Page 538 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 538

Exam Essentials


               Know details about each of the access control models. Know
               the access control models and their functions. The state machine
               model ensures that all instances of subjects accessing objects are

               secure. The information flow model is designed to prevent
               unauthorized, insecure, or restricted information flow. The
               noninterference model prevents the actions of one subject from
               affecting the system state or actions of another subject. The Take-
               Grant model dictates how rights can be passed from one subject to

               another or from a subject to an object. An access control matrix is a
               table of subjects and objects that indicates the actions or functions
               that each subject can perform on each object. Bell-LaPadula subjects
               have a clearance level that allows them to access only those objects
               with the corresponding classification levels. This enforces
               confidentiality. Biba prevents subjects with lower security levels from
               writing to objects at higher security levels. Clark-Wilson is an integrity
               model that relies on auditing to ensure that unauthorized subjects

               cannot access objects and that authorized users access objects
               properly. Biba and Clark-Wilson enforce integrity. Goguen-Meseguer
               and Sutherland focus on integrity. Graham-Denning focuses on the
               secure creation and deletion of both subjects and objects.

               Know the definitions of certification and accreditation.
               Certification is the technical evaluation of each part of a computer

               system to assess its concordance with security standards.
               Accreditation is the process of formal acceptance of a certified
               configuration from a designated authority.

               Be able to describe open and closed systems. Open systems are
               designed using industry standards and are usually easy to integrate
               with other open systems. Closed systems are generally proprietary
               hardware and/or software. Their specifications are not normally

               published, and they are usually harder to integrate with other systems.

               Know what confinement, bounds, and isolation are.
               Confinement restricts a process to reading from and writing to certain
               memory locations. Bounds are the limits of memory a process cannot
   533   534   535   536   537   538   539   540   541   542   543