This article will cover some of the major areas within Security Architecture and Design by looking at: design concepts, hardware architecture, OS and software architecture, security models, modes of operations, and some system evaluation methods, specifically CAP.

First, design concepts. You need to remember “LAST.”  That is L=Layering, A=Abstraction, S=Security Domains and T=The Ring.  Actually is should have been LASR but who could remember that and besides if you vocalize THE RING it sticks with you.  OK, so layering or separating the design into distinct parts like hardware, hardware drivers, operating system and application.  Abstract, like in abstract painting, you never really know what the artist was thinking because all of that is hidden from you the viewer/user.  As an example, if you click on a URL in your browser, say for, you as the user see the web page painted on your screen, you don’t see all of the electronic work going on in the background to handle communications like  file lookup, screen painting, etc.  You just see the screen.  In Security Domains, think two things, user mode and supervisor mode.  Users can only do what they have been allowed to do and supervisor mode can do anything.  And finally, THE RING. No not the one you give to a very close acquaintance. But rather how security is designed, the closer to the center of the ring the more restrictive the security.

Next, hardware architecture.  Now, we already know the basics about input devices, CPUs, output devices, memory, hard disks, etc. So I won’t bore you with that minutia. But you should Google the following subjects: pipelining, interrupt, processes, threads, multitasking, multiprocessing, SRAM, DRAM, virtual memory and WORM — not the virus, but write-once, read-many.  Once you’ve Googled those, cut and paste the definitions you find somewhere and keep them handy.

Then, OS and software architecture.  You need to understand the “reference monitor” and the role it plays in mediating access.  You should be able to look at UNIX/Linux permissions and know the difference between Owner/Group/World and who has what.  Also, look at NTFS permissions in Windows and get a good grasp of the differences between the five different levels of permissions.  Some key words to research and remember in this section are: TOCTOU, backdoor vs. maintenance hook, and don’t forget polyinstantiation.

For security models, you can read through the different models, but pay particular attention to the Biba model and the Bell-LaPadula model and how they work with the principle of least privilege.

There are four different modes of operation; multilevel, compartmental, system-high and dedicated.  Understand the role of the reference monitor in the multilevel mode.

And finally system evaluation methods or as we like to call it Certification Accreditation Program (CAP).  (ISC)2 is getting away from asking questions which ask you to classify levels by ITSEC but it wouldn’t hurt to familiarize yourself with the Common Criteria and the EAL levels, especially the difference between EAL3 and EAL4 and the difference between EAL5 and EAL6 (remember verify, verify, verify).  And remember it all started with the Orange book (no network) and then went to the Red book (included network).

Fill out the short form below for pricing information and details regarding our various training options (self paced, online mentored & instructor lead) for the CISSP.

Want to learn more?? The InfoSec Institute CISSP Training course trains and prepares you to pass the premier security certification, the CISSP. Professionals that hold the CISSP have demonstrated that they have deep knowledge of all 10 Common Body of Knowledge Domains, and have the necessary skills to provide leadership in the creation and operational duties of enterprise wide information security programs.

InfoSec Institute's proprietary CISSP certification courseware materials are always up to date and synchronized with the latest ISC2 exam objectives. Our industry leading course curriculum combined with our award-winning CISSP training provided by expert instructors delivers the platform you need in order to pass the CISSP exam with flying colors. You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time you take it. Some benefits of the CISSP Boot Camp are:

  • Dual Certification - CISSP and ISSEP/ISSMP/ISSAP
  • We have cultivated a strong reputation for getting at the secrets of the CISSP certification exam
  • Our materials are always updated with the latest information on the exam objectives: This is NOT a Common Body of Knowledge review-it is intense, successful preparation for CISSP certification.
  • We focus on preparing you for the CISSP certification exam through drill sessions, review of the entire Common Body of Knowledge, and practical question and answer scenarios, all following a high-energy seminar approach.