Chapter 8: Principles of Security Models, Design, and Capabilities Flashcards
the active entity that makes a request to access a resource
subject
the passive entity that the subject wants to access.
object
the concept that if A trusts B and B trusts C, then A inherits trust of C through the transitive property
Transitive trust
Systems designed to work well with a narrow range of other systems, generally all from the same manufacturer.
closed system
Systems designed using agreed-upon industry standards
Open systems
a defined set of interactions allowed between computing elements, such as applications, services, networking, firmware, and hardware
application programming interfaces (APIs)
process where a programmer codes in mechanisms to anticipate and defend against errors in order to avoid the termination of execution
exception handling
to allow a system to continue to operate after a component fails
fail-soft
when a failure occurs, the system, device, or product will revert to a state that protects the health and safety of people.
fail-safe
If the priority is for maintaining availability, then when the product fails, the connection or communication is allowed to continue.
fail-open
this concept is the encouragement to avoid overcomplicating the environment, organization, or product design
keep it simple, stupid (KISS principle)
Programmers should not add capabilities and functions until they are actually necessary, so rather than create it when you think of it, instead create it only when you actually need it.
“You Aren’t Gonna Need It” (YAGNI)
The quality of software does not necessarily increase with an increase in capabilities and functions; there is often a worse software state (i.e., fewer functions), which is the better (i.e., preferred, maybe more secure) option.
“Worse Is Better” (aka New Jersey Style)
Use the least powerful programming language that is suitable for the needed solution.
Rule of Least Power
Crafting code so that it uses the least necessary hardware and software resources possible
Computing Minimalism
The idea of eliminating redundancy in software by not repeating the same code in multiple places, which would increase the difficulty if changes are needed.
“Don’t Repeat Yourself” (DRY)
a security concept where nothing inside the organization is automatically trusted.
Zero trust
dividing up an internal network into numerous subzones. Each zone is separated from the others by internal segmentation firewalls (ISFWs), subnets, or VLANs
Microsegmentation
a network security measure employed to ensure that a secure system is physically isolated from other systems
air gap
a guideline to integrate privacy protections into products during the early design phase rather than attempting to tack it on at the end of development
Privacy by Design (PbD)
crafted to create a single set of universal and harmonized privacy principles
Global Privacy Standard (GPS)
A more traditional security approach of trusting subjects and devices within the company’s security perimeter (i.e., internal entities) automatically
“trust, but verify”
allows a process to read from and write to only certain memory locations and resources.
confinement
limits set on the memory addresses and resources it can access
bounds
