|
System architecture
TCB - Trusted Computing Base:
Is defined as the total combination of protection mechanisms within a computer system. Includes hardware, software and firmware.
Originated from the Orange Book.
The Orange Book defines a trusted system as hardware and software that utilize measures to protect the integrity of unclassified or classified data for a range of users without violating access rights and the security policy. It looks at all protection mechanisms within a system to enforce the security policy and provide an environment that will behave in a manner expected of it.
Security perimeter:
Defined as resources that fall outside of TCB.
Communication between trusted components and untrusted components needs to be controlled to ensure that confidential information does not flow in an unintended way.
Reference monitor:
Is an abstract machine, which mediates all access subjects have to objects to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification.
Is an access control concept, not an actual physical component.
Security kernel:
Is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept.
Is the core of the TCB and is the most commonly used approach to building trusted computing systems.
Three requirements:
- It must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof.
- The reference monitor must be invoked for every access attempt and must be impossible to circumvent. Thus, the reference monitor must be implemented in a complete and foolproof way.
- It must be small enough to be able to be tested and verified in a complete and comprehensive manner.
Domains:
Defined as a set of objects that a subject is able to access.
Execution Domain - A program that resides in a privileged domain needs to be able to execute its instructions and process its data with the assurance that programs in a different domain cannot negatively affect its environment.
Security Domain - Has a direct correlation to the protection ring that a subject or object is assigned to. The lower the protection ring number, the higher the privilege and the larger the security domain.
Resource isolation:
Hardware segmentation - Memory is separated physically instead of just logically.
|
|
