- Defining Security Principles
- Security Management Planning
- Risk Management and Analysis
- Policies, Standards, Guidelines, and Procedures
- Examining Roles and Responsibility
- Management Responsibility
- Understanding Protection Mechanisms
- Classifying Data
- Employment Policies and Practices
- Managing Change Control
- Security Awareness Training
Understanding Protection Mechanisms
Understand how the various protection mechanisms are used in information security management.
Protection mechanisms are used to enforce layers of trust between security levels of a system. Particular to operating systems, trust levels are used to provide a structured way to compartmentalize data access and create a hierarchical order. These protection mechanisms are used to protect processes and data and are discussed in the following sections:
Most systems use a form of layering as a way to protect system resources. A traditional kernel-based operating system, such as Unix, uses a two-layer approach in which the system resources are managed in a protected kernel and everything else runs in an outer layer known as the user's space. If a process running in the user's space wants to access a protected resource, such as the disk, it makes a request to the kernel layer to perform the action.
Layering is specific to protecting operating system resources and to setting security zones. Systems used for military applications are designed to allow access to classified information based on the protection zone within which they are allowed to run. To do this, the Bell-LaPadula protection model was developed. Using this multilayer system, the different zones are used to keep data classified within a particular zone (see Figure 3.5). Users must have access to the zone to use the data, and the data cannot be moved between zones without special permission. This lattice of rights is also called "no write down" and "no read up." See Chapter 1, "Access Control Systems and Methodology," for more information on the Bell-LaPadula protection mode.
Figure 3.5 The layered zones of the Bell-LaPadula protection module.
Layering is not as common in newer operating systems. Most current operating systems rely on a set of roles and responsibilities that can simulate the layered approach. However, some specialized layered operating systems are still in use in military applications.
Abstraction is a common term in the world of object-oriented design. It is when data is managed as a collection called an object. Objects are usually defined as classes that define the data and the methods that can be used to access the object. Methods provide a predictable way to access the object's data, which allows the entire data within the class to be managed as a unit that can enforce access controls and integrity of the data.
Sometimes access to data should not be providedfor example, data values within an application module that are used for internal calculations. In this case, no access methods are provided as an interface to this data. This is called data hiding because the data is hidden and inaccessible from the other layers.
Cryptography is the science of creating algorithms used to encrypt data for the storage or transmission of data. Encryption uses those algorithms to convert data into an unintelligible form. In basic terms, encryption uses a secret key, a private value, to perform a mathematical function on the data to make it unusable by the casual observer. Traditionally, the same key is required to encrypt and decrypt the data. This is called symmetric encryption.
Public key cryptography is similar except that the mathematical functions can use two different but mathematically related keys. The functions generate two keys: One is kept private, and one can be given out publicly. If someone wants to send you an encrypted file, she encrypts it with your public key. Once encrypted, you can only use the private key to decrypt the message. This is called asymmetric encryption.
Encryption is used in many areas. VPN communications are usually secured using symmetric encryption algorithms, such as the Data Encryption Standard (DES) or Triple-DES. Symmetric algorithms are used in these areas because the connections are well-defined and the exposures to the secret keys are limited.
Asymmetric encryption is used for mechanisms such as secure HTTP and email because of the multiple exposures to the keys. The public keys used in algorithms such as Secure Socket Layer (SSL) and Pretty Good Privacy (PGP) can be passed at will without worrying about compromising the encrypted channels. That can happen only if the secret key is disclosed or stolen.
Creating protection mechanisms using encryption requires several policy issues, including legal, management, and usability issues. If your organization is doing its work for the federal government, you have to consider federal standards mandated for using encryption. Encryption can be a good choice for keeping data secret, a lot of considerations must be made. For more on encryption and other cryptography issues, see Chapter 5.