Security

Various implementations

Code No
Skill Category No: 
7
Skill No: 
3
Topic No: 
6
Level: 
II
Objective: 

Understanding characteristics of various implementations.

  • SMACK
  • TOMOYO Linux
  • AppArmor
  • grsecurity
     

SELinux

Code No
Skill Category No: 
7
Skill No: 
3
Topic No: 
5
Level: 
III
Objective: 

Knowing how to use the policy language, related security management and policy analysis tools. Knowing SELinux Security architecture and implementation.

  • Knowing the SELinux architecture and implementation
    • Flask architecture SHARED CODE 7-3-3-I
    • SELinux LSM Module
      • Data structures
      • Hook Functions
      • Security system calls
      • Module registering
  • Knowing how to use SELinux management and policy analysis tools
    • checkpolicy
    • libselinux
    • libsemanage
    • libsepol

SELinux

Code No
Skill Category No: 
7
Skill No: 
3
Topic No: 
5
Level: 
II
Objective: 

Understanding SELinux MAC security policies and policy language

  • Understanding the Configurable policies in SELinux
    • Type Enforcement (TE)
    • Role Based Access Control (RBAC)
    • Multi Level Security (MLS) and Multi Category Security (MCS)
  • Understanding flask security architecture
    • Object manager
    • Security server
  • Understanding what SELinux can and cannot do.
  • Understanding and knowing how to use SELinux policy language

Linux Security Module-LSM

Code No
Skill Category No: 
7
Skill No: 
3
Topic No: 
4
Level: 
III
Objective: 

Knowing how to design and implement security mechanisms in Linux.

  • Knowing how to implement security mechanisms with LSM framework in Linux
    • DTE Linux
      • DTE Policy
      • DTE Implementation
      • How to use
    • POSIX.1e Capabilities
      • Capability Definition
      • Capability Implementation
      • How to use
         

Linux Security Module-LSM

Code No
Skill Category No: 
7
Skill No: 
3
Topic No: 
4
Level: 
II
Objective: 

Understanding flask security architecture and LSM framework

  • Knowing the structure of Linux security module and hook functions
    • Opaque security fields such as void *security
    • Calls to security hook functions
    • Security system call such as sys_security()
    • Registering security modules
    • Capabilities
  • Understanding what LSM can and cannot do.
     

OS Security Models

Code No
Skill Category No: 
7
Skill No: 
3
Topic No: 
3
Level: 
II
Objective: 

Understanding typical and practical security models in Linux systems

  • Understanding multilevel security policy and confidentiality model
    • Bell-LaPadula Model
    • Understanding integrity protection policy and integrity models
    • Biba
    • Clark-Wilson
  • Understanding multi-policy security and neutral security models
    • RBAC (Role Based Access Control)
    • UCON (Usage Control)
    • TE/DTE (Type Enforcement/Domain and Type Enforcement)
    • Chinese Wall

OS Security Mechanisms

Code No
Skill Category No: 
7
Skill No: 
3
Topic No: 
2
Level: 
II
Objective: 

Knowing how to use current security mechanisms in Linux systems.

Prerequisite: 
  • Knowing how to use user identification and authentication commands and related files
    • Commands, e.g. useradd, userdel, usermod, password …
    • Files, e.g. /etc/passwd, etc/shadow, …
  • Knowing how to use discretionary access control commands
    • 9 bit mechanism, e.g. chmod, chown, … commands
    • ACL (Access Control List) mechanism, e.g. setfacl, chfacl, getfacl,… commands

OS Security Mechanisms

Code No
Skill Category No: 
7
Skill No: 
3
Topic No: 
2
Level: 
I
Objective: 

Understanding basic security mechanisms in trusted operating systems, including identification & authentication, discretionary & mandatory access control, integrity protection, least privilege management, trusted path, trusted recovery, covert channel, object reuse, audit and so on.

Prerequisite: 
  • Understanding basic security mechanisms in trusted operating systems, including:
    • identification & authentication
    • discretionary & mandatory access control
    • integrity protection
    • least privilege management
    • trusted path
    • trusted recovery
    • covert channel
    • object reuse
    • audit
       

OS Security Concepts

Code No
Skill Category No: 
7
Skill No: 
3
Topic No: 
1
Level: 
I
Objective: 

Understanding security threats and attacks on operating systems.
Understanding basic concepts on operating system security
Understanding related criteria on secure operating system
Understanding OS security related criteria
 

  • Understanding OS Security threats and attacks
    • virus & worms
    • Trojan horse
    • buffer overflow
    • logic bomb
    • covert channel
  • Understanding basic OS security concepts
    • reference monitor
    • trusted computing base
    • security function & security assurance
  • Understanding OS security related criteria
    • TCSEC
    • CC

Mechanism of intrusion detection systems

Code No
Skill Category No: 
7
Skill No: 
2
Topic No: 
15
Level: 
II
Objective: 

Knowing network vulnerability investigation

Prerequisite: 
  • Principle
  • Attack Model
  • Function
  • Detection policy
  • Countermeasures of IDS
     
Syndicate content