Chapter 8- Security Models, Design and Capabilities Flashcards

1
Q

Controlling access to a resource in a secure system involves 2 entities name and explain them

A
  1. Subject: is a user or process that makes a request to access a resource.
  2. Object: this is the resource a user or process wants to access.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Systems are built and designed according to 2 philosophies, explain them

A
  1. Open system: this are designed using agreed industry standards. They are easier to integrate with systems that adopt the same standards.
  2. Closed systems are designed to work with a narrow range of systems and are harder to integrate unlike other systems. It is harder to attack closed systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Open Source vs Closed Source

A

In open source, the source code and other internal logic is available to the public.

Closed source: the internal logic and source code is hidden from the public. This depends on the programmer to revise the product over time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Confinement

A

Confinement allows a process to read from and write to certain memory locations and resources. This is also known as sandboxing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain Bounds

A

Each process that runs on a system is assigned an authority level.

Simple Systems:
In simple systems there are 2 authority levels (i.e. user and kernel.

Bounds of a process sets a limit on the memory addresses and resources it can access. It states the area in which a process is confined or contained.

There are 2 types of bounds:
Physical bounds: require each bounds to run in an area of memory that is physically separated from other bounded processes.
Logical bounds: it is the job of the o/s to enforce logical bounds and disallow access to other processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Isolation

A

Isolation occurs when a process is confined through enforcing access bounds, that process runs in isolation.

it is used to protect the operating environment, the kernel of the operating systems and other independent applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

List the 3 concepts that make it possible to implement secure systems

A

Confinement, Isolation and bounds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain MAC

A

Mandatory Access Control: static attributes of the subject and object are considered to determine the permissibility of the access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explain DAC

A

Discretionary Access Control: subject have ability to define access to objects. Access Control List serves as dynamic access rulesets that the subject can modify.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what is the primary goal of controls

A

Controls are used to ensure the confidentiality and integrity of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define Trusted Systems

A

Trusted Systems is one in which protection mechanisms work together to process sensitive data for many types of users while maintaining a stable secure computing environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define Assurance

A

Assurance is the degree of confidence and satisfaction of the security needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define Security Model

A

Security Model provides a way for designers to map abstract statements into a security policy that prescribes the algorithm and data structures necessary to build hardware and software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define Capability list

A

Capability List maintains a row of security attributes for each controlled object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define Trusted Computing Base

A

Trusted Computing Base (TCB) is a combination of hardware, software and controls that work together to form a trusted base to enforce your security policy.

TCB is the only portion of that system that can be trusted to enforce your security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe Security Perimeter

A

Security Perimeter is the imaginary boundary that separates the the TCB from the rest of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Explain Reference Monitor

A

Part of the TCB that validates access to every resource prior to granting access is called the reference monitor. It stands between the every subject and object.

It is the access control monitor for TCB. It enforces access control or authorization based on the security model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Define State machine model

A

State machine model is always secure regardless of the state it is in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Define Finite State Machine

A

Finite State Machine (FSM) combines an external input with an internal machine state to model all kinds of complex systems including parsers, decoders and interpreters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Define a state

A

State is the snapshot of machine at any specific moment in time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Define secure state machine

A

Secure state machine always boots to a secure state and maintains a secure state across all transitions. It allows subjects to access resources in a secure manner compliant with security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Explain Information flow models

A

This focuses on the flow of information. They are based on state machine models. e.g. Bell-LaPadula model and and Biba.

They are used to prevent the unauthorized, insecure and restricted information flow often between different levels of security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Explain noninterference model

A

Noninterference model is based on information flow model. It is concerned on how the actions of a subject on a higher security level may affect the system state or actions of a lower security level.

24
Q

There are 3 recognized composition theories

A

Cascading, Feedback and Hookup.

  1. Cascading: input for one comes from the output from another system.
  2. Feedback: one system provides input to another system.
  3. Hookup: one system sends input to another system but also sends input to other systems.
25
Q

Explain Take-Grant Model

A

Take rule: allows a subject to take rights over an object.
Grant rule: allows a subject to grant rights to an object.
Create rule: allows a subject to create new rights
Remove rule: allows a subject to remove rights it has

26
Q

Describe Bell-LaPadula

A

Bell-LaPadula are in place to protect data confidentiality.

No read up no write down. A subject cannot read an object classified higher than the subject is cleared for.

But a trusted subject is not

27
Q

Describe Biba Model

A

Biba ensure data integrity.
Biba was designed to address 3 integrity issues and they are:
Prevent modification of objects by unauthorized subjects
Prevent unauthorized modification of objects by authorized subjects.
Protect internal and external object consistency.

28
Q

Biba model focuses on

A

Integrity

29
Q

Bell-LaPadula model focuses on

A

Confidentiality

30
Q

Explain Clark Wilson Model

A

Clark Wilson Model focuses on integrity of data. It uses the Subject/Program/Object known as the control triple.

It uses 2 principles: well formed transactions and separation of duties. It defines the following:

Constrained Data Item (CDI): any item whose integrity is protected by the security model.
Unconstrained Data Item(UDI): any data item that is not controlled by the security model.
Integrity Verification Procedure (IVP): scans items and confirms their integrity.
Transformation Procedures: the only procedures that are allowed to modify CDI.

31
Q

How does Clark Wilson grant access to objects

A

Clark Wilson grants access to objects through transformation procedures and a restricted model interface.

32
Q

Define restricted model interface

A

Restricted Model Interface:

This uses classification based restrictions to offer only subject specific authorized information and functions

33
Q

Explain Brewer and Nash Model

A

Brewer and Nash Model was created to permit access controls to change dynamically based on user’s previous activity.

The model applies to a single integrated database.

34
Q

Explain Goguen-Meseguer Model

A

Goguen-Meseguer: This is an integrity model. It forms the basis on noninterference conceptual theories. It determines the set or domain i.e. the list of objects that a subject can access.

35
Q

Describe TCSEC

A

Trusted Computer System Evaluation Criteria was designed to be used when evaluating vendor products and vendors to ensure that they all build the necessary functionality and secure assurance into products.

TCSEC defines the following categories:

A Verified Protection
B Mandatory Protection
C Discretionary Protection
D Minimal Protection

36
Q

Discuss Discretionary Protection

A

Discretionary Protection Systems provide basic access control.
Discretionary Security Protection (C1): it controls access by user IDs or groups.
Controlled Access Protection (C2): users must be identified individually to gain access to objects. It must also enforce media cleansing.

37
Q

Discuss Mandatory Protection

A

Mandatory Protection (B1,B2,B3)

This is based of Bell-LaPadula model (confidentiality). Mandatory Access is based on security labels.

Labeled Security (B1): each subject and object have a security label. This helps permission compatibility.
Structured Protection (B2):In addition to B1, B2 must ensure that no covert channels exists. Operator and Administrator functions are separated and process isolation is maintained

Security Domain (B3): it provides more functionality by further increasing isolation of unrelated processes. it shifts to simplicity to reduce vulnerabilities.

38
Q

Describe Verified Protection (A1)

A

This is the highest level of protection. It is similar to B3 but the difference is in the development cycle. Each phase in the design is documented, evaluated and verified before the next steps are taken.

39
Q

Explain Common Criteria

A

Common Criteria defines the various levels of testing and confirmation of systems security capabilities.

Protection Profiles: specify the product to be evaluated.

Security Targets: claims of security from the targets that are built into the Target of Evaluation (TOE).

40
Q

Explain Common Criteria Assurance Levels

A

EAL 1: Functionally tested- this is sought when some assurance in accurate operations is necessary but threat to security are not seen as serious
EAL 2: Structurally Tested: this is sought when users or developers need low to moderate level of independently guaranteed security.
EAL 3: Methodically Tested and checked: this is sought when there is need for a moderate level of independently ensured security.
EAL 4: Methodically Designed tested and verified: this is sought when developers or users require moderate to high level of independently ensured security.
EAL 5: Semiformally designed and tested: this is sought when the requirement is for high level independently ensured security.
EAL 6: Semiformally verified, designed and tested: this is sought when developing specialized TOEs for high risk situations.
EAL 7: Formally Verified designed and tested: this is sought when developing a security TOE for applications in extremely high risk situations.

41
Q

Define Subject

A

Subject is a person or process that makes a request to access a resource. Access can mean reading from or writing to a resource.

42
Q

Define Object

A

Object: this is the resource that a user or process wants to access.

43
Q

Confinement can be implemented through

A
  1. operating system itself
  2. Confinement application or service
  3. Virtualization
  4. Hypervisor solution.
44
Q

What do you understand by bounds

A
  1. Set limit on memory addresses and resources it can access
  2. Segments logical areas of memory for process to use

Physical bounds Logical Bounds
Physically separated Logically bounded in memory space
Expensive Cheaper
More secure Less secure

45
Q

PCI DSS Acronym means

A

Payment Card Industry Data Security Standard.

46
Q

Explain the 2 evaluation phases

A

The 2 phases of evaluation are: certification and evaluation.

Evaluation is used to assess how well a system measures up to the desired level of security.

Certification: is the first phase in the total evaluation process. This is the comprehensive evaluation of the technical and nontechnical security features of an IT systems. This includes testing the system’s hardware, software and configuration.
Management review the certification information and decides whether the system satisfies the security needs of the organization.

Certification is internal.

Accreditation: this is the formal declaration by the designated approving authority (DAA) that an IT system is approved to operate in a particular mode using prescribed set of safeguards at an acceptable level of risk. This is conducted by third parties or external bodies.
They are divided into 4 phases: Definition, Verification, validation and Post Accreditation

47
Q

Describe Virtualization

A

Virtualization is used to host one or more operating systems within the memory of a single host computer.

48
Q

Advantages of virtualization

A
  1. real time scalability

2. ability to launch several individual instances of server or services.

49
Q

Define TPM

A

Trusted Platform Module is both the specification for the crypto-processor chip on a mainboard and the general name for implementation of the specification

50
Q

Define HSM

A

Hardware Security Module is the crypto-processor used to manage or store digital encryption keys, accelerate crypto operations, support faster digital signatures and improve authentication.

  1. It is often an add on adapter or peripheral or can be a Transmission Control Protocol / Internet Protocol (TCP/IP)
  2. It includes Tamper Protection to prevent the use of physical access.
51
Q

Explain Constrained or restricted interface

A

This is implemented within the interface to restrict what the user can see or do based on their privileges i.e. disabled or dimmed command.

52
Q

Describe Fault tolerance

A

Fault tolerance is the ability of a system to suffer fault but continue to operate. This is achieved by the addition of redundant components e.g. Redundant Array of Inexpensive Disks (RAID)

53
Q

a

A

a

54
Q

b

A

b

55
Q

c

A

c

56
Q

d

A

d

57
Q

e

A

e