Chapters 1, 3, 4, 5 Flashcards
Takes place when one entity pretends to be a different entity
A Masquerade
Limit information system access to authorized users, processes acting on behalf of authorized
users, or devices (including other information systems) and to the types of transactions and functions that
authorized users are permitted to exercise.
Access Control
Means that every access must be checked against the
access control mechanism.
Complete mediation
Means that the design of a security mechanism should be open
rather than secret. For example, although encryption keys must be secret, encryption
algorithms should be open to public scrutiny.
Open Design
Can be viewed as a specific form of isolation based on object-oriented functionality.
Encapsulation
In the context of security refers both to the development of security
functions as separate, protected modules and to the use of a modular architecture
for mechanism design and implementation.
Modularity
Is a branching, hierarchical data structure that represents a set of potential techniques for exploiting security vulnerabilities
Attack Tree
In this type of attack, the attacker is able to intercept
communication between the UT and the IBS.
Injection of Commands
Deals with computer-related assets that are subject to a variety of threats and for which
various measures are taken to protect those assets.
Computer Security
In the nature of eavesdropping on, or monitoring of, transmissions.
The goal of the attacker is to obtain information that is being transmitted.
Passive Attacks
Involve some modification of the data stream or the creation
of a false stream and can be subdivided into four categories: replay, masquerade,
modification of messages, and denial of service.
Active Attacks
Four means of authenticating a user’s identity.
- Something the individual knows.
- Something the individual possesses.
- Something the individual is (static biometrics). [Retina, fingerprint]
- Something the individual does (dynamic biometrics). [voice pattern, typing rhythm]
How are hashed passwords are implemented?
The password and salt serve as inputs to a
hashing algorithm to produce a fixed-length hash code. The hash algorithm is
designed to be slow to execute in order to thwart attacks. The hashed password
is then stored, together with a plaintext copy of the salt, in the password file for
the corresponding user ID.
Biometric Enrollment, Verification and Identification
- Each individual who is to
be included in the database of authorized users must first be enrolled in the system. This is analogous to assigning a password to a user. - Verification is analogous to a user logging on
to a system by using a memory card or smart card coupled with a password or PIN. - The individual uses the biometric sensor but
presents no additional information. The system then compares the presented template
with the set of stored templates.
Challenge-Response Protocol
In this case, the computer system generates a challenge, such as a random string of numbers. The smart token generates a
response based on the challenge.
Controls access based on the identity
of the requestor and on access rules (authorizations) stating what requestors are (or are not) allowed to do.
Discretionary access control (DAC)
Controls access based on comparing
security labels (which indicate how sensitive or critical system resources are) with security clearances (which indicate system entities are eligible to access
certain resources).
Mandatory access control (MAC)
Controls access based on the roles that
users have within the system and on rules stating what accesses are allowed to
users in given roles.
Role-based access control (RBAC)
In the context of access control, this is an entity capable of accessing objects. Generally, the concept of
_____equates with that of process.
Subject
In the context of access control, is a resource to which access is controlled. In general, an _____
is an entity used to contain and/or receive information.
Object
Are roles such that a user can be assigned to only
one role in the set.
Mutually exclusive roles
Refers to setting a maximum number with respect to roles. One
such constraint is to set a maximum number of users that can be assigned to a given
role.
Cardinality
Which dictates that a user can only be assigned to a particular role if it is already assigned to some other
specified role.
Prerequisite Role
Which is a suite of programs for constructing and maintaining the database and for
offering ad hoc query facilities to multiple users and applications.
Define a database management system (DBMS)
Provides a uniform interface to the database for users and applications.
Query Language
In a ____________, the basic building block is a relation, which is a flat table. Rows are referred to as tuples, and columns are referred to as attributes.
Relational DB
Focuses on the requirements of “what” cloud services provide, not a “how to” design solution and implementation.
Cloud Computing Reference Architecture
