{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Ditscap defense information technology security

Info iconThis preview shows pages 7–9. Sign up to view the full content.

View Full Document Right Arrow Icon
DITSCAP – Defense Information Technology Security Certification Accreditation Process NIACAP - National Information Assurance Certification Accreditation Process DITSCAP – Defense Information Technology Security Certification Accreditation Process Establishes a standard process, a set activities, general task descriptions and a management structure to certify and accredit system will maintain its required security posture. Four Phases of DITSCAP n Definition – understanding of environment and architecture n Verification – Verify compliance with System Security Authorization (While evolving) n Validation - Validate compliance with System Security Authorization (final) n Post Accreditation – continuing operation NIACAP - National Information Assurance Certification Accreditation Process n Minimum national standards for accrediting national security system n Establishes a standard process, a set activities, general task descriptions and a management structure to certify and accredit system will maintain its required security posture. Three types of NIACAP accreditation n Site accreditation – evaluates application at self contained location n Type accreditation – evaluates application at number of locations n System accreditation - evaluates a major application or support system Information Security Models n Access control models n Integrity Models n Information Flow Models Access Control Models Access Matrix Take-Grant Bell-Lapadula Confidentiality State Machine Access Matrix Straight Forward provides access rights to subjects for objects. n Access Rights – Read, write and execute n Subject – can be a person or a program n Objects – file or storage device n Columns - are called Access Control Lists n Rows - are capability lists n Supports Discretionary Access Control n Triple - Subjects capability is defined by a triple (object, rights, random#) n The random number prevents spoofing Take-Grant Model Uses a directed graph to specify the rights a subject can transfer to an object or take from another subject.
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Bell-Lapadula – confidentiality model n Developed to formalize the US Department of Defense multilevel security policy n Only deals with confidentiality does not deal with integrity or availability n Based on Government Classification – Unclassified, Sensitive But Unclassified (SBU), Confidential, Secret, Top Secret n Must have need to know n A Trusted Subject can violate the *property n Does not address client/server model n Based on State Machine Concept n Starts at secure state and transitions from one state to another. n The initial state must be secure and the transitions result in a secure state Bell-Lapadula Security State Defined by three properties: 1. Simple Security Property (ss Property) – no reading from lower subject to higher object (No Read Up) 2. The * (star) security Property – No writing from higher subject to lower object (No write Down) n Trusted Subject can violate the star property but not its intent n
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}