Chapter 5: Security Architecture and Design

Question 1

Trusted Computing Base (TCB)

Answer 1

The totality of protection mechanisms pertaining to a computer system, including hardware, firmware, and software; enforces a unified security policy

Question 2

Subject:

Answer 2

User or device

Question 3

Object:

Answer 3

resource, data, etc

Question 4

Reference monitor is…

Answer 4

a software model or abstract machine that mediates all accesses

Question 5

Reference monitor should be…

Answer 5

Complete, for all accesses
Isolated from modification by other systems
Verifiable in doing what it’s supposed to and without outside interference

Question 6

Security Kernel

Answer 6

a reference monitor for a specific hardware base

Question 7

Mandatory Access Control (MAC)

Answer 7

For environments where there is no single information owner. Awards access to objects based on labels and clearance levels. Reference monitor is the decision maker.

Question 8

Rings of Trust

Answer 8

Model depicting the shrinking rings of individuals with need to know/proper clearance to access more secret or secure objects. Model can be used at the hardware level, such as in the case of a CPU kernel mediating data access

Question 9

Rules for Rings of Trust within network

Answer 9

Each rings trusts all rings closer to center than it
No host trusts any host in a further out ring
Segments in same ring are not automatically trusts though are “allowed” to depending on function

Question 10

Primary Storage

Answer 10

The memory storage allotted to the CPU for active work; volatile and info disappears when power is lost

Question 11

Secondary Storage

Answer 11

Nonvolatile storage that can store application or system code when system is not in use. Flash drives, USB sticks, tapes, etc

Question 12

Real memory

Answer 12

Storage location for a program in memory and direct access to peripheral device

Question 13

Virtual memory

Answer 13

Extends volume of primary memory storage; swapped in and out of primary when processing power is needed

Question 14

Random memory

Answer 14

Computer’s primary working and storage area; directly addressable by CPU and can store application or system code as well as data

Question 15

Sequential memory

Answer 15

Memory such as a magnetic tape

Question 16

Volatile memory

Answer 16

Any memory that loses all info upon power loss

Question 17

Closed system

Answer 17

Proprietary and limited in nature and options

Question 18

Open system

Answer 18

Guided by standards that allow new or nicer components to react inside the system under operational safeguards; allows user access to basically whole system

Question 19

Finite State machine

Answer 19

Machine “remembers” certain states that it can move between

Question 20

TCSEC

Answer 20

Prioritizes confidentiality, utilizes TCB of hardware and software; breaks down recommendations/requirements/TCB by divisions A, B, C, D

Question 21

TCSEC: Division D, Minimal Protection

Answer 21

Minimal protection: unrated, untested, or insufficient systems

Question 22

TCSEC: Division C, Discretionary Protection

Answer 22

Information owners get to dictate who gets to access the material

Question 23

TCSEC: Division C, C1

Answer 23

Discretionary Security Protection; for workgroups, etc. Prevents accidental reading or writing outside the discretioned group, but controlled by the people inside that group, not an outside entity

Question 24

TCSEC: Division C, C2

Answer 24

Controlled access protection; more thorough, requires individual logons and user logging to enforce accountability for access and changes, and has resource segmentation

Question 25

TCSEC: Division B: Mandatory Protection

Answer 25

TCB enforces a label system (such as classification markings). Requires reference monitor architecture

Question 26

TCSEC: Division B: B1

Answer 26

Labeled Security Protection; more informal policies, still contains labels, subjects and object in its operational make up. May not encompass every component of the system

Question 27

TCSEC: Division B: B2

Answer 27

Structured Protection: TCB is clearly defined and operates according to strict formal policy, and the entire system must operate according to those policies. Tested to ensure there are no unintended communications in the system

Question 28

TCSEC: Division B: B3

Answer 28

Security Domains: reference monitor MUST mediate all accesses of subjects to objects, resist tampering, be small enough to be testable and analyzed completely.

Question 29

TCSEC: Division A: Verified Design

Answer 29

Formal security verification methods to ensure processes are working correctly; requires extensive documentation to demonstrate proper process has been followed since the beginning to ensure the system is as resistant as possible

Question 30

TCSEC: Division A: A1

Answer 30

Architecture remains the same, but the assurances during planning and designing are more exhausting.

Question 31

Trusted Network Interpretation (TNI)

Answer 31

Takes the principles of TCSEC and renders it into networked environments

Question 32

Information Technology Security Evaluation Criteria (ITSEC)

Answer 32

European counterpart to TCSEC. Similar, but contains additional components such as system profiles and assurance and functionality classes

Question 33

Common Criteria

Answer 33

Unified security standard that brought all of the various expectations and requirements together and provided for international cross compatibility; became ISO International Standard 15408

Question 34

Bell Lapadula Model

Answer 34

Basis of TCSEC; it’s a formal policy that describes a set of access controls. This is the model that mediates access to classified material via matching clearance and classification. A confidentiality model that preserves principle of least privilege and defines access paths

Question 35

Biba Model

Answer 35

Integrity model that prevents users from making unallowed changes to data. Utilizes “read up-write down” to prevent lower quality or less controlled data from contaminating more secure data

Question 36

Target of Evaluation (TOE)

Answer 36

The device or system to be reviewed for CC certification.

Question 37

Protection Profile (PP)

Answer 37

Template used to define a standard set of security requirements for a particular class of related products. A protection profile serves as a reusable template of security requirements. Depending on the Target of Evaluation, multiple profiles may be used at once.

Question 38

Security Target (ST)

Answer 38

Explicitly stated set of requirements specific to the capabilities of the product under evaluation.

Question 39

Security Functional Requirements (SFRs)

Answer 39

Security requirements that refer to unique security functions provided by a product.

Question 40

Evaluation Assurance Levels (EAL)

Answer 40

Used to define the way the product is tested and how thoroughly. These levels are scaled from 1 to 7, with 7 being the highest level and 1 the lowest. A higher number does not necessarily mean that the product went through more rigorous testing.