Chapter 8 Principles of Security Models, Design, and Capabilities Flashcards
The user or process that makes a request to access a resource is called a _____.
subject
The ____ is the resource a user or process wants to access.
object
______ is the concept that if A trusts B and B trusts C, then A inherits trust of C
Transitive trust
A ________ is designed to work well with a narrow range of other systems, generally all from the same manufacturer.
closed system
_______ allows a process to read from and write to only certain memory locations and resources.
Confinement
Bounds
Isolation
Controls
confinement
The ____ of a process consist of limits set on the memory addresses and resources it can access.
Confinement
Bounds
Isolation
Controls
bounds
______ ensures that any behavior will affect only the memory and resources associated with the isolated process
Confinement
Bounds
Isolation
Controls
isolation
A ___ uses access rules to limit the access of a subject to an object.
Confinement
Bounds
Isolation
Controls
control
type of attribute storage is called a _____, which is generally a permanent part of the object to which it’s attached.
Tokens
Capabilities
Labels
Labels
A ____ list
maintains a row of security attributes for each controlled object. Although not as fl exible as the token approach, capabilities lists generally offer quicker lookups when a subject requests access to an object.
Tokens
Capabilities
Labels
capabilities
A ___ can communicate security information about
an object prior to requesting access to the actual object
Tokens
Capabilities
Labels
token
A combination of
hardware, software, and controls that work together to form a trusted base to enforce
your security policy.
trusted computing base
A ________ is a channel established with
strict standards to allow necessary communication to occur without exposing the TCB to security vulnerabilities.
trusted path
________ stands between every subject and object, verifying that a requesting subject’s credentials
meet the object’s access requirements before any requests are allowed to proceed.
Reference Monitors
The collection of components in the TCB that work together to implement reference monitor functions
security kernel
The ____ is a concept or theory that is put into practice via the implementation of a security kernel in software
and hardware.
reference monitor
a system that is always secure no matter what state it is in.
state machine model
What is a secure state
machine .
each possible
state transition results in another secure state,
_____ is concerned with preventing information flow from a high security level to a low security level.
Bell-LaPadula
Biba
Bell-LaPadula
___ is concerned with preventing information fl ow from a low security level to a
high security level.
Bell-LaPadula
Biba
Biba
The _______ is concerned with how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level.
noninterference model
What type of model follows how information flows between systems rather than within an individual system.
composition theories
_____ theories because they explain how outputs from one system relate to inputs to another system.
composition
What type of composition theory is described here:
One system sends input to another system but also sends input to external
entities.
Cascading
Feedback
Hookup
Hookup
What type of composition theory is described here:
Input for one system comes from the output of another system.
Cascading
Feedback
Hookup
Cascading
What type of composition theory is described here:
One system provides input to another system, which reciprocates by reversing those roles (so that system A first provides input for system B and then
system B provides input to system A).
Cascading
Feedback
Hookup
Feedback
Which model employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object
Take-Grant Model
A table of subjects and objects that indicates the actions or functions
that each subject can perform on each object.
access control matrix
Each column of the matrix is an ________ list .
access control
capabilities
access control
Each row of the matrix is a ____ list .
access control
capabilities
capabilities
_______ model prevents the leaking or transfer of classified information to less secure clearance levels.
Bell-LaPadula
Biba
What Property states that a subject may not read information at a
higher sensitivity level (no read up).
star Security Simple Security Discretionary Security Simple Integrity star Integrity
Simple Security
What Property states that a subject cannot modify an object at a higher integrity level (no write-up).
star Security Simple Security Discretionary Security Simple Integrity star Integrity
star Integrity
What Property states that a subject cannot read an object at a lower integrity level (no read-down).
star Security Simple Security Discretionary Security Simple Integrity star Integrity
Simple Integrity
What Property states that a subject may not write information to an
object at a lower sensitivity level (no write down). This is also known as the Confinement Property.
star Security Simple Security Discretionary Security Simple Integrity star Integrity
star Security
What Property states that the system uses an access matrix to enforce discretionary access control.
star Security Simple Security Discretionary Security Simple Integrity star Integrity
Discretionary Security
Subjects do not have direct access to objects. Objects can be accessed
only through programs.
Clark-Wilson Model
A _________
uses classification-based restrictions to offer only subject-specific authorized information and functions.
restricted interface model
Which model is said to be the foundation of noninterference conceptual
theories.
Goguen-Meseguer Model
Chinese Wall
Brewer and Nash Model
which model is based on predetermining the set or domain—a list of
objects that a subject can access ?
Goguen-Meseguer Model
which model is focused on the secure creation and deletion of both subjects
and objects.
Graham-Denning Model
____ is the comprehensive
evaluation of the technical and nontechnical security features of an IT system and other safeguards made in support of the accreditation process to establish the
extent to which a particular design and implementation meets a set of specifi ed security
requirements.
Certification
______ is the formal declaration by the designated approving authority (DAA) that an IT system is approved to operate in a particular
security mode using a prescribed set of safeguards at an acceptable level of risk.
Accreditation
The standard for all other US government executive
branch departments, agencies, and their contractors and consultants is the ___________
Committee on
National Security Systems (CNSS) Policy (CNSSP)
The current DoD standard for the certification and accreditation of computing systems is ________.
Risk Management Framework
RMF
The standard for all non DOD US government executive branch departments, agencies, and their contractors and consultants is the ______
Committee on National Security Systems (CNSS) Policy (CNSSP)
four phases of Certification and Accreditation
Phase 1: Definition
Phase 2: Verification
Phase 3: Validation
Phase 4: Post Accreditation
What guides the entire certification and accreditation process ?
System Security Authorization Agreement (SSAA)
Which stage of the certification and accreditation process Includes further refi nement of the SSAA, certifi cation evaluation
of the integrated system, development of a recommendation to the DAA, and the DAA’s
accreditation decision
Definition
Verification
Validation
Post Accreditation
Validation
Which stage of the certification and accreditation process Involves the assignment of appropriate project personnel;
documentation of the mission need; and registration, negotiation, and creation of a
System Security Authorization Agreement (SSAA) that guides the entire certifi cation and
accreditation process
Definition
Verification
Validation
Post Accreditation
Definition
Which stage of the certification and accreditation process Includes maintenance of the SSAA, system operation, change management, and compliance validation ?
Definition
Verification
Validation
Post Accreditation
Post Accreditation
Which stage of the certification and accreditation process Includes refi nement of the SSAA, systems development activities,
and a certification analysis
Definition
Verification
Validation
Post Accreditation
Verification
used to prevent an active process from interacting with an area of memory that was not specifically assigned or allocated to it.
Memory Protection
used to host one or more operating systems within the memory of
a single host computer.
Virtualization
chip is
used to store and process cryptographic keys for the purposes of a hardware supported/implemented
hard drive encryption system.
Trusted Platform Module
A _____ interface is implemented within an application to restrict what
users can do or see based on their privileges.
constrained or restricted
The methods that are used to describe the necessary security attributes for an object are _____, ________ and __________
Tokens, Capabilities, and Labels
