3. Security Engineering

Question 1

Define TCB

Answer 1

Trusted computer base

Question 2

Define Security perimeter

Answer 2

Delineates the trusted and untreated components of a computer system

Question 3

Define reference monitor

Answer 3

An abstract machine concept that mediates all access between subjects and objects

Question 4

What are the two execution types?

Answer 4

Cooperative multitasking- does not allow for individual or isolation process.

Pre-emptive multitasking - allowed for true isolation of resources. Each task runs on its own space and processor time.

Question 5

What are the two CPU modes?

Answer 5

User state - (Problem Mode) - processor operates in reduced access to resources.

Privileged (kernel mode) - processor operates in ring 0, which has the highest level of trust.

Question 6

What are the three security models?

Answer 6

1. Bell-LaPadula
2. BIBA
3. Clark-Wilson

Question 7

Basics of Bell-LaPadula

Answer 7

1. Subject cannot read data from a security level higher then its own.
2. Subject cannot write down to a security level lower then its own.

No read up, no write down.

Question 8

Basics of BIBA

Answer 8

1. Designed to protect integrity of knowledge base.
2. Subject cannot read data from object of lower level.
3. Subject cannot write to an object with a higher level.
4. A subject cannot call upon a subject at a higher level.

Question 9

Basics of Clark-Wilson

Answer 9

1. Separation of duties
2. Enforces well-formed transitions by using the access triple: User>transformation procedure>Constained Data Item
3. Stops unauthorized users from making changes
4. Stops authorized users from making improper changes
5. Maintain internal and external consistency.

Question 10

Define Discretionary Access Control

Answer 10

Security of object is at owners control.
Access granted through ACL
Identity based.

Question 11

Define Mandatory Access Control

Answer 11

OS makes decision based on a security label system.
Data owners CANNOT grant access
Subjects label must dominate the objects level.
User and data given clearance level.

Question 12

What are the four common architectures?

Answer 12

1. Distributed computing
2. Service Oriented Architecture
3. Internet rich apps
4. Ubiquitous computing - wireless networking

Question 13

What are the services provided by cryptography

Answer 13

PAIN
Privacy: prevents unauthorized disclosure
Authenticity: verifies the claimed identity
Integrity: detects modification or corruption
Non-Repudiation: combines authorization and integrity. User cannot dispute having sent a message.

Question 14

What are some examples of symmetric cryptography?

Answer 14

Stream, RC-4, Block, AES/3DES

Question 15

What are other names for symmetric cryptography?

Answer 15

Private, shared key, secret.

Question 16

What is the default standard for cryptography block ciphers?

Answer 16

AES

Question 17

Describe asymmetric cryptography.

Answer 17

Public key - private key pairs.

Question 18

What are the asymmetric algorithms?

Answer 18

RSA and DSA
ECC and El Gamal
Dickie Hellman and knapsack.

If not one of these then it is likely symmetric algorithm.

Question 19

How man bits is the MD5 hashing algorithm?

Answer 19

128bit

Question 20

How many bits is the SHA-1 algorithm?

Answer 20

160bit

Question 21

How many bits is the SHA-256 algorithm?

Answer 21

256bit

Question 22

What is a collision?

Answer 22

Two different documents make the same hash.

Question 23

What is a birthday attack?

Answer 23

Trying to force a hashing collision.

Question 24

What is an HMAC?

Answer 24

Hashed Message Authentication Code

Message+Symmetric Number+hashing algorithm

Gives integrity and reasonable authenticity. But does not provide true authenticity.

Question 25

What is OCSP?

Answer 25

Online Certificate Status Protocol.

This streamlines the process of verifying whether or not a certificate has been revoked.

Question 26

What are the two frameworks of IPSec?

Answer 26

Tunnel mode: whole packet is encapsulated.

Transport mode: only the payload is encapsulated.

Question 27

What is ESP?

Answer 27

Encapsulating security payload.

Provides authenticity and integrity through a MAC.

Question 28

For ANY indication that confidentiality is needed, you must use which exchange?

Answer 28

ESP

Question 29

Define AH.

Answer 29

Authentication Header.

Provides integrity, authenticity, and non-repudiation through the use of an ICV (Integrity Check Value).

Question 30

List the types of attacks on cryptography.

Answer 30

1. Cipher text only - attacker only has cipher text and must brute force it.
2. Known plain text - attacker has the cipher text, but knows what some of it is in plain text.
3. Chosen plaintext - attacker can see the full text encrypted and decrypted.
4. Chosen ciphertext - attacker can see whatever they want in plain or cypher. Sometimes called a midnight attack.
5. Meet in the middle - attacker tries to learn what each key does individually (used in 3DES attacks)