Information Security Jobs: Security Architecture and Design

By Peter H. Gregory

The concepts in security architecture and design are important to information security professionals and range from abstract security protection models to the design of modern computers and operating systems.

Security protection models

Security models are simple representations of security controls that help people understand methods for implementing security controls, and to better understand controls in an existing system. The models that are cited most often are listed here, with a very brief explanation on how it works:

  • Bell LaPadula: People can read documents at or below their level of security, and write documents at or above their level of security.

  • Biba: People can read documents only at their level of security, and write documents at or above their level of security.

  • Clark-Wilson: A rebuttal to Bell LaPadula and Biba, Clark-Wilson is a somewhat elaborate scheme for creating and protecting sensitive information.

  • Access matrix: A two-dimensional matrix that defines the persons or groups permitted to access specific data or systems.

  • Multilevel: A system will contain information at more than one security level. People can read information at or below their security level.

  • Mandatory access control (MAC): An access manager manages access to information.

  • Discretionary access control (DAC): The owners of individual documents or folders manage access to information.

  • Role-based access control (RBAC): Access is assigned to groups of users instead of individual users.

  • Noninterference: Activities performed by persons at a higher level of security will not interfere with activities performed at lower levels of security.

  • Information flow: Information at specific levels of security are permitted to flow to specific systems or locations.

System evaluation models

Many information systems manage sensitive information or perform sensitive functions. It can be difficult to know what security characteristics should be part of the design of such systems. Thus, several frameworks for the inclusion of security in systems have been developed, including the following:

  • Common criteria: A framework for the specification, implementation, and evaluation of a system against a set of security requirements

  • SEI-CMMI (Software Engineering Institute — Capability Maturity Model Integration): A model for assessing the maturity of an organization’s security practices

  • SSE-CMM (Systems Security Engineering Capability Maturity Model): A model for evaluating an organization’s capability to implement security in a system

Certification and accreditation

Because information systems are constructed to perform important functions, several methodologies are used to evaluate systems for their suitability to perform those functions. These methodologies include the practices of certification and accreditation. These models include the following:

  • DIACAP (Department of Defense Information Assurance Certification and Accreditation): Used to certify and accredit military systems

  • NIACAP (National Information Assurance Certification and Accreditation Process): Used to certify and accredit U.S. national security systems

  • DCID 6/3 (Director of Central Intelligence Directive 6/3): Used to certify and accredit systems in use by the Central Intelligence Agency (CIA)

  • FEDRAMP (Federal Risk and Authorization Management Program): A framework for security assessments, authorization, and continuous monitoring for cloud-based security providers

Computer hardware architecture

Security professionals need to understand how computer hardware functions, so that they can ensure that they are properly protected. Modern computers are made up of the following components:

  • CPU (central processing unit): The component where computer instructions are executed and calculations performed

  • Main storage: The component where information is stored temporarily

  • Secondary storage: The component where information is stored permanently.

  • Bus: The component where data and instructions flow internally among the CPU, main storage, secondary storage, and externally through peripheral devices and communications adaptors.

  • Firmware: Software stored in persistent memory.

  • Communications: Components for external communications, including network adaptors and display adaptors.

  • Security hardware: Components for various security functions, such as a Trusted Platform Module (TPM), which is used to store and generate cryptographic keys, smart card readers, and fingerprint scanners.

Computer operating system

A computer operating system (OS) consists of the set of programs that facilitate the operation of application programs and tools on computer hardware. The components of an OS include the kernel (the core software that communicates with the CPU, memory, and peripheral devices), device drivers (which facilitate the use of bus devices and peripheral devices), and tools (used by administrators to manage resources such as available disk space).

The main functions performed by an operating system are

  • Process management

  • Resource management

  • Access management

  • Event management

  • Communications management

Software threats and countermeasures

Intruders attack software systems to interfere with or take over those systems in many ways. Some of the attack methods, along with their countermeasures, follow:

  • Covert channel attack: A hidden communications channel exists in an existing communications channel, in an attempt to make the hidden communications undetectable. Countermeasures include the use of sniffers, packet analyzers, and intrusion detection systems (IDS) to detect anomalies in communications.

  • State attack: Exploiting a timing flaw in a system. Also known as a race condition, a state attack can be used to gain access to a resource used by another process. Countermeasures include source code scans and reviews to detect such flaws in programs.

  • Side channel attack: Observing a system’s running states to make inferences about activities in the system. An attacker can use this information-gathering method to compromise a system. Countermeasures include logical or physical shielding to thwart observations.

  • Emanation: Electromagnetic radiation (EMR) emitted from a computer system provides valuable information about the system. At times, emanations can include sensitive data that is being processed by a system. Countermeasures include shielding to prevent the emission of EMR.

  • Back door: A feature in a program that gives someone covert access to the program. Back doors can be discovered and exploited by intruders. Programmers with malicious intent can create back doors as a means of illicitly accessing the program. Countermeasures include code reviews to detect back doors and packet analyzers to detect their use.