Ch.6

Question 1

What are the goals of software design(5)

Answer 1

• divide the software system into components
• determine the relationships between those components
• determine the internal communication mechanism among these components
• specify the components interfaces
• describe the components functionality

Question 2

Integrating security in software design requires the following considerations:(4)

Answer 2

• what software components need to be created
• how to integrate these components securely
• how sensitive data is going to be stored
• how to control information flows between the components

Question 3

What are design principles

Answer 3

Guidelines that enhance security by ensuing simplicity and restriction

Question 4

What is a violation to open design

Answer 4

Steganography

Question 5

What does abstraction contribute to cyber security

Answer 5

• removes clutter that can distract the user from using a resource correctly
• excess complexity may hide malicious behaviors

Question 6

Components of access control (4)

Answer 6

• access controls
• access
• subject
• object

Question 7

Access control models (4)

Answer 7

• discretionary access control: identity and role
• mandatory access control: comparing security labels and security clearance
• role based access control :
  Roles that the user has and the rules stating what accesses are allowed to users in a role
• attribute based access control:
  User attributes, recourse to be accessed and current environment condition