8 - Security Models, Design, and Capabilities Flashcards
What is an Object and a Subject?
- An object is the resource a user or process wants to access.
- A subject is the user or process that makes a request to access a resource.
What is Transitive Trust?
The concept that if A trusts B and B trusts C, then A inherits the trust of C through the transitive property.
What is the difference between Open and Closed systems?
- Closed Systems are designed to work well with a narrow range of other systems, generally all from the same manufacturer. The standards are generally proprietary and not normally disclosed. Can be more secure since vulnerabilities are not often known but these systems require specific knowledge to operate.
- Open Systems are designed using agreed-upon industry standards and are much easier to integrate with systems from different manufacturers that support the same standards. More vulnerable to attacks but more people know how to maintain and work on these systems.
- Can also be applied to source code:
- Open Source: where the source code and internal logic are exposed to the logic. Depends on public inspection for errors.
- Closed Source: Where the source code and internal logic are not open to the public. Depends on vendors/programmers for errors.
What are some methods for ensuring CIA for memory/data?
-
Confinement: This allows a process to read from and write to only certain memory locations and resources (aka Sandboxing).
- Can be applied via OS, a service, or through a VM
-
Bounds: The limits on where a process can access memory addresses and resources. The bounds state the area within which a process is contained
- Processes are bounded by the authority level it is given in an OS. There may be only two authority levels: kernel and user.
- Bounds can logical or physical in nature.
-
Isolation: Prevents an application from accessing the memory or resources of another application, whether good or bad.
*
What is a Control?
A control uses access rules to limit the access of a subject to an object. Access rules state which objects are valid for each subject. Also, an object might be valid for one type of access and be invalid for another type of access.
What is a Trusted System?
A Trusted System is where all the protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.
What is Assurance?
The degree of confidence in satisfaction of security needs. Assurance must be continually maintained, updated, and reverified. This is true if a system experiences a known change or if a significant amount of time has passed.
What is a Security Model?
A Security Model provides a way for designers to map abstract statements into a security policy that prescribes the algorithms and data structures necessary to build hardware and software.
A security model gives software designers something against which to measure their design and implementation.
What are Tokens, Capabilities Lists, and Labels?
- A token is a separate object that is associated with a resource and describes its security attributes.
- A capabilities list maintains a row of security attributes for each controlled object.
- A security label is a label that is generally a permanent part of the object.
What is a Trusted Computing Base?
A Trusted Computing Base is a combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy.
A subset of a complete system that is ideally as small as possible so it can be easily analyzed to meet specs and requirements. TCB components in a system are responsible for controlling access to the system and also must provide methods to access resources both inside and outside the TCB itself.
What is a Security Perimeter?
A Security Perimeter is an imaginary boundary that separates the TCB from the rest of the system. It ensures that no insecure communications or interactions occur between the TCB and the remaining elements of the computer system.
For the TCB to communicate with the rest of the system, it must create secure channels, also called Trusted Paths which is a channel established with strict standards to allow necessary communications to occur without exposing the TCB to security vulnerabilities.
What is a Reference Monitor and a Kernel?
- The Reference Monitor validates access to every resource prior to granting access requests.
- The Security Kernel is a collection of components in the TCB that work together to implement reference monitor functions. It launches appropriate components to enforce reference functionality and resist all known attacks.
What is a State Machine Model?
A State Machine Model describes a system that is always secure no matter what state it is in. Based on the CS model of Finite State Machine (FSM) which combines an external input with an internal machine state to model all kinds of complex systems.
The next state is a function of the current state and an input:
Next State = F(input, current state)
What is the Information Flow Model?
The Information Flow Model focuses on the flow of information which is based on the State Machine Model.
These are designed to prevent unauthorized, insecure, or restricted information flow, often between different levels of security (multilevel models).
What is a Noninterference Model?
A Noninterference Model is concerned with how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level.