+1 (208) 254-6996 [email protected]
  

By the end of this week, you should be able to:

  • Describe threat modeling
  • Identify several security models
  • Explain public key infrastructure

Threat Modeling

Don't use plagiarized sources. Get Your Custom Essay on
Threat Modeling
Just from $13/Page
Order Essay

A new medium-sized health care facility just opened and you are hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation. Review this week’s readings, conduct your own research, then choose a model to recommend with proper justifications. Items to include (at a minimum) are:

  • User authentication and credentials with third-party applications
  • 3 common security risks with ratings: low, medium or high
  • Justification of your threat model (why it was chosen over the other two: compare and contrast)

You will research several threat models as it applies to the health care industry, summarize three models and choose one as a recommendation to the CEO in a summary with a model using UML Diagrams (Do not copy and paste images from the Internet). In your research paper, be sure to discuss the security risks and assign a label of low, medium or high risks and the CEO will make the determination to accept the risks or mitigate them.

Your paper should meet the following requirements:

  • Be approximately four to six pages in length, not including the required cover page and reference page.
  • Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
  • Support your answers with the readings from the course and at least two scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. The UC Library is a great place to find resources.
  • Be clearly and well-written, concise, and logical, using excellent grammar and style techniques. You are being graded in part on the quality of your writing.

Chapter 8 Principles of Security Models, Design, and Capabilities

Implement and Manage Engineering Processes Using Secure Design Principles

Objects and Subjects

Closed and Open Systems

Techniques for Ensuring Confidentiality, Integrity, and Availability

Controls

Trust and Assurance

overview

Objects and Subjects

Subject – often a user

Object – a resource

Managing relationship between subject and object is access control

Transitive trust

Closed and Open Systems

Closed system

Proprietary standards

Hard to integrate

Possibly more secure

Open system

Open or industry standards

Easier to integrate

Open source vs. closed source

Techniques for Ensuring Confidentiality, Integrity, and Availability

Confinement

Sandboxing

Bounds

Isolation

Controls

Discretionary access control

Mandatory access control

Rule-based access control

Trust and Assurance

Integrated before and during design

Security must be:

Engineered, implemented, tested, audited, evaluated, certified, and accredited

Trusted system

Security mechanisms work together to provide a secure computing environment

Assurance

Degree of confidence in satisfaction of security needs

Understand the Fundamental Concepts of Security Models

Trusted Computing Base

State Machine Model

Information Flow Model

Noninterference Model

Take-Grant Model

Access Control Matrix

Bell-LaPadula Model

Biba Model

Clark-Wilson Model

Brewer and Nash Model (aka Chinese Wall)

Goguen-Meseguer Model

Sutherland Model

Graham-Denning Model

overview

Trusted Computing Base

Defined in DoD 5200.28 Orange Book

Trusted Computer System Evaluation Criteria (TCSEC)

Security perimeter

Trusted paths

Reference

Monitor

Security kernel

State Machine Model

Always secure no matter what state it is in

Finite state machine (FSM)

State transition

Secure state machine

The basis for most other security models

Information Flow Model

Based on the state machine model

Prevent unauthorized, insecure, or restricted information flow

Controls flow between security levels

Can be used to manage state transitions

Noninterference Model

Based on information flow model

Separates actions of subjects at different security levels

Composition theories

Cascading

Feedback

Hookup

Take-Grant Model

Dictates how rights can be passed between subjects

Take rule

Grant rule

Create rule

Remove rule

Access Control Matrix

A table of subjects, objects, and access

Columns are ACLs

Rows are capability lists

Can be used in DAC, MAC, or RBAC

Bell-LaPadula Model 1/2

Based on DoD multilevel security policy

Focuses only on confidentiality

Lattice based access control

Simple security property

No read up

* (star) security property

No write down

Discretionary security property

Access control matrix for DAC

Bell-LaPadula Model 2/2

Biba Model 1/2

Based on the inverse of Bell-LaPadula

Focuses only on integrity

Simple integrity property

No read up

* (star) integrity property

No write down

Prevent modification by unauthorized subjects

Prevent unauthorized modifications

Protect internal and external consistency

Biba Model 2/2

Clark-Wilson Model 1/2

Focuses on integrity

Access control triplet

Controls access through an intermediary program or restricted interface

Well-formed transactions

Separation of duties

Clark-Wilson Model 2/2

Constrained data item (CDI)

Any data item whose integrity is protected

Unconstrained data item (UDI)

Any data item that is not controlled/protected

Integrity verification procedure (IVP)

A procedure that scans data items and confirms their integrity

Transformation procedures (TPs)

The only procedures allowed to modify a CDIC

Brewer and Nash Model (aka Chinese Wall)

Prevents conflicts of interest

Based on dynamic access changes based on user activity

Access to conflicting data is temporarily blocked

Goguen-Meseguer Model

Focuses on integrity

The basis of the noninterference model

Based on a predetermined set/ domain of objects a subject can access

Based on automation theory and domain separation

Sutherland Model

Focuses on integrity

Prevent interference in support of integrity

Defines a set of system states, initial states, and state transitions

Commonly used to prevent covert channels from influencing processes

Graham-Denning Model

Secure management of objects and subjects

Securely create object/subject

Securely delete object/subject

Securely provide read access right

Securely provide grant access right

Securely provide delete access right

Securely provide transfer access right

Select Controls and Countermeasures Based on Systems Security Evaluation Models

Rainbow Series

ITSEC Classes and Required Assurance and Functionality

Common Criteria

Industry and International Security Implementation Guidelines

Certification and Accreditation

overview

Rainbow Series

TCSEC – Orange Book

Confidentiality

D, C1, C2, B1, B2, B3, A1

Red Book

Trusted Network Interpretation of TCSEC

Confidentiality and Integrity

None, C1, C2, B2

Green Book

Password management guidelines

ITSEC Classes and Required Assurance and Functionality

Rates functionality (F) and assurance (E)

F-D through F-B3

E0 through E6

Confidentiality, integrity, and availability

Common Criteria

Designed to replace prior systems

ISO 15408

Protection profiles

Security targets

Evaluation Assurance Level (EAL)

Part 1: Introduction and General Model

Part 2: Security Functional Requirements

Part 3: Security Assurance

Industry and International Security Implementation Guidelines

Payment Card Industry – Data Security Standards (PCI-DSS)

International Organization for Standardization (ISO)

Certification and Accreditation

Certification

Comprehensive evaluation of security against security requirements

Accreditation

Formal designation by DAA that system meets organizational security needs

Risk Management Framework (RMF)

Committee on National Security Systems Policy (CNSSP)

Phase 1: Definition, 2: Verification, 3: Validation, 4: Post Accreditation

Understand Security Capabilities of Information Systems

Memory Protection

Meltdown and Spectre

Virtualization

Trusted Platform Module

Hardware security module (HSM)

Interfaces

Constrained or restricted

Fault Tolerance

Conclusion

Read the Exam Essentials

Review the Chapter

Perform the Written Labs

Answer the Review Questions

Week 6 – Full

Objectives

Describe Threat Modeling

Identify several security models

Explain public key infrastructure

Reading Assignments

Chapter 8

Cagnazzo, M., Hertlein, M., Holz, T., & Pohlmann, N. (2018). Threat Modeling for Mobile Health Systems. https://ieeexplore.ieee.org/document/8369033 Click PDF, In Institution name box, enter: University of the Cumberlands, UC OneLogin will pop up and login with UC email address and Password.

Ruiz, N., Bargal, S.A., & Sclaroff, S. (2020). Disrupting DeepFakes: Adversarial Attacks Against Conditional Image Translation Networks and Facial Manipulation Systems. https://arxiv.org/abs/2003.01279 There is a link to the PDF of this article in the right column of this record under Download.

Fundamentals Issues of why dissertations fail

Dr. Steven Brown, PhD IT Program Director, has a created a presentation on identifying several areas where, and why dissertations fail, and how to correct these areas

https://us-lti.bbcollab.com/recording/561678eb60b94cb6ba9f5d8350bc86ed

Assignment

Threat Modeling

A new medium-sized health care facility just opened and you are hired as the CIO. The CEO is somewhat technical and has tasked you with creating a threat model. The CEO needs to decide from 3 selected models but needs your recommendation. Review this week’s readings, conduct your own research, then choose a model to recommend with proper justifications. Items to include (at a minimum) are:

User authentication and credentials with third-party applications

3 common security risks with ratings: low, medium or high

Justification of your threat model (why it was chosen over the other two: compare and contrast)

You will research several threat models as it applies to the health care industry, summarize three models and choose one as a recommendation to the CEO in a summary with a model using UML Diagrams (Do not copy and paste images from the Internet). In your research paper, be sure to discuss the security risks and assign a label of low, medium or high risks and the CEO will make the determination to accept the risks or mitigate them.

Order your essay today and save 10% with the discount code ESSAYHELP