Chapter 8 - Design

Question 1

Confinement

Answer 1

• Process to restrict actions of a program.
• Process can read and write to only certain memory locations and resources.
• AKA sandboxing
Can be done in OS or application (VMWare)

Question 2

Bounds

Answer 2

• Limits set on memory addresses and resources a process can access
• Usually segment logical areas of memory for each process to use
Physical bounds require each bounded process to run in an area of memory that is physically separated from other bounded processes

Question 3

Isolation

Answer 3

• When a process is confined through enforcing access bounds
• Used to protect the operating environment, kernel of OS, and other independent apps.
Prevents apps from accessing the memory or resources of other apps.

Question 4

Access Control Triple

Answer 4

subject/object/program

Question 5

Goguen-Meseguer

Answer 5

• Integrity model
• Foundation of noninterference conceptual theories
• Based on predetermining the set or domain - a list of objects that a subject can access
Members of one domain can’t interfere with members of another

Question 6

Sutherland

Answer 6

• Integrity model
• Focuses on preventing interference in support of integrity
• Does not directly indicate specific mechanisms for protection of integrity
• Based on idea of defining set of system states, initial states, and state transitions
Common example: prevent a covert channel from being used to influence the outcome of a process or activity

Question 7

Graham-Denning

Answer 7

• Focused on secure creation and deletion
	• 8 primary protection rules:
		○ Create object
		○ Create subject
		○ Delete object
		○ Delete subject
		○ Provide read access
		○ Provide grant access
		○ Provide delete access
Provide transfer access

Question 8

Rainbow Series

Answer 8

Level Label	Requirements
D	Minimal protection
C1	Discretionary protection
C2	Controlled access protection
B1	Labeled security
B2	Structured protection
B3	Security domains
A1	Verified protection

Question 9

TCSEC, ITSEC, CC

Answer 9

TCSEC ITSEC CC description
D F-D+E0 EAL0,EAL1 Minimal/no protection
C1 F-C1+E1 EAL2 Discretionary security mechanisms
C2 F-C2+E2 EAL3 Controlled access protection
B1 F-B1+E3 EAL4 Labeled security protection
B2 F-B2+E4 EAL5 Structured security protection
B3 F-B3+E5 EAL6 Security domains
A1 F-B3+E6 EAL7 Verified security design

Question 10

Common Criteria Structure

Answer 10

○ Part 1 - intro and general model - describes the general concepts and underlying model used to eval IT security. Intro and explanatory material.
○ Part 2 - Security Functional Requirements
○ Part 3 - Security Assurance - assurance requirements for TOEs in areas of config mgmt, delivery and operation, dev, guidance docs, and life-cycle support plus assurance tests and vuln assessments.

Question 11

Common Criteria Elements

Answer 11

○ Protection profiles - specify for a product to be evaluated the security requirements and protections (security desires)
○ Security targets - specify claims of security from vendor that are built into TOE (implemented security measures)
§ Package - intermediate grouping of security requirement components that can be added or removed from a TOE.