ebook img

Computer security PDF

32 Pages·2001·1.8 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Computer security

NIST Special Publication 800-33 Underlying Technical Models for Information Technology Security Nisr National Institute of Standards Recommendations of the National and Technology Institute of Standards and Technology Technology Administration U.S. Department of Commerce Gary Stoneburner COMPUTER SECURITY rhe National Institute of Standards and Technology was established in 1988 by Congress to "assist industry in the developmentoftechnology neededtoimprove productquality,tomodernizemanufacturingprocesses, . . . to ensure product reliability . . . and to facilitate rapid commercialization ... ofproducts based on new scientific discoveries." NIST, originally founded as the National Bureau of Standards in 1901, works to strengthen U.S. industry's competitiveness; advance science and engineering; and improve public health, safety, and the environment. One of the agency's basic functions is to develop, maintain, and retain custody of the national standards of measurement, and provide the means and methods for comparing standards used in science, engineering, manufacturing, commerce, industry, and education with the standards adopted or recognized by the Federal Government. As an agency of the U.S. Commerce Department's Technology Administration, NIST conducts basic and applied research in the physical sciences and engineering, and develops measurement techniques, test methods, standards, and related services. The Institute does generic and precompetitive work on new and advanced technologies. NIST's research facilities are located at Gaithersburg, MD 20899, and at Boulder, CO 80303. Major technical operating units and their principal activities are listed below. For more information contact the Publications cind Program Inquiries Desk, 301-975-3058. Office of the Director Chemical Science and Technology • National Quality Program Laboratory • International and Academic Affairs • Biotechnology • Physical and Chemical Properties^ Technology Services • Analytical Chemistry • Standards Services • Process Measurements • Technology Partnerships • Surface and Microanalysis Science • Measurement Services Physics Laboratory • Information Services • Electron and Optical Physics Advanced Technology Program • Atomic Physics • Economic Assessment • Optical Technology • Information Technology and Applications • Ionizing Radiation • Chemistry and Life Sciences • Time and Frequency' • Materials and Manufacturing Technology • Quantum Physics' • Electronics and Photonics Technology Manufacturing Engineering Laboratory Manufacturing Extension Partnership Program • Precision Engineering • Manufacturing Metrology • Regional Programs • Intelligent Systems • National Programs • Fabrication Technology • Program Development • Manufacturing Systems Integration Electronics and Electrical Engineering Building and Fire Research Laboratory Laboratory • Microelectronics • Applied Economics • Law Enforcement Standards • Structures • Electricity • Building Materials • Semiconductor Electronics • Building Environment • Radio-Frequency Technology' • Fire Safety Engineering • Electromagnetic Technology' • Fire Science • Optoelectronics' Information Technology Laboratory Materials Science and Engineering • Mathematical and Computational Sciences^ Laboratory • Advanced Network Technologies • Intelligent Processing of Materials • Computer Security • Ceramics • Information Access • Materials Reliability' • Convergent Information Systems • Polymers • Information Services and Computing • Metallurgy • Software Diagnostics and Conformance Testing • NIST Center for Neutron Research • Statistical Engineering CO 'At Boulder, 80303. ^Some elements at Boulder, CO. NisT Special Publication 800 33 Underlying Technical Models for Information Technology Security Recommendation ofthe National Institute of Standards and Technology Gary Stonebumer COMPUTER SECURITY Computer Security Division Information Technology Laboratory National Institute ofStandards and Technology MD Gaithersburg, 20899-8930 December 2001 U.S. Department ofCommerce DonaldL. Evans, Secretary Technology Administration PhillipJ. Bond, UnderSecretaryofCommercefor Technology National Institute ofStandards and Technology Arden L. Bement, Jr., Director Reports on Information Security Technology The Information Technology Laboratory (ITL) at the National Institute ofStandards and Technology (NIST) promotes the U.S. economy and public welfare byproviding technical leadership fortheNation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL's research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. Certain commercial entities, equipment, ormaterials maybe identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsementby the National Institute ofStandards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. National Institute ofStandards and Technology Special Publication 800-33 Natl. Inst. Stand. Technol. Spec. Publ. 800-33, 27 pages (December 2001) CODEN: NSPUE2 GOVERNMENT PRINTING OFFICE U.S. WASHINGTON: 2001 For sale by the Superintenden—t ofDocuments, U.S. Gove—rnment Printing Office Internet: bookstore.gpo.gov Phone: (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001 Table of Contents 1.0 Introduction 1 2.0 Security Goal and Objectives 2 3.0 Security Services Model 5 3.1 Service Definitions 6 3.2 Achieving Security Objectives 7 4.0 Implementing Security Objectives - Distributed Systems 13 4.1 Distributed Security Services 13 4.2 Security Domains 15 4.3 Network Views 16 5.0 Risk Management 18 6.0 Definitions 20 APPENDIX A: References 24 Table ofFigures Figure 2-1 Security Objective Dependencies 3 Figure 3-1 Security Services Model 5 Figure 3.2-1 Primary Availability Services 8 Figure 3.2-2 Primary Integrity Services 9 Figure 3.2-3 Primary Confidentiality Services 10 Figure 3.2-4 Primary Accountability Services 11 Figure 3.2-5 Primary Assurance Services 12 Figure 4.1-1 Distributed Security Services 13 Figure 4.2-1 Overlapping Security Domains 15 Figure 4.3-1 Distributed Intranet 16 Figure 4.3-2 Compartmented Intranet 16 Figure 4.3-3 "External" Transactions 17 Figure 4.3-4 Detect and Contain 17 Figure 5-1 Basics ofRisk Mitigation - "Attacks" 18 Figure 5-2 Basics ofRisk Mitigation - Errors/Mistakes 19 1.0 Introduction Authority This document has been developed by NIST in furtherance ofits statutory responsibihties (under the Computer Security Act of 1987 and the Information Technology Management Reform Act of 1996, specifically 15 U.S.C. 278 g-3(a)(5)). This is not a guideline within the meaning of(15 U.S.C. 278 g-3 (a)(3)). This document is recommended for use by Federal organizations which process sensitive 0MB information,' and is consistent with the requirements of Circular A-130, Appendix m. The recommendations herein are not mandatory and binding standards. This document may be used by non-governmental organizations on a voluntary basis. It is not subject to copyright. Nothing in this document should be taken to contradict standards and guidelines made mandatory and binding upon Federal agencies by the Secretary ofCommerce under his statutory authority. Nor should these recommendations be interpreted as altering or superseding the existing authorities ofthe Secretary ofCommerce, the Director ofthe Office ofManagement and Budget, or any other Federal official. Purpose The purpose ofthis document is to provide a description ofthe technical foundations, termed "models," that underlie secure information technology (IT). The intent is to provide, in a concise form, the models that should be considered in the design and development oftechnical security capabilities. These models encompass lessons learned, good practices, and specific technical considerations. Audience The intended audience consists ofboth government and private sectors including: IT users desiring a better understanding ofsystem security, Engineers and architects designing/building security capabilities, and Those developing guidance for others to use in implementing security capabilities. ' The Computer Security Act defines the term "sensitive information" as: any information, the loss, misuse, or unauthorizedaccess to ormodification ofwhich couldadverselyaffectthe national interestorthe conductof Federalprograms, or theprivacy to which individuals are entitledundersection 552a oftitle 5, UnitedStates Code (thePrivacyAct), but which has notbeen specifically authorizedundercriteria establishedby an Executive Order oran ActofCongress to be keptsecretin the interestofnationaldefense orforeignpolicy. SP 800-33 Page 1 December 2001 2.0 Security Goal and Objectives Security Goal The goal ofinformation technology security is to: Enable an organization to meet all ofits mission/business objectives by implementing systems with due care consideration ofIT-related risks to the organization, its partners and customers. Security Objectives The security goal can be met through the following security objectives: 1. Availability (ofsystems and data for intended use only) Availability is a requirement intended to assure that systems work promptly and service is not denied to authorized users. This objective protects against: • hitentional or accidental attempts to either: - perform unauthorized deletion ofdata, or - otherwise cause a denial ofservice or data. • Attempts to use system or data for unauthorized purposes Availability is frequently an organization's foremost security objective. 2. Integrity (ofsystem and data) hitegrity has two facets: • Data integrity (the property that data has not been altered in an unauthorized manner while in storage, during processing, or while in transit), or • System integrity (the quality that a system has when performing the intended function in an unimpaired manner, free from unauthorized manipulation). Integrity is commonly an organization's most important security objective after availability. 3. Confidentiality (ofdata and system information) Confidentiality is the requirement that private or confidential information not be disclosed to unauthorized individuals. Confidentiality protection applies to data in storage, during processing, and while in transit. For many organizations, confidentiality is frequently behind availability and integrity in terms ofimportance. Yet for some systems and for specific types ofdata in most systems (e.g., authenticators), confidentiality is extremely important. SP 800-33 Page 2 December 2001 J 4. Accountability (to the individual level) Accountability is the requirement that actions ofan entity may be traced uniquely to that entity. Accountability is often an organizational policy requirement and directly supports non- repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. 5. Assurance (that the other four objectives have been adequately met) Assurance is the basis for confidence that the security measures, both technical and operational, work as intended to protect the system and the information it processes. The other four security objectives (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation when: • required functionality is present and correctly implemented, • there is sufficient protection against unintentional errors (by users or software), and • there is sufficient resistance to intentional penetration or by-pass. Assurance is essential; without it the other objectives are not met. However, assurance is a continuum; the amount ofassurance needed varies between systems. Security Objective hiterdependencies The five security objectives are interdependent. Achieving one objective without consideration ofthe others is seldom possible. This is depicted in Figure 2-1 and discussed below. (confidentiality ( Integrity ) t ( Integrity ) (confidentiality ( Availability ^ (Accountability^ > A ^ ^ (confidentiality ( Integrity ) (confidentiality ( Integrity ^ I c Assurance Figure 2-1 Security Objective Dependencies SP 800-33 Page 3 December 2001 The Figure 2-1 shows the following dependencies: Confidentiality is dependent on Integrity, in that ifthe integrity ofthe system is lost, then there is no longer a reasonable expectation that the confidentiality mechanisms are still valid. Integrity is dependent on Confidentiality, in that ifthe confidentiality ofcertain information is lost (e.g., the superuser password), then the integrity mechanisms are likely to be by-passed. AvailabiUty and Accountability are dependent on Confidentiality and Integrity, in that: • ifconfidentiality is lost for certain informadon (e.g., superuser password), the mechanisms implementing these objectives are easily by-passable; and • ifsystem integrity is lost, then confidence in the validity ofthe mechanisms implementing these objectives is also lost. All ofthese objectives are interdependent with Assurance. When designing a system, an architect or engineer establishes an assurance level as a target. This target is achieved by both defining and meeting the functionality requirements in each ofthe other four objectives and doing so with sufficient "quality." Assurance highlights the fact that for a system to be secure, it must not only provide the intended functionality, but also ensure that undesired actions do not occur. SP 800-33 Page 4 December 2001

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.