Chapter 8: Principles of Security Models, Design, and Capabilities Flashcards

1
Q

the active entity that makes a request to access a resource

A

subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

the passive entity that the subject wants to access.

A

object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

the concept that if A trusts B and B trusts C, then A inherits trust of C through the transitive property

A

Transitive trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Systems designed to work well with a narrow range of other systems, generally all from the same manufacturer.

A

closed system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Systems designed using agreed-upon industry standards

A

Open systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

a defined set of interactions allowed between computing elements, such as applications, services, networking, firmware, and hardware

A

application programming interfaces (APIs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

process where a programmer codes in mechanisms to anticipate and defend against errors in order to avoid the termination of execution

A

exception handling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

to allow a system to continue to operate after a component fails

A

fail-soft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

when a failure occurs, the system, device, or product will revert to a state that protects the health and safety of people.

A

fail-safe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

If the priority is for maintaining availability, then when the product fails, the connection or communication is allowed to continue.

A

fail-open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

this concept is the encouragement to avoid overcomplicating the environment, organization, or product design

A

keep it simple, stupid (KISS principle)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Programmers should not add capabilities and functions until they are actually necessary, so rather than create it when you think of it, instead create it only when you actually need it.

A

“You Aren’t Gonna Need It” (YAGNI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The quality of software does not necessarily increase with an increase in capabilities and functions; there is often a worse software state (i.e., fewer functions), which is the better (i.e., preferred, maybe more secure) option.

A

“Worse Is Better” (aka New Jersey Style)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Use the least powerful programming language that is suitable for the needed solution.

A

Rule of Least Power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Crafting code so that it uses the least necessary hardware and software resources possible

A

Computing Minimalism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The idea of eliminating redundancy in software by not repeating the same code in multiple places, which would increase the difficulty if changes are needed.

A

“Don’t Repeat Yourself” (DRY)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

a security concept where nothing inside the organization is automatically trusted.

A

Zero trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

dividing up an internal network into numerous subzones. Each zone is separated from the others by internal segmentation firewalls (ISFWs), subnets, or VLANs

A

Microsegmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

a network security measure employed to ensure that a secure system is physically isolated from other systems

A

air gap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

a guideline to integrate privacy protections into products during the early design phase rather than attempting to tack it on at the end of development

A

Privacy by Design (PbD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

crafted to create a single set of universal and harmonized privacy principles

A

Global Privacy Standard (GPS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A more traditional security approach of trusting subjects and devices within the company’s security perimeter (i.e., internal entities) automatically

A

“trust, but verify”

23
Q

allows a process to read from and write to only certain memory locations and resources.

A

confinement

24
Q

limits set on the memory addresses and resources it can access

A

bounds

25
Q

ensures that any behavior will affect only the memory and resources associated with the isolated process

A

Process isolation

26
Q

allow subjects to access only authorized objects

A

Access controls

27
Q

all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment

A

trusted system

28
Q

the degree of confidence in satisfaction of security needs

A

Assurance

29
Q

provides a way for designers to map abstract statements into a security policy that prescribes the algorithms and data structures necessary to build hardware and software

A

security model

30
Q

the combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy

A

trusted computing base (TCB) design principle

31
Q

an imaginary boundary that separates the TCB from the rest of the system

A

security perimeter

32
Q

a channel established with strict standards to allow necessary communication to occur without exposing the TCB to security exploitations

A

trusted path

33
Q

The part of the TCB that validates access to every resource prior to granting access requests

A

reference monitor

34
Q

The collection of components in the TCB that work together to implement reference monitor functions

A

security kernel

35
Q

a system that is always secure no matter what state it is in

A

state machine model

36
Q

combines an external input with an internal machine state to model all kinds of complex systems, including parsers, decoders, and interpreters.

A

finite state machine (FSM)

37
Q

If each possible state transition results in another secure state, the system can be called a _______

A

secure state machine

38
Q

__________ model focuses on controlling the flow of information.

A

information flow

39
Q

_____________ is concerned with how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level.

A

noninterference model

40
Q

employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object.

A

take-grant model

41
Q

a table of subjects and objects that indicates the actions or functions that each subject can perform on each object

A

access control matrix

42
Q

a subject with any level of clearance can access resources at or below its clearance level

A

Bell–LaPadula model

43
Q

designed after the Bell–LaPadula model, but it focuses on integrity

A

Biba model

44
Q

the _____ model defines each data item and allows modifications through only a limited or controlled intermediary program or interface.

A

Clark–Wilson

45
Q

created to permit access controls to change dynamically based on a user’s previous activity

A

Brewer and Nash model

46
Q

predetermining the set or domain (i.e., a list) of objects that a subject can access.

A

Goguen–Meseguer model

47
Q

focuses on preventing interference in support of integrity. It is formally based on the state machine model and the information flow model. However, it does not directly indicate specific mechanisms for protection of integrity. Instead, the model is based on the idea of defining a set of system states, initial states, and state transitions.

A

Sutherland model

48
Q

focused on the secure creation and deletion of both subjects and objects.

A

Graham–Denning model

49
Q

focuses on the assignment of object access rights to subjects as well as the resilience of those assigned rights.

A

Harrison–Ruzzo–Ullman (HRU) model

50
Q

The ______ defines various levels of testing and confirmation of systems’ security capabilities, and the number of the level indicates what kind of testing and confirmation has been performed.

A

Common Criteria (CC)

51
Q

a worldwide standards-setting group of representatives from various national standards organizations. ____ defines standards for industrial and commercial equipment, software, protocols, and management, among others.

A

International Organization for Standardization (ISO)

52
Q

______ is used to prevent an active process from interacting with an area of memory that was not specifically assigned or allocated to it.

A

Memory protection

53
Q

The _____ is both a specification for a cryptoprocessor chip on a mainboard and the general name for implementation of the specification.

A

Trusted Platform Module (TPM)

54
Q

A _______ or _____ interface is implemented within an application to restrict what users can do or see based on their privileges. Users with full privileges have access to all the capabilities of the application. Users with restricted privileges have limited access.

A

constrained or restricted