This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: TECH 7350 Managing Information Security The Graduate School of Management at the University of Dallas TECH 7350 MANAGING INFORMATION MANAGING INFORMATION SECURITY SECURITY Sandra Blanke, Ph.D., CISSP The Graduate School of Management at the University of Dallas Unit 4 Chapter 5 Unit 4 Chapter 5 Part 3 Part 3 Product Evaluations Product Evaluations 2 Covert Channels A covert channel is a way for an entity to receive information in an unauthorized manner. This information path was not developed for communications The system does not protect this path, because developers never intended for information to pass this way This channel is one of the following issues: Oversight in the product development Improper implementation of access controls Existence of a shared resource between two entities Installation of a Trojan horse 3 Overt Channel Channel of communication that was developed specifically for communications purposes Processes should be communicating through overt channels and not covert channels TECH 7350 Managing Information Security The Graduate School of Management at the University of Dallas 4 Noninterference Model Concept that is implemented to ensure that any actions that take place at a higher level of security do not affect or interfere with the flow of data If a higher security level performs an action, it cannot change the state for the entity at the lower level Users at a lower security level should not be aware of the commands executed by users at a higher level and should not be affected by those commands The purpose of the noninterference model is to address covert channels and inference attacks The model looks at the users of a system and tries to identify how information can be passed from a process working at a higher level of security to a process working at a lower level of security clearance An inference attack occurs when someone has access to information and can infer (or guess) something that he does not have the clearance level to know) 5 A lattice model is a mathematical construct that is built upon the idea of a group. A structure consisting of a finite partially ordered set together with least upper and greatest lower bound operators on the set Lattice Model 6 Security Modes of Operation Security Modes of Operation describes the security conditions under which the system actually functions These modes are used in MAC systems which hold one or more classifications of data Four security modes of operations a system can be developed and configured in: (1) Dedicated Security Mode All users have the clearance and formal need-to-know to all data processed within the system....
View Full Document
This note was uploaded on 02/20/2011 for the course TECH 7350 taught by Professor Lee during the Spring '11 term at University of Arkansas for Medical Sciences.
- Spring '11