Skip to content

Chapter 8 Principles of Security Models, Design, and Capabilities

The tyranny of the default

Tyranny in this sentence means a rigorous condition imposed by some outside agency or force (attributed to American historian Dixon Wecter)

Zero trust means nothing inside the organization is automatically trusted.

Seven foundatinal principles of the Privacy by Design (PbD) framework

  • Proactive not reactive; preventive not remedial
  • Privacy as the default
  • Privacy embedded into design
  • Full functionality - positive-sum, not zero-sum
  • End-to-end security - full lifecycle protection
  • Visibility and transparency
  • Respect for user privacy

Several security models

Security models provide a way to formalize sercurity policies. - Trusted computing base - State machine model - Information flow model - Noninterference model - Take-grant model - Access control matrix - Bell-LaPadula model - Biba model - Clark-Wilson model - Brewer and Nash model - Goguen-Meseguer model - Sutherland model - Graham-Denning model - Harrison-Ruzzo-Ullman model - Object-capability model - Lipner's model - Boebert and Kain integrity model - Two-compartment exchange model - Gong's JDK security model - Lee-Shockley model - Jueneman model

Written Lab

  1. Name at least seven security models and the primary security benefit of using each.

  2. Describe the primary components of TCB.

    TCB stands for trusted computing base. The TCB is a combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy.

  3. What are the two primary rules or principles of the Bell-LaPadula security model? Also, what are the two rules of Biba?

    Bell-LaPadula: the simple rule of no read-up and the star rule of no write-down.

    Biba: the simple rule of no read-down and the star rule of no write-up.

  4. What is the difference between open and closed systems and open and closed source?

    An open system is one with published APIs that allows third parties to develop products to interact with it.

    A closed system is one that is proprietary with no third-party product support.

    Open source is a coding stance that allows others to view the source code of a program.

    Closed source is an opposing coding stance that keeps source code confidential.

  5. Name at least four design principles and describe them.

    1. Secure Defaults
    2. Fail Securely
    3. Keep it (Stupid) Simple / KISS
    4. Zero Trust
    5. Privacy by Design (PbD)
    6. Trust but verify
    7. Threat modeling
    8. Defense in depth
    9. Least privilege
    10. Separation of duties
    11. Shared responsibility