Chapter 2 - Secure Software Requirements Flashcards

1
Q

What quality attributes should secure software have?

A

Reliability
Resiliency
Recoverability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Reliability?

A

An attribute of secure software. The software functions as it is expected to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Resiliency?

A

An attribute of secure software. The software doesn’t violate any security policy and can withstand the actions of threat agents and user errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Recoverability?

A

The software can restore operations to what the business expects by containing and limiting damage caused by threats that materialize.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a RTM?

A

Requirements Traceability Matrix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some internal sources of software requirements?

A
Policies
Standards
Guidelines
Patterns
Practices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some external sources of software requirements?

A

Regulations
Compliance initiatives
Geographical requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Who is ultimately responsible for software risk?

A

The business owner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are confidentiality requirements?

A

Those that address protection against disclosure of data or information that are personal or sensitive to unauthorized individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the two broad data classifications?

A

Public and non-public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is another name for public data?

A

`Directory information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the most common forms of covert secret writing?

A

Steganography and digital watermarking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is masking?

A

A weak form of confidentiality protection in which original information is askterisked or Xed out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the three methods for which confidentiality requirements need to be developed?

A

In transit
In processing
In storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are integrity requirements?

A

Requirements that address reliability assurance and prevention of unauthorized modification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What do integrity controls assure?

A

Reliability (the software does what it should), accuracy, completeness, and consistency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is even parity?

A

Addition of a parity bit to data such that there is an even number of 1 bits in the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is odd parity?

A

Addition of a parity bit to data such that there is an odd number of 1 bits in the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the strongest form of data integrity?

A

Hashing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are availability requirements?

A

those software requirements that ensure the protection against destruction of the software system and/or data, thereby assisting in the prevention against DoS to authorized users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are availability requirements?

A

those software requirements that ensure the protection against destruction of the software system and/or data, thereby assisting in the prevention against DoS to authorized users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is MTD?

A

Maximum Tolerable Downtime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is RTO?

A

Recovery Time Objective

RTO is the amount of time by which the system or software needs to be restored back to the expected state of business operations for authorized business users when it goes down.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Where should MTD and RTO be stated?

A

The SLA (Service Level Agreeemnt)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is BIA?

A

Business Impact Analysis.

A qualitative or quantitiative analysis of the cost of failure of the software to operate. This can include loss of credibility, confidence, or brand reputation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is a single point of failure?

A

Having no redundancy capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is replication?

A

Master/slave or primary/secondary scheme in which there is one master or primary node and updates are propagated to the slaves or secondary node either actively or passively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is active/active replication?

A

Active/active replication implies that updates are made to both the master and slave systems at the same time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is active/passive replication?

A

the updates are made to the master node first and then the replicas are pushed the changes subsequently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is authentication?

A

Validating an entity’s claim. Typically identity claims or credentials are validated against a trusted source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What are the most common forms of authentication?

A
Anonymous
Basic
Digest
Integrated
Client certificates
Forms
Tokens
Smart cards
Biometrics
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is anonymous authentication?

A

No prompting for credentials. Implies unlinkability (no way to link a user or system to their actions). Generally avoid unless there’s a reason to have it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is Basic Authentication

A

HTTP BasicAuth. Credentials are transmitted in base 64. Avoid, because easily decoded.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is Digest Authentication?

A

Challenge/response. Does not send credentials in clear text, but sends a hash of the original credential. Can’t be asily spoofed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is Integrated Authentication?

A

NTLM authentiation, or NT challenge/response.

36
Q

What is Client Certificate based authentication?

A

X509 client certificates.

37
Q

What is Forms authentication?

A

Web forms. Back end can be anything.

38
Q

What is token-based authentication?

A

Issue a token upon verification. Particularly useful in SSO.

39
Q

What is smart card based authentication?

A

Smart cards provide ownership-based (something you have) authentication.

40
Q

What is biometric authentication?

A

This form of authentication uses biological characteristics (something you are) for providing the identity’s credentials. Biological features such as retinal blood vessel patterns, facial features, and fingerprints are used for identity verification purposes.

41
Q

What is a Type I error?

A

False rejection. A legitimate user/enrollee is denied access.

42
Q

What is a Type II error?

A

False acceptance. Someone who isn’t a legitimate user is granted access.

43
Q

What is CER?

A

Crossover Error Rate. The point where the false rejection rate equals the false acceptance rate (FRR == FAR).

44
Q

What is a subject?

A

An entity requesting access to an object.

45
Q

What is an object?

A

Something that will be acted upon by a subject.

46
Q

What is CRUD?

A

Create, Read, Update, Delete. Common actions subects take upon objects.

47
Q

What are the types of access control models?

A
DAC
NDAC
MAC
RBAC
Resource Based Access Control
48
Q

What is DAC

A

Discretionary Access Control. The owner of the object decides who gets access.

49
Q

What is NDAC?

A

Like DAC, in that access to objects is based on the subject, but it is unavoidably imposed on all subjects. Doesn’t rely on the subject complying with security policies.

50
Q

What is MAC?

A

Restricted access to objects based on the security classification of the object.

Sensitivity is represented by a label.

AKA, clearance model.

Commonly implemented as “Rule based access control”

51
Q

What is RoleBAC?

A

Role Based Access Control. Access to objects by job function. Permissions are never assigned to users, only to roles.

52
Q

What is a Role Hierarchy?

A

Roles organized is a parent-child relationship.

53
Q

What is the difference between a role and a group?

A

A group is a collection of users, not a collection of permissions.

A role is a common job where everybody gets the same permissions.

54
Q

What is ResourceBAC?

A

Resource Based Access Control

Works when users may not be known in advance. Delegation. Kerberos works this way. Successful authentication gets you a ticket that is delegated the privileges and rights to invoke downstream servies.

Trusted Subsystem Model

55
Q

What is the Trusted Subsystem Model

A

access request decisions are granted based on the identity of a resource that is trusted instead of user identities..

Primarily Web applications. User logs into a web application, which may have permission to access a database.

56
Q

What are the minimum requirements for auditing?

A

Identify of the subject
Action (what they did)
Object on which the action was performed
Timestamp

57
Q

What does session management do for us?

A

Relieves the obligation to authenticate upon each access requiest.

58
Q

What risk does session management post?

A

Session hijacking.

59
Q

What is the problem with verbose error message?

A

Information disclosure.

60
Q

What is a TOC/TOU attack?

A

Race conditions, basically. TOC = Time of Check. TOU = Time Of Use.

61
Q

What properties need to be fulfilled for a race condition to occur?

A

Concurrency, shared object, and a change of state.

62
Q

What is the concurrency property?

A

At least two threads must be executing concurrently.

63
Q

What is the shared object property?

A

Two concurrent threads must be accessing the same object.

64
Q

What is the change of state property?

A

At least one of the two threads accessing the same object must alter the state of the object.

65
Q

How do you prevent race conditions?

A

Avoid race windows
Atomic operations
Mutual Exclusion

66
Q

What is a race window?

A

the window of opportunity when two concurrent threads race against one another trying to alter the same object

67
Q

What are atomic operations?

A

the entire process is completed using a single flow of control and that concurrent threads or control flow against the same object is disallowed.

68
Q

What are mutual exclusions?

A

Object locking to prevent multiple threads from accessing the same resource.

69
Q

What should you determine during the requirements gathering phase for archive information?

A

Location, duration, format.

70
Q

What is Canonicalization?

A

the process of converting data that has more than one possible representation into a standard canonical form.

71
Q

What is PNE?

A

Protection Needs Elicitation

Determination of security requirements.

72
Q

What are the steps in PNE?

A
  1. Engage the customer
  2. Information management modeling
  3. Identify least privilege applications
  4. Conduct threat modeling and analysis
  5. Prioritize based on customer needs
  6. Develop information protection policy
    7 Seek customer acceptance
73
Q

What methods can be used for PNE?

A
Brainstorming
Surveys and Questionanaires
Policy decomposition
Data classification
Subject-object matrix
use and misuse case modelling
74
Q

What is brainstorming?

A

An unstructured, quick method to glean security requirements. Characterized by just recording ideas, not challenging them.

75
Q

What is policy decomposition?

A

Breaking high level mandates into detailed security requirements.

76
Q

What are the steps in the policy decomposition process?

A
Policy documents (internal external)
to
High level objectives
to
Security requirements
to
Software security requirements
77
Q

What is data classification?

A

The conscious effort to assign a level of sensitivity to data assets based on potential impact upon disclosure, alteration, or destruction.

78
Q

What is the objective of data classification?

A

To lwoer hte cost of data protection and maximize the return on investment where data are protected.

79
Q

In data classification, what tasks is the business or data owner responsible for?

A

Ensure that information assets are appropriately classified
Validate that security controls are implemented as needed by reviewing the classification periodically.
Define authorized lists of users and access criteria
Ensure appropriate backup and recovery mechanisms are in place.
Delegate as needed classification responsibiilty, access approval, backup, and recovery to a data custodian.

80
Q

In data classification, what tasks is the business or data custodian responsible for?

A
  • Perform the information classification exercise
  • Perform backup and recovery
  • Ensure records retention is in place
81
Q

What is ILM

A

Information Lifecycle Management.

82
Q

What is ILM

A

Information Lifecycle Management.

83
Q

What is a Subject-Object Matrix?

A

A Subject–Object Matrix is used to identify allowable actions between subjects and objects based on use cases.

A Subject–Object Matrix is a two-dimensional representation of roles and components. The subjects or roles are listed across the columns and the objects or components are listed down the rows. A Subject–Object Matrix is a very effective tool to generate misuse cases. Once a Subject–Object Matrix is generated, by inversing the allowable actions captured in the Subject–Object Matrix, one can determine threats, which, in turn, can be used to determine security requirements.

84
Q

What is SQUARE?

A

Security Quality Requirements Engineering methodology. 9 steps that generate a final deliverable of categorized and prioritized security requirements

85
Q

What is a RTM?

A

Requirements Traceability Matrix.

final deliverable of categorized and prioritized security requirements

86
Q

What are the benefits of a RTM?

A

Avoid scope creep
Assure design satisfies the specified security requirements
Ensures implementation doesn’t deviate from secure design
Provides a basis for defining test cases