access through an intermediary program or restricted interface
Well-formed transactions
Separation of duties
Clark-Wilson Model 2/2
Constrained data item (CDI)
Any data item whose integrity is protected
Unconstrained data item (UDI)
Any data item that is not controlled/protected
Integrity verification procedure (IVP)
A procedure that scans data items and confirms their integrity
Transformation procedures (TPs)
The only procedures allowed to modify a CDIC
Brewer and Nash Model
(aka Chinese Wall)
Prevents conflicts of interest
Based on dynamic access changes based on user activity
Access to conflicting data is temporarily blocked
Goguen-Meseguer Model
Focuses on integrity
The basis of the noninterference model
Based on a predetermined set/ domain of objects a subject can access
Based on automation theory and domain separation
Sutherland Model
Focuses on integrity
Prevent interference in support of integrity
Defines a set of system states, initial states, and state transitions
Commonly used to prevent covert channels from influencing processes
Graham-Denning Model
Secure management of objects and subjects
Securely create object/subject
Securely delete object/subject
Securely provide read access right
Securely provide grant access right
Securely provide delete access right
Securely provide transfer access right
Select Controls and Countermeasures Based on Systems Security Evaluation Models
Rainbow Series
ITSEC Classes and Required Assurance and Functionality
Common Criteria
Industry and International Security Implementation Guidelines
Certification and Accreditation
overview
Rainbow Series
TCSEC Orange Book
Confidentiality
D, C1, C2, B1, B2, B3, A1
Red Book
Trusted Network Interpretation of TCSEC
Confidentiality and Integrity
None, C1, C2, B2
Green Book
Password management guidelines
ITSEC Classes and Required Assurance and Functionality
Rates functionality (F) and assurance (E)
F-D through F-B3
E0 through E6
Confidentiality, integrity, and availability
Common Criteria
Designed to replace prior systems
ISO 15408
Protection profiles
Security targets
Evaluation Assurance Level (EAL)
Part 1: Introduction and General Model
Part 2: Security Functional Requirements
Part 3: Security Assurance
Industry and International Security Implementation Guidelines
Payment Card Industry Data Security Standards (PCI-DSS)
International Organization for Standardization (ISO)
Certification and Accreditation
Certification
Comprehensive evaluation of security against security requirements
Accreditation
Formal designation by DAA that system meets organizational security needs
Risk Management Framework (RMF)
Committee on National Security Systems Policy (CNSSP)
Phase 1: Definition, 2: Verification, 3: Validation, 4: Post Accreditation
Understand Security Capabilities of Information Systems
Memory Protection
Meltdown and Spectre
Virtualization
Trusted Platform Module
Hardware security module (HSM)
Interfaces
Constrained or restricted
Fault Tolerance
Conclusion
Read the Exam Essentials
Review the Chapter
Perform the Written Labs
Answer the Review Questions
