Design of protection mechanisms

Question 1

Access

Answer 1

The ability to make use of information stored in a computer system. Used frequently as a verb, to the horror of grammarians.

Question 2

authenticate

Answer 2

To verify the identity of a person (or other entities external to the protection system) making a request.

Question 3

authorize

Answer 3

To grant a principle access to certain information.

Question 4

capability

Answer 4

In a computer system, an unforgeable ticket, which when presented can be taken as incontestable proof that the presenter is authorized to have access to the object named in the ticket.

Question 5

certify

Answer 5

To check the accuracy, correctness, and completeness of a security or protection mechanism.

Question 6

What is Complete Isolation?

Answer 6

A protection system that seperates principles into compartments between which no flow of information or control is possible.

Question 7

What is Confinement?

Answer 7

Allowing a borrowed program to have access to data, while ensuring the program cannot release information.

Question 8

descriptor

Answer 8

a protected value which is (or leads to) the physical address of some prtotected object.

Question 9

Discretionary

Answer 9

In contrast with non discrestionary, controls on access to an object that may be changed by the creator of the object.

Question 10

Domain

Answer 10

The set of objects that may be directly accessed by a principle.

Question 11

Encipherment

Answer 11

the usually reversible scaling of data according to a secret transformation key, so as to make it safe for transmission or storage in a physically unprotected environment.

Question 12

What does it mean to Grant?

Answer 12

to grant is to authorize.

Question 13

Hierarchical Control

Answer 13

Referring to ability to change authorization, a scheme in which the record of each authorization is controlled by another authorization, resulting in a hierarchicical tree of authorizations.

Question 14

List Oriented

Answer 14

Used to describe a protection system in which each protected object has a list of authorized principals.

Question 15

Password

Answer 15

A Secret character string used to authenticate the claimed identity of an individual.

Question 16

permission

Answer 16

A particular form of allowed access, e.g, permission to READ as contrasted with permission to write.

Question 17

What is a prescript?

Answer 17

A prescript is a particular rule that must be followed before access to an object is permitted, thereby intoducing an opportunity for human judgement about the need for access, so that abuse of the access is discouraged.

Question 18

Principal

Answer 18

The entity in a computer system to which authorizations are granted; thus the unit of accountability in a computer system.

Question 19

privacy

Answer 19

The ability of an individual or organizations to decide whether, when and to whom personal or organizational information is released.

Question 20

Propagation

Answer 20

When a principal, having been authorized access to some object in turn authorized access to another principal.

Question 21

Protected Object

Answer 21

A Data structure whose existence is know, but whose internal organization is not accessible, except by invoking the protected subsystem(q.v.) that manages it.

Question 22

Protected Subsystem.

Answer 22

A collection of procedures and data objects that is encapsulated in a domain of its own so that the internal structure of a Data object is accessible only to the procedures of the protected subsystem and the procedures may be called only at the designated domain entry points.

Question 23

protection

Answer 23

1) security (q.v.)
2) Used more narrowly to denote mechanisms and techniques that control the access of executing programs to stored information.

Question 24

Revoke

Answer 24

To take away previously authorized access from some principal.

Question 25

With respect to information processing systems, what is security?

Answer 25

mechanisms and techniques to control who may use or modify the computer or the information stored on it

Question 26

self control

Answer 26

Referring to ability to change authorization, a scheme in which each authorization contains within it the specification of which principals may change it.

Question 27

Ticket oriented

Answer 27

Used to describe a protection system in which each principal maintains a list of unforgeable bit patterns, called tickets, one for each object the principal is authorized to have access.

Question 28

User

Answer 28

Used imprecisely to refer to the individual who is accountable for some identifiable set of activities in a computer system.