Chpt 8 Flashcards
What is the process called when the management of an organization formally recognizes a system?
Accreditation
What is the process called when a system passes the technical evaluation?
Certification
What is Confinement?
A restriction of a process to reading from and writing to certain memory locations.
What are bounds?
The limits of memory a process can it exceed when reading or writing.
What is isolation?
The mode a process runs in when it is confined through the use of memory bounds.
What is a subject?
The user or process that performs an action on an object.
What is an object?
The resource a user or process wants to access.
List the classes of TCSEC
- Verified protection
- Mandatory protection
- Discretionary protection
- Minimal protection
What does TCB stand for?
Trusted Computer Base
It is the combo of hardware, software and controls that form a trusted base that enforces a security policy.
What is a security perimeter?
The imaginary boundary that separates the TCB from the rest of the system. It can only be crossed using trusted paths.
What is a reference monitor?
The logical part of the TCB that confirms whether a subject has the right to access an object prior to granting access.
What is a closed system?
A system that uses largely proprietary or unpublished protocols and standards.
What is a simple property of BIBA?
No Read Down, but implies that it is acceptable to read up.
What models are built on state machine models?
Bell-LaPadula and BIBA
What is the best definition of a security model?
A security model provides a framework to implement a security policy.
