Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CyberSecurity > Chapter 8 Principles of Security Models, Design, and Capabilities > Flashcards

Chapter 8 Principles of Security Models, Design, and Capabilities Flashcards

1
Q

The user or process that makes a request to access a resource is called a _____.

A

subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The ____ is the resource a user or process wants to access.

A

object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

______ is the concept that if A trusts B and B trusts C, then A inherits trust of C

A

Transitive trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A ________ is designed to work well with a narrow range of other systems, generally all from the same manufacturer.

A

closed system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

_______ allows a process to read from and write to only certain memory locations and resources.

Confinement
Bounds
Isolation
Controls

A

confinement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The ____ of a process consist of limits set on the memory addresses and resources it can access.

Confinement
Bounds
Isolation
Controls

A

bounds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

______ ensures that any behavior will affect only the memory and resources associated with the isolated process

Confinement
Bounds
Isolation
Controls

A

isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A ___ uses access rules to limit the access of a subject to an object.

Confinement
Bounds
Isolation
Controls

A

control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

type of attribute storage is called a _____, which is generally a permanent part of the object to which it’s attached.

Tokens
Capabilities
Labels

A

Labels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A ____ list
maintains a row of security attributes for each controlled object. Although not as fl exible as the token approach, capabilities lists generally offer quicker lookups when a subject requests access to an object.

Tokens
Capabilities
Labels

A

capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A ___ can communicate security information about
an object prior to requesting access to the actual object

Tokens
Capabilities
Labels

A

token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A combination of
hardware, software, and controls that work together to form a trusted base to enforce
your security policy.

A

trusted computing base

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A ________ is a channel established with

strict standards to allow necessary communication to occur without exposing the TCB to security vulnerabilities.

A

trusted path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

________ stands between every subject and object, verifying that a requesting subject’s credentials
meet the object’s access requirements before any requests are allowed to proceed.

A

Reference Monitors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The collection of components in the TCB that work together to implement reference monitor functions

A

security kernel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The ____ is a concept or theory that is put into practice via the implementation of a security kernel in software
and hardware.

A

reference monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

a system that is always secure no matter what state it is in.

A

state machine model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a secure state

machine .

A

each possible

state transition results in another secure state,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

_____ is concerned with preventing information flow from a high security level to a low security level.

Bell-LaPadula
Biba

A

Bell-LaPadula

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

___ is concerned with preventing information fl ow from a low security level to a
high security level.

Bell-LaPadula
Biba

A

Biba

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The _______ is concerned with how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level.

A

noninterference model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What type of model follows how information flows between systems rather than within an individual system.

A

composition theories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

_____ theories because they explain how outputs from one system relate to inputs to another system.

A

composition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What type of composition theory is described here:

One system sends input to another system but also sends input to external
entities.

Cascading
Feedback
Hookup

A

Hookup

25
Q

What type of composition theory is described here:

Input for one system comes from the output of another system.

Cascading
Feedback
Hookup

A

Cascading

26
Q

What type of composition theory is described here:

One system provides input to another system, which reciprocates by reversing those roles (so that system A first provides input for system B and then
system B provides input to system A).

Cascading
Feedback
Hookup

A

Feedback

27
Q

Which model employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object

A

Take-Grant Model

28
Q

A table of subjects and objects that indicates the actions or functions
that each subject can perform on each object.

A

access control matrix

29
Q

Each column of the matrix is an ________ list .

access control
capabilities

A

access control

30
Q

Each row of the matrix is a ____ list .

access control
capabilities

A

capabilities

31
Q

_______ model prevents the leaking or transfer of classified information to less secure clearance levels.

A

Bell-LaPadula

Biba

32
Q

What Property states that a subject may not read information at a
higher sensitivity level (no read up).

star Security  
Simple Security 
Discretionary Security
Simple Integrity
star Integrity
A

Simple Security

33
Q 
What Property states that a subject cannot modify an object at a higher
integrity level (no write-up).
star Security  
Simple Security 
Discretionary Security
Simple Integrity
star Integrity
A

star Integrity

34
Q 
What Property states that a subject cannot read an object at a lower
integrity level (no read-down).
star Security  
Simple Security 
Discretionary Security
Simple Integrity
star Integrity
A

Simple Integrity

35
Q

What Property states that a subject may not write information to an
object at a lower sensitivity level (no write down). This is also known as the Confinement Property.

star Security  
Simple Security 
Discretionary Security
Simple Integrity
star Integrity
A

star Security

36
Q

What Property states that the system uses an access matrix to enforce discretionary access control.

star Security  
Simple Security 
Discretionary Security
Simple Integrity
star Integrity
A

Discretionary Security

37
Q

Subjects do not have direct access to objects. Objects can be accessed
only through programs.

A

Clark-Wilson Model

38
Q

A _________

uses classification-based restrictions to offer only subject-specific authorized information and functions.

A

restricted interface model

39
Q

Which model is said to be the foundation of noninterference conceptual
theories.

A

Goguen-Meseguer Model

40
Q

Chinese Wall

A

Brewer and Nash Model

41
Q

which model is based on predetermining the set or domain—a list of
objects that a subject can access ?

A

Goguen-Meseguer Model

42
Q

which model is focused on the secure creation and deletion of both subjects
and objects.

A

Graham-Denning Model

43
Q

____ is the comprehensive
evaluation of the technical and nontechnical security features of an IT system and other safeguards made in support of the accreditation process to establish the
extent to which a particular design and implementation meets a set of specifi ed security
requirements.

A

Certification

44
Q

______ is the formal declaration by the designated approving authority (DAA) that an IT system is approved to operate in a particular
security mode using a prescribed set of safeguards at an acceptable level of risk.

A

Accreditation

45
Q

The standard for all other US government executive

branch departments, agencies, and their contractors and consultants is the ___________

A

Committee on

National Security Systems (CNSS) Policy (CNSSP)

46
Q

The current DoD standard for the certification and accreditation of computing systems is ________.

A

Risk Management Framework

RMF

47
Q

The standard for all non DOD US government executive branch departments, agencies, and their contractors and consultants is the ______

A

Committee on National Security Systems (CNSS) Policy (CNSSP)

48
Q

four phases of Certification and Accreditation

A

Phase 1: Definition
Phase 2: Verification
Phase 3: Validation
Phase 4: Post Accreditation

49
Q

What guides the entire certification and accreditation process ?

A

System Security Authorization Agreement (SSAA)

50
Q

Which stage of the certification and accreditation process Includes further refi nement of the SSAA, certifi cation evaluation
of the integrated system, development of a recommendation to the DAA, and the DAA’s
accreditation decision

Definition
Verification
Validation
Post Accreditation

A

Validation

51
Q

Which stage of the certification and accreditation process Involves the assignment of appropriate project personnel;
documentation of the mission need; and registration, negotiation, and creation of a
System Security Authorization Agreement (SSAA) that guides the entire certifi cation and
accreditation process

Definition
Verification
Validation
Post Accreditation

A

Definition

52
Q

Which stage of the certification and accreditation process Includes maintenance of the SSAA, system operation, change management, and compliance validation ?

Definition
Verification
Validation
Post Accreditation

A

Post Accreditation

53
Q

Which stage of the certification and accreditation process Includes refi nement of the SSAA, systems development activities,
and a certification analysis

Definition
Verification
Validation
Post Accreditation

A

Verification

54
Q

used to prevent an active process from interacting with an area of memory that was not specifically assigned or allocated to it.

A

Memory Protection

55
Q

used to host one or more operating systems within the memory of
a single host computer.

A

Virtualization

56
Q

chip is
used to store and process cryptographic keys for the purposes of a hardware supported/implemented
hard drive encryption system.

A

Trusted Platform Module

57
Q

A _____ interface is implemented within an application to restrict what
users can do or see based on their privileges.

A

constrained or restricted

58
Q

The methods that are used to describe the necessary security attributes for an object are _____, ________ and __________

A

Tokens, Capabilities, and Labels

CyberSecurity (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions