To Contact Me

Phone: 07768 113497

Fax: 01473 423491


Home Page | Network Penetration Testing | Firewall and VPN Engineering | Network Design | Security Policy | Network Support | Employment / Contract History | CV and References | Personal


The Security Architecture and Models domain contains the concepts,

principles, structures, and standards used to design, implement, monitor, and

secure, operating systems, equipment, networks, applications, and those

controls used to enforce various levels of confidentiality, integrity, and


The candidate should understand security models in terms of confidentiality,

integrity, information flow, commercial vs. government requirements; system

models in terms of the Common Criteria, international (ITSEC), United States

Department of Defense (TCSEC), and Internet (IETF IPSEC); technical

platforms in terms of hardware, firmware, and software; and system security

techniques in terms of preventative, detective, and corrective controls.

Key Areas of Knowledge

§ Principles of common computer and network organizations, architectures

and designs

§  Addressing - physical and symbolic

§  Address space as contrasted to memory space

§  Hardware, firmware, and software

§  Machine types (real, virtual, multi-state, multi-tasking, multiprogramming,

multi-processing, multi-processor, multi-user)

§  Network protocol functions (OSI 7 Layer Model)

§  Operating states (single state, multi-state)

§  Operating modes (user, supervisor or privileged)

§  Resource manager functions

§  Storage types (primary, secondary, real, virtual, volatile, non-volatile,

random, sequential)

§  Protection mechanisms (layering, abstraction, data hiding, process

isolation, hardware segmentation, principle of least privilege,

separation of privilege, accountability)

§  System security techniques in terms of preventive, detective, and

corrective controls

§ Principles of common security models, architectures, and evaluation


§  Certification and accreditation

§  Closed and open systems

§  Confinement, bounds and isolation

§  Controls (mandatory and discretionary)

§  IETF Security Architecture (IPSEC)

§  ITSEC classes and required assurance and functionality

§  Objects and subjects (purpose and relationship)

§  Security perimeter and DMZ

§  Reference monitors and kernels (purpose and function)

§  Trusted Computing Base (TCB)

§  Security Models (Bell-LaPadula, Clark-Wilson, Biba) in terms of

confidentiality, integrity, and information flow, as well as commercial

versus government requirements

§  TCSEC classes and required functionality

§  Tokens, capabilities, and labels (purpose and functions)

§ Common flaws and security issues associated with system architectures

and designs

§  Covert channels (memory, storage, and communications)

§  Initialization and failure states

§  Input and parameter checking

§  Maintenance hooks and privileged programs (superzap/su)

§  Programming (techniques, compilers, APIs, and library issues

§  Timing (TOC/TOU), state changes, communication disconnects

§  Electro-magnetic radiation

Click to email me