Lattice-based access control

The lattice is a mechanism use to implement Mandatory Access Control
(MAC)
Under Mandatory Access Control (MAC) you have:
Mandatory Access Control
Under Non Discretionary Access Control (NDAC) you have:
Rule-Based Access Control
Role-Based Access Control
Under Discretionary Access Control (DAC) you have:
Discretionary Access Control
The Lattice Based Access Control is a type of access control used to implement other
access control method. A lattice is an ordered list of elements that has a least upper bound
and a most lower bound. The lattice can be used for MAC, DAC, Integrity level, File
Permission, and more
For example in the case of MAC, if we look at common government classifications, we
have the following:
TOP SECRET
SECRET ------------I am the user at secret
CONFIDENTIAL
SENSITIVE BUT UNCLASSIFIED
UNCLASSIFIED
If you look at the diagram above where I am a user at SECRET it means that I can access
document at lower classification but not document at TOP SECRET. The lattice is a list of
ORDERED ELEMENT, in this case the ordered elements are classification levels. My least
upper bound is SECRET and my most lower bound is UNCLASSIFIED.
However the lattice could also be used for Integrity Levels such as:
VERY HIGH
HIGH
MEDIUM -----I am a user, process, application at the medium level
LOW
VERY LOW  In the case of of Integrity levels you have to think about TRUST. Of course if I take for
example the the VISTA operating system which is based on Biba then Integrity Levels
would be used. As a user having access to the system I cannot tell a process running with
administrative privilege what to do. Else any users on the system could take control of the
system by getting highly privilege process to do things on their behalf. So no read down
would be allowed in this case and this is an example of the Biba model.
Last but not least the lattice could be use for file permissions:
RWX
RW -----User at this level
R
If I am a user with READ and WRITE (RW) access privilege then I cannot execute the file
because I do not have execute permission which is the X under linux and UNIX.
Many people confuse the Lattice Model and many books says MAC = LATTICE, however
the lattice can be use for other purposes.
There is also Role Based Access Control (RBAC) that exists out there. It COULD be used to simulate MAC but it is not MAC as it does not make use of Label on objects indicating
sensitivity and categories. MAC also require a clearance that dominates the object.
You can get more info about RBAC at:http://csrc.nist.gov/groups/SNS/rbac/faq.html#03
Also note that many book uses the same acronym for Role Based Access Control and Rule
Based Access Control which is RBAC, this can be confusing.
The proper way of writing the acronym for Rule Based Access Control is RuBAC,
unfortunately it is not commonly used.
References:
There is a great article on technet that talks about the lattice in VISTA:
http://blogs.technet.com/b/steriley/archive/2006/07/21/442870.aspx to simulate MAC but it is not MAC as it does not make use of Label on objects indicating
sensitivity and categories. MAC also require a clearance that dominates the object.
You can get more info about RBAC at:http://csrc.nist.gov/groups/SNS/rbac/faq.html#03
Also note that many book uses the same acronym for Role Based Access Control and Rule
Based Access Control which is RBAC, this can be confusing.
The proper way of writing the acronym for Rule Based Access Control is RuBAC,
unfortunately it is not commonly used.
References:
There is a great article on technet that talks about the lattice in VISTA:
http://blogs.technet.com/b/steriley/archive/2006/07/21/442870.aspx to simulate MAC but it is not MAC as it does not make use of Label on objects indicating
sensitivity and categories. MAC also require a clearance that dominates the object.
You can get more info about RBAC at:http://csrc.nist.gov/groups/SNS/rbac/faq.html#03
Also note that many book uses the same acronym for Role Based Access Control and Rule
Based Access Control which is RBAC, this can be confusing.
The proper way of writing the acronym for Rule Based Access Control is RuBAC,
unfortunately it is not commonly used.
References:
There is a great article on technet that talks about the lattice in VISTA:
http://blogs.technet.com/b/steriley/archive/2006/07/21/442870.aspx also see:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control
systems (page 33).and
http://www.microsoft-watch.com/content/vista/gaging_vistas_integrity.html

Two-factor authentication

Once an identity is established it must be authenticated. There exist
numerous technologies and implementation of authentication methods however they
almost all fall under three major areas.
There are three fundamental types of authentication:
Authentication by knowledge—something a person knows
Authentication by possession—something a person has
Authentication by characteristic—something a person is
Logical controls related to these types are called “factors.”
Something you know can be a password or PIN, something you have can be a token fob or
smart card, and something you are is usually some form of biometrics.
Single-factor authentication is the employment of one of these factors, two-factor  authentication is using two of the three factors, and three-factor authentication is the
combination of all three factors.
The general term for the use of more than one factor during authentication is multifactor
authentication or strong authentication.Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 2367-2379). Auerbach Publications. Kindle
Edition.

 UDP

Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security
Management Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, Page 33.

 User accountability for the actions on the system.

Identification and authentication are the keystones of most access control
systems. Identification establishes user accountability for the actions on the system.
The control environment can be established to log activity regarding the identification,
authentication, authorization, and use of privileges on a system. This can be used to detect                       the occurrence of errors, the attempts to perform an unauthorized action, or to validate
when provided credentials were exercised. The logging system as a detective device
provides evidence of actions (both successful and unsuccessful) and tasks that were
executed by authorized users.
Once a person has been identified through the user ID or a similar value, she must be
authenticated, which means she must prove she is who she says she is. Three general
factors can be used for authentication: something a person knows, something a person
has, and something a person is. They are also commonly called authentication by
knowledge, authentication by ownership, and authentication by characteristic.
For a user to be able to access a resource, he first must prove he is who he claims to be,
has the necessary credentials, and has been given the necessary rights or privileges to
perform the actions he is requesting. Once these steps are completed successfully, the
user can access and use network resources; however, it is necessary to track the user’s
activities and enforce accountability for his actions.
Identification describes a method of ensuring that a subject (user, program, or process) is
the entity it claims to be. Identification can be provided with the use of a username or
account number. To be properly authenticated, the subject is usually required to provide a
second piece to the credential set. This piece could be a password, passphrase,
cryptographic key, personal identification number (PIN), anatomical attribute, or token.
These two credential items are compared to information that has been previously stored for
this subject. If these credentials match the stored information, the subject is authenticated.
But we are not done yet. Once the subject provides its credentials and is properly
identified, the system it is trying to access needs to determine if this subject has been given
the necessary rights and privileges to carry out the requested actions. The system will look
at some type of access control matrix or compare security labels to verify that this subject
may indeed access the requested resource and perform the actions it is attempting. If the
system determines that the subject may access the resource, it authorizes the subject.
Although identification, authentication, authorization, and accountability have close and
complementary definitions, each has distinct functions that fulfill a specific requirement in
the process of access control. A user may be properly identified and authenticated to the
network, but he may not have the authorization to access the files on the file server. On the
other hand, a user may be authorized to access the files on the file server, but until she is
properly identified and authenticated, those resources are out of reach.
Reference(s) used for this question:
ISchneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition:
Access Control ((ISC)2 Press) (Kindle Locations 889-892). Auerbach Publications. Kindle
Edition.
and
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations
3875-3878). McGraw-Hill. Kindle Edition.
and
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations
3833-3848). McGraw-Hill. Kindle Edition.
and
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36.

 The noninterference model

The goal of a noninterference model is to strictly separate differing security
levels to assure that higher-level actions do not determine what lower-level users can see.
This is in contrast to other security models that control information flows between differing
levels of users, By maintaining strict separation of security levels, a noninterference model
minimizes leakages that might happen through a covert channel.
The model ensures that any actions that take place at a higher security level do not affect,
or interfere with, actions that take place at a lower level.
It is not concerned with the flow of data, but rather with what a subject knows about the
state of the system. So if an entity at a higher security level performs an action, it can not
change the state for the entity at the lower level.
The model also addresses the inference attack that occurs when some one has access to some type of information and can infer(guess) something that he does not have the
clearance level or authority to know.
The following are incorrect answers:
The Bell-LaPadula model is incorrect. The Bell-LaPadula model is concerned only with
confidentiality and bases access control decisions on the classfication of objects and the
clearences of subjects.
The information flow model is incorrect. The information flow models have a similar
framework to the Bell-LaPadula model and control how information may flow between
objects based on security classes. Information will be allowed to flow only in accordance
with the security policy.
The Clark-Wilson model is incorrect. The Clark-Wilson model is concerned with change control and assuring that all modifications to objects preserve integrity by means of wellformed
transactions and usage of an access triple (subjet - interface - object).
References:
CBK, pp 325 - 326
AIO3, pp. 290 - 291
AIOv4 Security Architecture and Design (page 345)
AIOv5 Security Architecture and Design (pages 347 - 348)
https://en.wikibooks.org/wiki/Security_Architecture_and_Design/Security_Models#Noninterf
erence_Models

Challenge Handshake Authentication Protocol (CHAP)

CHAP: A protocol that uses a three way hanbdshake The server sends the
client a challenge which includes a random value(a nonce) to thwart replay attacks. The
client responds with the MD5 hash of the nonce and the password.
The authentication is successful if the client's response is the one that the server expected.
Reference: Page 450, OIG 2007.
CHAP protects the password from eavesdroppers and supports the encryption of
communication.
Reference: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 44.    

 Lattice model

In a lattice model, there are pairs of elements that have the least upper
bound of values and greatest lower bound of values.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, 2001, John Wiley & Sons, Page 34.

 Data diddling

It involves changing data before , or as it is entered into the computer or in
other words , it refers to the alteration of the existing data.
The other answers are incorrect because :
Salami techniques : A salami attack is the one in which an attacker commits several small
crimes with the hope that the overall larger crime will go unnoticed.
Trojan horses: A Trojan Horse is a program that is disguised as another program.
Viruses:A Virus is a small application , or a string of code , that infects applications.
Reference: Shon Harris , AIO v3
Chapter - 11: Application and System Development, Page : 875-880
Chapter - 10: Law, Investigation and Ethics , Page : 758-759

 Preventive/Technical

The preventive/technical pairing uses technology to enforce access control
policies.
TECHNICAL CONTROLS
Technical security involves the use of safeguards incorporated in computer hardware,
operations or applications software, communications hardware and software, and related
devices. Technical controls are sometimes referred to as logical controls.
Preventive Technical Controls
Preventive technical controls are used to prevent unauthorized personnel or programs from
gaining remote access to computing resources. Examples of these controls include:
Access control software.
Antivirus software.
Library control systems.
Passwords.
Smart cards.
Encryption.
Dial-up access control and callback systems.
PreventivePhysical Controls
Preventive physical controls are employed to prevent unauthorized personnel from entering
computing facilities (i.e., locations housing computing resources, supporting utilities,
computer hard copy, and input data media) and to help protect against natural disasters.
Examples of these controls include:
Backup files and documentation.
Fences.
Security guards.
Badge systems.
Double door systems.
Locks and keys.
Backup power.
Biometric access controls.
Site selection.
Fire extinguishers.
Preventive Administrative Controls
Preventive administrative controls are personnel-oriented techniques for controlling
people’s behavior to ensure the confidentiality, integrity, and availability of computing data
and programs. Examples of preventive administrative controls include: Security awareness and technical training.
Separation of duties.
Procedures for recruiting and terminating employees.
Security policies and procedures.
Supervision.
Disaster recovery, contingency, and emergency plans.
User registration for computer access.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.

The token generates a new password value at fixed time intervals (this password could
be based on the time of day encrypted with a secret key).

Synchronous dynamic password tokens:
- The token generates a new password value at fixed time intervals (this password could be
the time of day encrypted with a secret key).
- the unique password is entered into a system or workstation along with an owner's PIN.
- The authentication entity in a system or workstation knows an owner's secret key and
PIN, and the entity verifies that the entered password is valid and that it was entered during
the valid time window.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37