What Does A Security Monitor Do: Duties And Responsibilities
A security monitor collects and analyzes information for detecting unauthorized systems or suspicious changes on the network. This job requires the person to define the behavior that triggers the alerts. The personnel makes sure that the property is safe, including that inside from fire, home intrusion, burglary, and any other environmental disasters. Among the necessary skills for this job include attention to detail, alertness, analytical thinking, and communication skills.
Security Monitor Responsibilities
Here are examples of responsibilities from real security monitor resumes representing typical tasks they are likely to perform in their roles.
- Check operating equipment to ensure proper use and cleanliness.
- Monitor and maintain 300 plus CCTV cameras for on and off campus locations.
- Provide technical support to lower level JPAS users with account lockouts, creations, modifications, and password resets.
- Monitor personnel security to ensure investigations are up to date, maintain visit request both paper and electronic using JPAS.
- Monitor, investigate, and report suspicious persons and situations, safety hazards, unusual or illegal activity in patrol area.
- Perform the collection and testing of urinalysis and breathalyzer samples as well as processed urine specimens for shipment to the laboratory.
- Certificate at standard first aid and CPR certify, also take mandatory classes on self-defense, handcuffing, and chemical agents.
- Provide assistance in administering urinalysis drug testing.
- Monitor campus-wide CCTV and alarm systems and dispatch officers to respond to suspicious activity.
- Support physical/personnel security staff of 15-20 leads/managers within EMCOR providing coverage to unclear contractors throughout DOD facilities.
- Maintain and control records and initiate necessary actions for registration, cancellation of registrations of DOD vehicle decals.
- Maintain a standard of punctuality and dependability of attendance and retain myself cleanliness, tidiness, neatness and appropriately attire.
- Perform personal escorts, VIP services, and experience in controlling and deescalating physical altercations and accidents among customers and personnel.
Need A Perfect Security Monitor Resume?
Our AI resume builder helps you write a compelling and relevant resume for the jobs you want.
Security Monitor Skills and Personality Traits
We calculated that 20% of Security Monitors are proficient in Patrol, CPR, and Cleanliness. They’re also known for soft skills such as Communication skills, Good judgment, and Observation skills.
We break down the percentage of Security Monitors that have these skills listed on their resume here:
- Patrol, 20%
Monitored, investigated, and reported suspicious persons and situations, safety hazards, unusual or illegal activity in patrol area.
- CPR, 17%
Maintain Level 1 Department of Public SafetyFinger Print Card, CPR, 1st Aid and AED Certified.
- Cleanliness, 8%
Check operating equipment to ensure proper use and cleanliness.
- Data Entry, 7%
Maintained computer data entry logs of all employees, inmates, and all other activities that occurred on the property daily.
- Disciplinary Actions, 7%
Processed and filed documentation pertaining to student disciplinary actions.
- Substance Abuse, 6%
Monitor female residents undergoing court-ordered substance abuse treatment.
Some of the skills we found on security monitor resumes included “patrol,” “cpr,” and “cleanliness.” We have detailed the most important security monitor responsibilities below.
“
“See the full list of security monitor skills.
The three companies that hire the most prestigious security monitors are:
- The GEO Group22 Security Monitors Jobs
- Pacific Architects and Engineers14 Security Monitors Jobs
- Urban Resources9 Security Monitors Jobs
Choose From 10+ Customizable Security Monitor Resume templates
Build a professional
Security Monitor
resume in minutes. Browse through our resume examples to identify the best way to word your resume.
Then choose from 10+ resume templates to create your Security Monitor resume.
What Protective Officers Do
A protective officer is in charge of preventing theft and damages in stores and other establishments. Among their responsibilities include monitoring alarm systems and surveillance cameras, patrolling areas, keeping an eye on suspicious activities and behavior, developing strategies to enforce security protocols, and responding to distress. There are also instances where they must conduct inspections and produce reports. Furthermore, as a protective officer, it is essential to coordinate with law enforcement should the situation require.
We looked at the average security monitor annual salary and compared it with the average of a protective officer. Generally speaking, protective officers receive $10,630 higher pay than security monitors per year.
While the salaries between these two careers can be different, they do share some of the same responsibilities.
Employees in both security monitors and protective officers positions are skilled in patrol, cpr, and security cameras.
As far as similarities go, this is where it ends because a security monitor responsibility requires skills such as “cleanliness,” “data entry,” “disciplinary actions,” and “substance abuse.” Whereas a protective officer is skilled in “customer service,” “patients,” “loss prevention,” and “vehicle inspections.” So if you’re looking for what truly separates the two careers, you’ve found it.
Protective officers really shine in the professional industry with an average salary of $38,169. Whereas security monitors tend to make the most money in the health care industry with an average salary of $32,794.
Protective officers tend to reach similar levels of education than security monitors. In fact, protective officers are 2.4% more likely to graduate with a Master’s Degree and 0.2% more likely to have a Doctoral Degree.
What Are The Duties Of a Community Services Officer?
Community service offers or CSO support in crime response, investigation, and prevention where police powers are not necessary.
The community service officers assist the police officers in terms of upholding order and law in the community. They provide citizens with customer service, community outreach, and patrol. It is their job to implement city codes and other non-criminal police associated duties. They provide non-EMS in-home and on-site assistance to the citizens. Also, they respond to non-criminal complaints, building checks, and more.
Now we’re going to look at the community services officer profession. On average, community services officers earn a $8,140 higher salary than security monitors a year.
A similarity between the two careers of security monitors and community services officers are a few of the skills associated with both roles. We used resumes from both professions to find that both use skills like “patrol,” “cpr,” and “two way radios. “
But both careers also use different skills, according to real security monitor resumes. While security monitor responsibilities can utilize skills like “cleanliness,” “data entry,” “disciplinary actions,” and “substance abuse,” some community services officers use skills like “public safety,” “traffic control,” “parking enforcement,” and “rehabilitation.
”
Community services officers may earn a higher salary than security monitors, but community services officers earn the most pay in the education industry with an average salary of $42,187. On the other side of things, security monitors receive higher paychecks in the health care industry where they earn an average of $32,794.
On the topic of education, community services officers earn similar levels of education than security monitors. In general, they’re 1.6% more likely to graduate with a Master’s Degree and 0.2% more likely to earn a Doctoral Degree.
How a Public Safety Officer Compares
Public relations assistants are professionals who are responsible for creating and distributing promotional materials to help clients increase their public image and awareness of their products and services. These assistants are required to help develop and distribute public relations materials such as brochures, pamphlets, newsletters, and sell sheets. They must handle all the communications of their clients to the public by supervising social media content, press releases, and emails.
Public relations assistants must also gather materials to be used in trade shows or client presentations.
The third profession we take a look at is public safety officer. On an average scale, these workers bring in higher salaries than security monitors. In fact, they make a $6,697 higher salary per year.
By looking over several security monitors and public safety officers resumes, we found that both roles utilize similar skills, such as “patrol,” “cpr,” and “two way radios.” But beyond that the careers look very different.
As mentioned, these two careers differ between other skills that are required for performing the work exceedingly well. For example, gathering from security monitors resumes, they are more likely to have skills like “cleanliness,” “data entry,” “disciplinary actions,” and “substance abuse.” But a public safety officer might have skills like “patients,” “public safety,” “customer service,” and “motor vehicle.”
Public safety officers make a very good living in the health care industry with an average annual salary of $38,645.
Whereas security monitors are paid the highest salary in the health care industry with the average being $32,794.
When it comes to education, public safety officers tend to earn similar education levels than security monitors. In fact, they’re 0.9% more likely to earn a Master’s Degree, and 0.0% more likely to graduate with a Doctoral Degree.
Description Of a Commissioned Security Officer
Commissioned security officers tend to earn a higher pay than security monitors by about $2,253 per year.
While their salaries may vary, security monitors and commissioned security officers both use similar skills to perform their jobs. Resumes from both professions include skills like “patrol,” “cpr,” and “security cameras. “
Each job requires different skills like “cleanliness,” “data entry,” “disciplinary actions,” and “substance abuse,” which might show up on a security monitor resume. Whereas commissioned security officer might include skills like “fire hazards,” “vehicle patrols,” “security services,” and “deter crime.
”
In general, commissioned security officers reach similar levels of education when compared to security monitors resumes. Commissioned security officers are 0.7% more likely to earn their Master’s Degree and 0.1% less likely to graduate with a Doctoral Degree.
Types Of Security Monitor
Best 4K Monitor for Security Cameras
Any film or gaming enthusiast will tell you that the higher the resolution of your screen, the better your experience. Screen technology moves rather quickly, and while 1080p resolutions were once the benchmark, 4K resolutions have eclipsed that, becoming more the norm.
However, having a high resolution isn’t just for film and gaming fans, as it has other practical uses. It can be advantageous to have a 4K monitor for security cameras, but which one should you choose?
Is it worth bothering with getting a higher-end monitor for your security camera? The answers to these questions and more will be answered by the end of this overview, and you will have a few options to consider for your security setup.
Overall best pick:
SVD 27-Inch Professional 4K UHD LED Security Monitor
$313.00
Shop Now
Amazon.com
as of July 4, 2023 4:57 pm
Quick View: Best 4K Monitor For Security Cameras
- SVD 27-Inch Professional 4K UHD LED Security Monitor
- SAMSUNG 28-Inch 4k UHD LED-Lit Monitor
- LG UHD 27-Inch Monitor (27UL500-W)
Contents
- Quick View: Best 4K Monitor For Security Cameras
- Why Monitors Matter In A High Def Security Camera System
- What Is The Best Monitor For Security Cameras?
- 1) SVD — Most Versatile & Best Overall CCTV 4K Monitor
- 2) SAMSUNG — Best For Capturing Fast-Moving Video
- 3) LG — Best Overall Display Quality & Definition
- Overview
- FAQs
- Conclusion
Why Monitors Matter In A High Def Security Camera System
When watching films or especially gaming, having a high-definition monitor makes sense.
You want your movies to be clear and your games to have the best visual fidelity and response times possible, but why does it matter with security systems?
There are a few reasons why you want a good monitor for your setup. The whole point of having a security camera is so that you can have eyes in places where you’re not present.
This could be so that you can monitor a situation as it’s happening, or so that you can identify someone who broke into your house. If the footage is blurry and grainy, you won’t be able to make out a person’s face or see what they stole for insurance purposes.
For further reading on our recommendations for security cameras, check out this article we created.
Specifications To Look For When Buying A 4K Security Camera Monitor
-Response Time
Response time is an important feature to have no matter what you’re using your screen for. It can affect clarity, and that’s why you want to have the lowest response time possible. This will make it easier to see what’s happening, especially if there is a lot of movement on the screen.
-Refresh Rate
Refresh rate is another feature that has had more attention in recent years. For a while, 60hz was the standard for most decent monitors and TVs, but now 120hz and beyond is becoming more the norm.
In gaming, a higher refresh rate allows for faster, smoother framerates, and the same is true for your security footage. It will be much smoother and easy to view if you have a higher framerate. 60hz is the minimum you should consider, but if you can get 120hz or higher then that’s even better.
-Lifespan
No one wants to spend a fortune on a fancy gadget just to have it fail in a year or two. That’s why you want to invest in technology that has a good lifespan.
For example, your eyes may be drawn to an OLED screen with its rich blacks and vibrant colors, but those screens can be prone to images burning into the screen if an image is left on it for too long.
Considering video footage can be on the screen for hours at a time, you want to avoid screens that can be damaged by that kind of footage.
-Power Usage
Top technology often drains electricity quickly, so that is something to consider, as your monitor could be on practically permanently. Keeping power usage as low as possible is good for the environment and your electricity bill.
-Panel Type
The panel of your TV is also something to consider. Different ones will have benefits and drawbacks, and these can depend on what you’re using them for, too.
-Resolution
As we mentioned, 4K is becoming more of the norm for screens these days. 4K suggests a pixel count of 3840X2160, offering way more clarity than other standard resolutions.
The higher the resolution, the higher the quality of your image.
What Is The Best Monitor For Security Cameras?
1) SVD — Most Versatile & Best Overall CCTV 4K Monitor
SVD 27-Inch Professional 4K UHD LED Security Monitor
SVD 27-Inch Professional 4K UHD LED Security Monitor
$313.00
as of July 4, 2023 4:57 pm 
Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on Amazon at the time of purchase will apply to the purchase of this product.”/>
Shop Now
Amazon.com
Last updated on July 4, 2023 4:57 pm
Overview
The first monitor we are looking at is the SVD 27 Inch Professional 4k monitor. Each of the monitors we’re covering has its benefits, but this one is our overall pick for the best choice, for reasons we will go over now.
Key Features
-27 Inch Display
As the name suggests, the monitor has a decently sized 27-inch sized display.
This is perfect for security footage, as it will ensure that the image is big enough to see without stretching it out too much.
-4K 3840 X 2160 (UHD LED)
The TV has a regular 4K display output with a resolution of 3840X2160. This would be perfect for higher-end cameras and would allow for crystal-clear images.
-Compatibility with multiple video formats
Compatibility is another thing you want to be aware of, as it would be pointless to have a monitor and a camera that don’t play well together. Luckily, this TV has a wide range of compatibility with different formats.
-Works with Full HD TVI/CVI/AHD
The TV will be compatible with full HD, TVI, CVI, and AHD formats as well, ensuring even greater compatibility.
-3x HDMI and 1x DisplayPort (DP) Video Inputs
The TV has 3 HDMI input ports with 1 display port input. This will be perfect if you intend to use the screen for purposes other than security footage.
-50,000 Hour Rated Lifespan — Ideal For Non-Stop Security Monitoring
Earlier, we mentioned how the lifespan of a screen is an important issue, especially for security footage that will be on all or most of the time.
This screen has an up to 50 000 hour lifespan, meaning you can have it on constantly without worrying too much about it.
-Can Be Wall Mounted
This TV has the option for wall mounting, which gives you lots of options for where to place your TV for your setup.
Performance
The performance of this TV is really solid. It features high resolution, low response times, and plenty of ports so that it can be used for a variety of purposes.
Reviews on Amazon are all mostly positive, as the vast majority of people were really satisfied with this screen for their security setups.
Build And Design
The screen has a functional, no-nonsense design to it, which is fine as this will primarily be aimed at security footage capture. It may not look fancy, but it has a sturdy build that keeps all attention on the screen itself, as it should.
Pros And Cons
The positives of this TV are much more numerous than its flaws. As we have seen, it has a great quality screen with all the features you would hope for in a good screen.
One downside would be that it does not feature a built-in speaker, so you will need to buy one if you want sound output.
2) SAMSUNG — Best For Capturing Fast-Moving Video
SAMSUNG U28R550UQNX / LU28R550UQNXZA / LU28R550UQNXZA 28 4K UHD Monitor with AMD Free Sync
SAMSUNG U28R550UQNX / LU28R550UQNXZA / LU28R550UQNXZA 28 4K UHD Monitor with AMD Free Sync
$279.99
as of July 4, 2023 4:57 pm
Shop Now
Amazon.com
Last updated on July 4, 2023 4:57 pm 
Product prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on Amazon at the time of purchase will apply to the purchase of this product.”/>
Overview
Samsung is one of the top names in technology in general, and you can always rely on them to produce quality products using the best tech. The SAMSUNG U28R550UQNX is our next pick for a high-quality security camera monitor.
Let’s take a look at some of the reasons we chose this particular screen.
Key Features
-28 Inch Display
This monitor has a slightly larger screen than the previous one at 28 inches as opposed to 27. Either one is perfect for security footage viewing.
-4K 3840 X 2160 Resolution (UHD)
The monitor again features an impressive resolution of 3840X2160. This is perfect for crystal clear clarity.
-60Hz Refresh rate (HDMI 2.0)
As we mentioned earlier, you want at least 60Hz when it comes to refresh rates, and this one meets that standard, making it perfect for smoother footage playback.
-AMD FreeSync and 1ms (GTG) Response Time
The monitor incorporates AMD’s FreeSync technology and features an impressive 1ms response time. This means that you will be able to view faster footage without blurring or screen tearing.
-1 Billion Color Support
The 1 billion color support of this monitor ensures a wide range of color capabilities, meaning the picture will be clearer and even more accurate.
-HDMI 2.0, DisplayPort, 3.5mm Audio Out
In terms of ports, you have HDMI 2.0, DisplayPort, and a 3.5mm Audio output for speakers or headphones.
Performance
The monitor provides excellent, reliable performance as we have come to expect from Samsung. On Amazon, it has an impressive 4.3 out of 5-star rating from 1654 reviews, meaning most people were really impressed with what they experienced.
Build And Design
Once again, we see a sleek design that prioritizes functionality over stylishness. As always, this is fine for this kind of tech as you want the focus on the screen and not the monitor as a whole.
Pros And Cons
When it comes to benefits, we would say that the main benefit of this monitor is its low response times, making it ideal for faster footage in motion.
Drawbacks are limited, but some users weren’t impressed with the stand and the limited mounting capabilities of the monitor.
3) LG — Best Overall Display Quality & Definition
LG UHD 27-Inch Computer Monitor 27UL500-W, IPS Display with AMD FreeSync and HDR10 Compatibility
LG UHD 27-Inch Computer Monitor 27UL500-W, IPS Display with AMD FreeSync and HDR10 Compatibility
$290.00
as of July 4, 2023 4:57 pm
Shop Now
Amazon.
com
Last updated on July 4, 2023 4:57 pm
Overview
Lastly, we have the LG UHD 27-Inch 27UL500-W. LG is another top tech brand, and we chose this one for its excellent image quality and definition.
Now, we shall see why we chose it by checking out some key features.
Key Features
-27 Inch Display
Once again, we have a great 27-inch display, putting it in line with the other monitors we have seen.
-4K 3840 X 2160 (UHD LED)
We also have the standard 4K resolution here at 3840 X 2160.
-HDR 10’s Industry Standard For High Dynamic Range
HDR support is included with this monitor, meaning you will have a more accurate representation of light and color changes, ensuring more accuracy.
This is also great if you will also be using the monitor for movies or gaming.
-HDCP 2.2 support
Included HDCP 2.2 support will make streaming high-quality 4K footage possible in its best form possible.
-60 Hz Refresh Rate
We once again have a 60Hz refresh rate, meaning smooth footage for all formats.
-Can Be Wall Mounted
You can also mount the LG easily on your wall for more options for your security setup.
Performance
As you would expect from LG, performance is excellent. The rating on Amazon shows an impressive 4.6 out of 5 stars from 3636 reviews, which is an excellent rating that showcases the kind of quality we’re dealing with.
Build And Design
As we’ve come to expect, the build of the TV is entirely screen focused. It won’t catch the eye of visitors as a fancy piece of tech like a Playstation 5 would, for example, but once again the focus should be on the screen anyway.
Pros And Cons
Overall, this is an excellent option for any security setup.
You have the capacity for clear, smooth footage that will be compatible with the best cameras.
The only downside would be that it would not be ideal for gaming or high-definition content. The refresh rates are perfect for security footage, but just acceptable for other content.
FAQs
Why should I use a monitor instead of a TV?
Monitors are designed to have lower input lag and faster refresh rates than TVs, making them great for security footage.
Do You Need A 4K Monitor For 4K Security Cameras?
While you can use a lower resolution screen with your 4K camera, you won’t get the benefit of your higher resolution camera, as it will output to your TV’s lower resolution.
Is a 4k monitor worth the extra money?
4K monitors have become a lot more affordable lately, and even when they’re pricier it’s definitely worth the extra cost. Once you have seen 4K imagery, it’s hard to go back to anything lower.
How Do I Connect My External Camera To My Monitor?
This can vary depending on the camera, but it will usually be through a cable or sometimes even via an app.
You’ll want to consult the instructions for your camera to see how you connect it.
Amazon.com
SVD 27-Inch Professional 4K UHD LED Security Monitor
$313.00
Shop Now
Amazon.com
SAMSUNG U28R550UQNX / LU28R550UQNXZA / LU28R550UQNXZA 28 4K UHD Monitor with…
$279.99
Shop Now
Amazon.com
LG UHD 27-Inch Computer Monitor 27UL500-W, IPS Display with AMD FreeSync and…
$290.00
Shop Now
Conclusion
In this overview, we have seen 3 TVs that all provide a great experience. With JVC, we had a great overall monitor that would work for most people. Samsung gives us better visuals, while LG excels at higher-speed footage.
No matter what you go with, any of these would be fantastic options to get the most out of your security camera setup.
10.2. Security Monitor and Basic Types of Security Policies
Analysis
practical experience in protecting computer
information, as well as the main provisions
subject-object model of the CS allows
formulate some axiomatic
conditions regarding the structure and
functioning of protected CSs [10,17].
Axiom
10.1.
IN
protected CS at any time
every subject and object must be
personalized (identified)
And
authenticated.
This
axiom determined by nature itself
and the content of the processes of collective
user access to CS resources.
If any subjects (users)
have the opportunity to impersonate in the COP for
other subjects (users) or
if they can change
(issue) one access object for
others, then about no security,
there can be no security. So
way, axiom
1.1
expresses
necessary condition for safety
(security) of information in the CS, and
procedures, mechanisms and systems,
performing identification and
user authentication,
subjects and objects of access are
initial and most important software and hardware
frontier of information protection in the COP.
Axiom
10.2.
IN
protected CS must be present
active component (subject, process
etc.) with the appropriate
source object(s), which
controls access and
access control of subjects to objects.
IN
literature for this active ingredient
approved term “monitor
Concept
security monitor allows
express circuitry aspect
information protection in the CS in the form of a scheme,
shown in fig. 10.2.
IN
structure of most types of software
funds on which to build
information systems (OS, DBMS),
allocate a kernel (OS kernel, data machine
DBMS), in turn, divided into
presentation component
(OS file system, data model
DBMS) and on the data access component
(OS I/O system, processor
DBMS queries), as well as an add-on
(utilities, service, interface
components). Initialized
subjects in the implementation of processes
access apply for a service, functions
to the core of the system – see fig. 10.2.a.
Rice.
10.2.a. System engineering aspect
unprotected COP
Fig.10.2.b.
The system engineering aspect of secure
KS
IN
protected system appears
additional component that provides
information security processes
in total, identification/authentication procedures,
and access control based on
any security policy
(access control) – see fig.
10.2.b. In view of the fact that, as the very core of the CS
(view component and component
access), as well as the processes of differentiation
access are inextricably linked to the representation
information and manipulation with it,
then the security monitor should be
integrated directly into the kernel
systems. Sometimes they say that the monitor
security must be implemented
at the zero level (at the kernel level)
systems. In this regard, we note that
a more correct approach is
in such development of kernel components
CS, which would initially be built on
based on a specific security model
(models of differentiation) access.
IN
in practical terms, including
taking into account domestic and international
regulatory requirements for certification
secure systems, to monitor implementation
security are as follows
mandatory requirements:
-
Completeness.
Monitor
security should be called
(activate) on every call
behind the access of any subject to any
object, and there should be no
ways to bypass it. -
Isolation.
Monitor
security must be protected from
tracking and intercepting their work. -
Verifiability .
The security monitor should be
verifiable (self- or externally testable)
for the performance of their functions. -
Continuity.
Monitor
security must function
for any regular and non-standard, including
number and emergencies 2 .
So
Thus, it is the security monitor
in a secure system is the subject
implementation of the adopted policy
security through algorithms
their work corresponding models
security.
In this regard, great
the following axiomatic
position.
Axiom
10.3.
For
implementation of the adopted security policy,
management and access control subjects
to objects
required
(must
exist) information and object(s),
containing(s) (other than information
for identification and authentication
users).
From
axioms
1.3. follows,
that the security monitor, in turn,
like any active entity in the CS,
is a subject with a corresponding
source object and associated
objects. From this follows the following
important implications.
Consequence
10.3.1 (from axiom 10.3).
IN
protected CS there is a special
category of subjects (active entities),
which do not initialize and which
not controlled by users
systems
– so-called. system processes (subjects),
present (functioning) in
system
initially.
TO
the number of such system subjects
refers to the original system process,
which initializes the primary
user subjects as well as the monitor
security that manages
accesses of user subjects to
system objects.
Accordingly, for
security in COP properties
system actors should be
unchanged, on which they directly depend
security guarantees.
Consequence
10.3.2 (from axiom 10.3).
Associate
with security monitor facility,
containing system information
access control is the most
critical from
points
information security
resource in a protected CS.
Really
the possibility of unauthorized
change, delete this object can
completely destroy or discredit
the entire security system of the COP. That’s why
ways and features of implementation
of this object have a defining
importance for information security
in the CS.
Information
in associated with security monitor
object should relate to specific
users registered in the system
and specific objects of the system.
Therefore, for planning and
management system of demarcation
specific team access
users of the CS should be provided
procedure for accessing this object
from an external factor, i.
e. through
subject(s) of the user. Hence follows
one more consequence.
Consequence
10.3.3 (from axiom 10.3).
IN
secure system may exist
trusted user (administrator
system), the subjects of which have access
to the one associated with the monitor
data object security
to manage the demarcation policy
access.
Note
also that the subjects initiated
system administrator, are not
monitor elements or processes
security, but only provide
specific security monitor
information for management and control
access of subjects to system objects.
Principles
ways of representing and implementing
associated with the security monitor
objects are defined by policy type
security and features of a particular
KS.
Despite
to what has been developed so far
and tested in practical implementation
a large number of different models
the security of the COP, they all express
several initial security policies.
In a simplified interpretation of the policy
security is understood as a general principle
(methodology, rule, scheme) safe
work (access) of a group of users
with common information resources.
However, according to the definition
10.9.
essential
value has criteria
security accesses
subjects to objects, i.e. the rule
separation of information flows,
generated by accesses of subjects to
objects, hazardous and non-hazardous.
methodological
basis for policy making
security in secure CS served
real organizational and technological
security schemes
information outside (before) computer
spheres. Many approaches to protection
computer information were
“peeped”, in particular, in the field
work with “paper” confidential
documents, in other words, in the field
office work. In a special
theoretical literature
basics of computer security,
two main (basic)
security policies – discretionary
and mandate. In the not yet fully established
terminology in the field of computer protection
information, the first is called politics
selective access, and the second –
policy of the plenipotentiary 1
access. Some authors, considering
role access models, distinguish them
to the special “role policy” group
security.
”
Politics
discretionary (selective) access .
Many
secure (authorized) access P L
set for named users
(subjects) and objects explicitly in
in the form of a discrete set of triples
“User(Subject)-Thread(Operation)-Object”.
Principle
discretionary demarcation policy
access can be characterized by the scheme
“each with each”, i.e. in other words
for any of the possible combinations
“user (subject)-resource
(object)” must be explicitly set
(“registered”) permission / prohibition
access and the type of
allowed/prohibited operation
( Read ,
Write
and
etc.). Thus, with discretionary
access control policy
carried out in the most detailed way.
– up to the individual level
subject, individual object
access and individual operation.
Politics
mandated (authoritative) access.
Many
secure (authorized) access P L
is set implicitly through the introduction
for user-subjects of some
discrete characteristic of trust
(tolerance level), and for objects of some
discrete privacy characteristic
(secrecy stamp), and vesting on this
based on user-subjects by some
the power to generate certain
flows depending on the ratio
“tolerance level-flow(operation)-level
privacy.
”
So
way, as opposed to discretionary
policy, with mandate policy
access control is performed
less detailed – to the group level
users with a certain level
tolerance and group of objects with a certain
privacy level. Decrease
access granularity creates
conditions for simplification and improvement
access control due to the significant
reducing the number of subjects
management and control.
Politics
thematic access .
Many
secure (authorized) access P L
is set implicitly through the introduction
for subject users
some
thematic characteristics –
permitted thematic information
headings, and for objects of a similar
characteristics as a set of thematic
headings, information on which is contained
in the object, and endowment on that basis
authority user principals
spawn certain streams in
depending on the ratio “set
subject headings – set
subject headings of the object”.
How
and with mandated access, thematic
the principle determines the subject’s access to
object implicitly, through the relation
required special features
subject and object and, accordingly,
compared to the discretionary principle
greatly simplifies management
access.
Politics
role access.
Many
safe (permitted)
accesses
P l
set
through the introduction of additional
abstract entities of roles acting
some “typical” (role-playing)
access subjects with whom
specific users are associated
(in the role of which they access),
and granting access to role subjects
on the basis of discretionary or mandated
principle of access rights to objects
systems.
role-playing
policy restricts access not to
level of user-subjects, and on
the level of roles that are groups
uniform access to system objects,
and on this basis develops one or another
basic security policy
(discretionary or mandatory).
That’s why
in most sources of role-playing
the principle of access control
allocated to a separate policy, and
regarded as some
additions to models of discretionary
or mandated access.
Each
security policy requires
certain information to differentiate
access in a specific system, localized
in
the object associated with the monitor
security. For discretionary models
access this information is
list of allowed triples “subject
(user)-operation-object”.
For
access control in systems with
mandated access needs information
by levels of admission of subjects and vultures
object privacy. In systems
role-based access in addition to information,
regulating access of roles to objects
(based on discretionary or mandated
principle), information is needed on
user-subject associations with
roles. With thematic access
need information on thematic
rubrics of user-subjects and
objects.
Specific
security model details and
formalizes (in the form of analytical
ratios, algorithms, etc.
) general
principle of access control based on
one of the considered policies, and sometimes
some combination of them. In particular
CS developers build and implement
original software and hardware
solutions that embody security models,
including structure, functions,
software and hardware implementation
security monitor.
Security Monitor and main types of security policies
Security monitor and
main types of security policies
2. Axioms. Identification and authentication
A.
In a secure CS at any time, any subject and object must be
personified (identified) and
authenticated
It must not be possible to impersonate others
Procedures, mechanisms and systems that perform
identification and authentication users, their
subjects and access objects are initial and
the most important software and hardware frontier of protection
information in the CS
Identification – distinction and presentation of
instances of entities by names-identifiers
Authentication – verification and confirmation of the authenticity of
identified instances of entities
3.
Axioms. “Security Monitor”
Axioms.
“Security Monitor”
A. A secure CS must contain
an active component (subject, process, etc.)
with the corresponding source object(s),
which performs
access control and
control of access of subjects to objects.
The term “security monitor”
has been established for such an active component.
4. Architecture of an unprotected CS
Computer system
Objects
Subjects
Kernel
Access component (input-output system in OS)
Component
of presentation
(file system in OS)
Kernel – kernel
OS, DBMS
Access Component machine – OS file system, data model
DBMS
Presentation component – BB OS system, DBMS query processor
Add-in – utilities, service, interface components
B – add. a component that provides information security processes –
identification / authentication, as well as access control based on
some Security Policy (access control)
MB d.
b. implemented at the zero level (kernel level) of system
The kernel must be designed taking into account the operation of the MB
Computer system
Objects
Subjects
Kernel
Access component (I / O system in the OS)
Presentation component (file system in the OS)
Protected computer system
Subjects
Objects
I dro
7 Requirements for the implementation of MB
1.
2.
3.
4.
Completeness. The MB must be called (activated) at
each request for access by any subject to any
object, and there should be no way around it.
Isolation. The MB must be protected from being tracked by
and intercepting its work.
Verifiable. The MB must be verifiable (self or externally testable) to perform its
functions.
Continuity. The MB must function in any
regular and abnormal situations, including emergencies.
MB in a secure CS is the subject of implementation
of the adopted security policy, implementing through algorithms
its work corresponding to the security model.
p.2, p.3 – related to the guarantees of the implementation of the security policy
failure to comply with p.4 is the main cause of attacks
8. Features of the model
Security monitor
between any objects spawned by any subject, and allowing only
those flows that belong to PL
MB of subjects (MBS)0205 spawning subjects, and allowing spawning
subjects only for a fixed subset
of pairs of activating subjects and source objects
(c) 2010, A.M. Kadan, Department of System Programming and Computer Security
, FaMI, GrGU, Grodno, Belarus
8
Secured computer system
MBO (subject )
Subjects
Stream(Sm , Oi) Oj
Associated
Sm
object-data 9 0205 Sk
( No policy PL )
Create(Sm,Ol) Sk
MBS (subject)
Objects
Oi
Oj
Ol
Functionally associated objects
isolated software environment (IPS)
(c) 2010, A.M. Kadan, Department of System Programming and
Computer Security, FaMI, GrSU, Grodno, Belarus
9
0205 security is provided by
certain requirements for MBO and MBS,
implementing the so-called.
isolated software environment
(IPS)
Initial thesis –
when changing objects that are functionally
associated with the subject of the security monitor
, the properties of the MBO
and MBS itself may change, which can lead to a violation of the IS
(c) 2010, A.M. Kadan, Department of System Programming and
Computer Security, FaMI, GrSU, Grodno, Belarus
10
11. Sufficient condition for guaranteed execution of PB in CS
MBO allows the generation of flows only from PL;
all entities existing in the CS are absolutely correct
with respect to the MBO and each other
The entities Si and Sj are called non-influencing
each other (or correct relative to each other),
if at any moment there is no flow (changing
the state of the object) between any objects Oi and Oj ,
associated respectively with subjects Si and Sj ,
where Oi is not associated with Sj, and Oj is not associated with Si
(c) 2010, A.
M. Kadan, Department of System Programming and Computer Security
, FaMI, GrSU, Grodno, Belarus
11
12. A sufficient condition for guaranteed execution of PB in CS
MBO allows the generation of flows only from PL;
In practice
all entities existing in the CS are absolutely
only
correct with respect to the MBO and each other
correctness
with respect to
MBO
MBO
Subject
Function Assoc.
items
Assoc. objects data
Sk
Sm
(c) 2010, A.M. Kadan, Department of System Programming and
Computer Security, FaMI, GrSU, Grodno, Belarus
Funkts.assoc.
items
Assoc. objectsdata
Assoc. data objects
Fct. ass.
objects
12
13. Sufficient condition for the implementation of PB in the IS
IS is an isolated software system
If
there is an MBO and
the generated subjects are absolutely correct
with respect to MBO,
and also MBS is absolutely correct with respect to MBO,
then the access described by PB
(c) 2010, A.
M. Kadan, Department of System Programming and Computer Security
, FaMI, GrGU, Grodno, Belarus
13
items
Assoc. MBO objects
data (including
subject
source object)
Assoc. data objects (including
source object)
MBS
Subject
Function Assoc.
Objects
Sk
Sm
Func.
items
Assoc. objectsdata
In practice
easier than
complete
correctness
subjects
Assoc. objects relative to
data
each other
func.
objects
(c) 2010, A.M. Kadan, Department of System Programming and
Computer Security, FaMI, GrSU, Grodno, Belarus
14
15. Implementation problems of IPS
performance problem
increased requirements for computing resources
problem of loading (initial initiation) of the IS
non-stationarity of the functioning of the CS (especially at the beginning
time point) due to a change in the presentation level
objects
the problem of the integrity of objects and the problem of reading
real data
complexity of the technical implementation of control immutability
objects
(c) 2010, A.
M. Kadan, Department of System Programming and
Computer Security, FaMI, GrSU, Grodno, Belarus
15
Types of security policies
In a simplified interpretation of the PB –
the general principle (methodology, rules, scheme)
is the safe operation (access) of a team
of users with common information
resources.
The most important criterion is
the security of subjects’ access to objects,
i.e. the rule for separating information flows
generated by subjects’ access to objects into
dangerous and non-dangerous.
Basic Security Policies
Two Basic Security Policies –
discretionary (selective access policy)
mandated (authorized access policy).
Role-based security policy
Combines well-known role-based access models
Thematic access control policy
in documentary information retrieval systems
“peeped” in the non-computer (library and archive) sphere.
18. Types of security policies
Discretionary (selective) access policy
Discretionary (selective) access policy (SDA)
The SDA principle
The set of secure (allowed) accesses PL is specified for
named users (subjects) and objects in an explicit
way in the form of a discrete set of triples
“User (subject) – thread (operation) – object”.
characterize with the “each-with-each” scheme, i.e.
in other words, for any of the possible combinations
“user (subject) – resource (object)” must be explicitly set
(“registered”) permission / deny access and type
corresponding allowed/prohibited operation (Read,
Write, etc.).
Thus, with traffic rules, access control
is carried out in the most detailed way – up to the level
of a single subject, a single access object
and a single operation.
19. Basic security policies
Mandatory
(authoritative) access policy
The set of secure (allowed) accesses PL is implicitly defined
through the introduction
Based on this
access level – for users-subjects of some discrete0205 trust characteristics,
security stamp – for objects of some discrete
privacy characteristics,
subject users are given some authority to generate
certain flows depending on the relationship “level of admission stream (operation) – privacy level”.
In contrast to SDA, with MTD, access control
is performed in less detail –
to the level of a user group with a certain level of access and
to a group of objects with a certain level of confidentiality.
simplification and improvement of access control due to a significant
reduction in the number of subjects of management and control.
This creates the conditions for
20. The policy of discretionary (selective) access
The policy of thematic
access
The set of secure access PL is implicitly specified
through
the introduction for user-subjects of some thematic
characteristic – allowed thematic information headings,
a for objects similar characteristics in the form of a set of
subject headings, information on which is contained in the object, and
empowering user subjects on this basis
to generate certain flows depending on the ratio “set of subject headings
of the subject heading – set of subject headings of the object”.
As with PMD, PDD determines the access of the subject to the object implicitly,
through the ratio of the specified special characteristics
of the subject and the object and, accordingly, in comparison with the PDD
significantly simplifies access control.
21. Mandatory (authoritative) access policy
Role-based access policy
The set of secure (allowed) accesses PL is set through
the introduction of additional abstract entities in the system –
roles that act as some “typical” (role) access subjects
with which they are associated specific users (in
whose roles provide access), and
empowering role-based access subjects on the basis of a discretionary
or mandate principle with access rights to system objects.
Role policy delimits access not at the level of users-subjects, but at the level of roles, which are groups of the same type
access to system objects, and on this basis develops one or another
basic security policy (discretionary or mandatory).