Chapter 8: Principles of Security Models, Design, and Capabilities

Question 1

the active entity that makes a request to access a resource

Answer 1

subject

Question 2

the passive entity that the subject wants to access.

Answer 2

object

Question 3

the concept that if A trusts B and B trusts C, then A inherits trust of C through the transitive property

Answer 3

Transitive trust

Question 4

Systems designed to work well with a narrow range of other systems, generally all from the same manufacturer.

Answer 4

closed system

Question 5

Systems designed using agreed-upon industry standards

Answer 5

Open systems

Question 6

a defined set of interactions allowed between computing elements, such as applications, services, networking, firmware, and hardware

Answer 6

application programming interfaces (APIs)

Question 7

process where a programmer codes in mechanisms to anticipate and defend against errors in order to avoid the termination of execution

Answer 7

exception handling

Question 8

to allow a system to continue to operate after a component fails

Answer 8

fail-soft

Question 9

when a failure occurs, the system, device, or product will revert to a state that protects the health and safety of people.

Answer 9

fail-safe

Question 10

If the priority is for maintaining availability, then when the product fails, the connection or communication is allowed to continue.

Answer 10

fail-open

Question 11

this concept is the encouragement to avoid overcomplicating the environment, organization, or product design

Answer 11

keep it simple, stupid (KISS principle)

Question 12

Programmers should not add capabilities and functions until they are actually necessary, so rather than create it when you think of it, instead create it only when you actually need it.

Answer 12

“You Aren’t Gonna Need It” (YAGNI)

Question 13

The quality of software does not necessarily increase with an increase in capabilities and functions; there is often a worse software state (i.e., fewer functions), which is the better (i.e., preferred, maybe more secure) option.

Answer 13

“Worse Is Better” (aka New Jersey Style)

Question 14

Use the least powerful programming language that is suitable for the needed solution.

Answer 14

Rule of Least Power

Question 15

Crafting code so that it uses the least necessary hardware and software resources possible

Answer 15

Computing Minimalism

Question 16

The idea of eliminating redundancy in software by not repeating the same code in multiple places, which would increase the difficulty if changes are needed.

Answer 16

“Don’t Repeat Yourself” (DRY)

Question 17

a security concept where nothing inside the organization is automatically trusted.

Answer 17

Zero trust

Question 18

dividing up an internal network into numerous subzones. Each zone is separated from the others by internal segmentation firewalls (ISFWs), subnets, or VLANs

Answer 18

Microsegmentation

Question 19

a network security measure employed to ensure that a secure system is physically isolated from other systems

Answer 19

air gap

Question 20

a guideline to integrate privacy protections into products during the early design phase rather than attempting to tack it on at the end of development

Answer 20

Privacy by Design (PbD)

Question 21

crafted to create a single set of universal and harmonized privacy principles

Answer 21

Global Privacy Standard (GPS)

Question 22

A more traditional security approach of trusting subjects and devices within the company’s security perimeter (i.e., internal entities) automatically

Answer 22

“trust, but verify”

Question 23

allows a process to read from and write to only certain memory locations and resources.

Answer 23

confinement

Question 24

limits set on the memory addresses and resources it can access

Answer 24

bounds

Question 25

ensures that any behavior will affect only the memory and resources associated with the isolated process

Answer 25

Process isolation

Question 26

allow subjects to access only authorized objects

Answer 26

Access controls

Question 27

all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment

Answer 27

trusted system

Question 28

the degree of confidence in satisfaction of security needs

Answer 28

Assurance

Question 29

provides a way for designers to map abstract statements into a security policy that prescribes the algorithms and data structures necessary to build hardware and software

Answer 29

security model

Question 30

the combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy

Answer 30

trusted computing base (TCB) design principle

Question 31

an imaginary boundary that separates the TCB from the rest of the system

Answer 31

security perimeter

Question 32

a channel established with strict standards to allow necessary communication to occur without exposing the TCB to security exploitations

Answer 32

trusted path

Question 33

The part of the TCB that validates access to every resource prior to granting access requests

Answer 33

reference monitor

Question 34

The collection of components in the TCB that work together to implement reference monitor functions

Answer 34

security kernel

Question 35

a system that is always secure no matter what state it is in

Answer 35

state machine model

Question 36

combines an external input with an internal machine state to model all kinds of complex systems, including parsers, decoders, and interpreters.

Answer 36

finite state machine (FSM)

Question 37

If each possible state transition results in another secure state, the system can be called a _______

Answer 37

secure state machine

Question 38

__________ model focuses on controlling the flow of information.

Answer 38

information flow

Question 39

_____________ is concerned with how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level.

Answer 39

noninterference model

Question 40

employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object.

Answer 40

take-grant model

Question 41

a table of subjects and objects that indicates the actions or functions that each subject can perform on each object

Answer 41

access control matrix

Question 42

a subject with any level of clearance can access resources at or below its clearance level

Answer 42

Bell–LaPadula model

Question 43

designed after the Bell–LaPadula model, but it focuses on integrity

Answer 43

Biba model

Question 44

the _____ model defines each data item and allows modifications through only a limited or controlled intermediary program or interface.

Answer 44

Clark–Wilson

Question 45

created to permit access controls to change dynamically based on a user’s previous activity

Answer 45

Brewer and Nash model

Question 46

predetermining the set or domain (i.e., a list) of objects that a subject can access.

Answer 46

Goguen–Meseguer model

Question 47

focuses on preventing interference in support of integrity. It is formally based on the state machine model and the information flow model. However, it does not directly indicate specific mechanisms for protection of integrity. Instead, the model is based on the idea of defining a set of system states, initial states, and state transitions.

Answer 47

Sutherland model

Question 48

focused on the secure creation and deletion of both subjects and objects.

Answer 48

Graham–Denning model

Question 49

focuses on the assignment of object access rights to subjects as well as the resilience of those assigned rights.

Answer 49

Harrison–Ruzzo–Ullman (HRU) model

Question 50

The ______ defines various levels of testing and confirmation of systems’ security capabilities, and the number of the level indicates what kind of testing and confirmation has been performed.

Answer 50

Common Criteria (CC)

Question 51

a worldwide standards-setting group of representatives from various national standards organizations. ____ defines standards for industrial and commercial equipment, software, protocols, and management, among others.

Answer 51

International Organization for Standardization (ISO)

Question 52

______ is used to prevent an active process from interacting with an area of memory that was not specifically assigned or allocated to it.

Answer 52

Memory protection

Question 53

The _____ is both a specification for a cryptoprocessor chip on a mainboard and the general name for implementation of the specification.

Answer 53

Trusted Platform Module (TPM)

Question 54

A _______ or _____ interface is implemented within an application to restrict what users can do or see based on their privileges. Users with full privileges have access to all the capabilities of the application. Users with restricted privileges have limited access.

Answer 54

constrained or restricted