Chapter 8

               Principles of Security Models, Design, and

               Capabilities


               THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER

               INCLUDE:

                      Domain 3: Security Architecture and Engineering

                        3.1 Implement and manage engineering processes using secure
                        design principles

                        3.2 Understand the fundamental concepts of security models

                        3.3 Select controls based upon systems security requirements

                        3.4 Understand security capabilities of information systems














                                       Understanding the philosophy behind security
               solutions helps to limit your search for the best controls for specific
               security needs. In this chapter, we discuss security models, including
               state machine, Bell-LaPadula, Biba, Clark-Wilson, Take-Grant, and
               Brewer and Nash. This chapter also describes Common Criteria and

               other methods governments and corporations use to evaluate
               information systems from a security perspective, with particular
               emphasis on U.S. Department of Defense and international security
               evaluation criteria. Finally, we discuss commonly encountered design
               flaws and other issues that can make information systems susceptible
               to attack.

               The process of determining how secure a system is can be difficult and

               time-consuming. In this chapter, we describe the process of evaluating
               a computer system’s level of security. We begin by introducing and