Domain 3 Flashcards
____ have the concept of the user owns the file. E.g., windows, you own the file, you own the spreadsheet. When you own it, you can change permissions of the file and of the data (send it to someone, etc.)
Discretionary access control (DAC)
____ is a system enforced access control based on a subjects clearance and an objects labels. Users of files cannot change attributes of the files
Mandatory access control (MAC)
Subjects (person) have clearances and objects (file or piece of paper) have labels such as secret, top secret, etc.
Subjects cannot share objects with other subjects who lack proper clearance, or “write down” objects to lower classification level
Rule read down and write up only; no read-up
An example of MAC is Bell-La-Padula
This is expensive and difficult to implement
Focused on CONFIDENTIALITY
The modes of operation (types of subjects and objects) contained in a MAC system are:
Total of 4 modes that should consider least privilege and need to know:
1) Dedicated - system contains objects of one classification label only (e.g., secret only). All subjects must possess clearance equal to or greater than the label of the objects
2) System High - system contains objects of mixed labels (e.g., confidential and secret). All subjects must possess clearance equal to the systems highest object label.
3) Compartmented - Objects are placed into “compartments” and require a formal need to know to access (which is system enforced). All subjects have the necessary clearance and a need to know for certain information only.
4) Multilevel - stores objects of differing sensitivity labels and allows system access by subjects with differing clearances.
Bell-La-Padula (BLP) is:
A security model that is a mandatory access control and focuses on CONFIDENTIALITY and does NOT address integrity
Data flows UP
- Simple security property: no read up
Star - Property (star property): no write down
- Strong * Property (strong star property) - no read down and no write up - stuck in the middle
BIBA is:
A security model that is focused on INTEGRITY
- Simple integrity property - user cannot read data to a lower integrity level
- Integrity star property - a user cannot write data of a higher integrity level
Rules with the word integrity is related to BIBA
Data flows down from most trusted to less trusted
A lattice model is:
A model that requires that every subject and every object be labeled with one of a number of security designations. Access is granted based on the comparison of those labels; a user of a certain designation can only access resources of the same designation or lower.
Lattices allow further granularity in granting access, allowing technical enforcement of compartments.
Lattice deals with confidentiality
Clark-Wilson model is:
A security model that deals with integrity and is the “real world” application of BIBA
Authorized users cannot make unauthorized changes and unauthorized users cannot make changes.
Ensures both internal and external consistency (which means you have integrity internal (database) and external (physical count) - database number matches reality)
Does all this through
1) well-formed transactions - think about all the steps that are logged when you order an ipad (order is logged, ipad is scanned, shipping label is created, etc.)
2) separation of duties.
You must access objects via programs. These programs have specific limitations which limits the capabilities of the subject.
TIP - the hyphen in clark-wilson reminds us of separation of duties
State Machine is:
A mathematical security model. Like a lattice - different but its math. Enumerate all the states of the system (top secret, confidential, etc.). Verify no read-up is always true. Simulate every action a user can take on a system and all the states and afterwards check if anyone ever read up. If we enumerate all the states, and secret never read up, the system is secure.
A research model is:
Used to research the best security posture possible for automated information systems.
Noninterference: you cannot infer something is going on in the system. high level actions do not determine low level user visibility. Think the pentagon pizza story
Information flow: similar to BLP, objects are labeled based on security classes in the form of a lattice. Information objects represented can flow in either direction
Chinese wall model (aka Brewer Nash) is:
Made to deal with conflict of interest. No information flow is allowed that could cause information leakage that could lead to a conflict of interest
COI (conflict of interest) groups is the answer on the exam - conflict of interest-
____ consists of the security-relevant parts of a system that include: access control mechanism, reference monitor, the kernel and protective mechanisms.
Trusted Computing Base (TCB)
For terms of analysis, assume that the components are properly implemented and secure. Assume the TCB is secure
The ____ mediates subjects access to objects and is responsible for enforcement of system security policies
Reference monitor
This is always enabled and cannot be bypassed.
Runs in ring 0
must ensure it is doing its job
Domain / Object domain in the context of security models is:
A set of objects that have the same security requirements (e.g., top secret, kernel, ring 0, confidential, etc.).
Ways to separate domains can be through:
- Execution rings
- Base address registers
- Segmentation descriptors
What are three security evaluation models
1) Orange Book (Trusted computer security evaluation criteria - TCSEC)
2) ITSEC (international attempt)
3) The common criteria and ISO 27002
What are the main components of the Trusted Computer Security Evaluation Criteria (TCSEC) Orange Book?
This is part of the rainbow series and it covers operating systems, applications and computer related products which are classified into one of four categories / classes to describe their key principles which are 1) functionality (how well it operates), 2) effectiveness (how secure is it) and 3) assurance (can we verify and prove its secure).
The classes are:
A - Verified Protection (everything B is and more - MAC+)
B - Mandatory Protection (MAC)
C - Discretionary Protection (DAC systems)
D - Minimal Protection ( this is nothing - laptop in front of you)
Maybe 1-2 questions in the exam but focus on ABCD and then common criteria instead
ITSEC is:
First international attempt at a similar function as the orange book.
Target of evaluation - system you are evaluating
Functionality - how well is the system operating
Effectiveness - how secure is it
Dont spend too much time on this for the exam - focus on common criteria
F1 - F10:
- F1 is least assurance level and F10 is the most - can play the high low game on the exam. 10 is the best, 1 is the lowest
Assurance Levels:
- F1 - F5 = mirror functionality of the orange book
- F6 - high integrity requirements
- F7 - high availability
- F8 - high integrity for communication
- F9 - high confidentiality
- F10 - high confidentiality and integrity for data networks
The common criteria is:
A security evaluation model that is created by ISO and an international attempt. It has 7 evaluation assurance levels (EAL) that go lowest to highest)
EAL 1 - functionally tested
EAL 2 - structurally tested
EAL 3 - methodically tested and checked
EAL 4 - methodically tested and checked
EAL 5 - semi-formally designed and tested
EAL 6 - Semi-formally verified, designed and tested
EAL 7 - Formally verified, designed and tested
Terms:
- Target of evaluation - TOE - the system or product that is being evaluated
- Security Target - ST - the documentation describing the TOE, including the security requirements and operational environment
- Protection profile (PP) - an independent set of security requirements and objectives for a specific category of products or systems (firewalls, IDS)
- Evaluation assurance level - evaluation score of the tested product or system
The computer bus links which devices
CPU, RAM and disk with the network, DVD, keyboard/mouse and display
___ is the brains of the computer and contains specialized regions that perform different functions. It is composed of at least two parts:
the CPU which is composed of at least 2 parts:
1) The control unit - coordinates system activities during execution of code. manages the flow of execution in a program and decides which instructions to process next, fetching them from memory, executing them and storing the results. During execution, the control unit call supon the ALU
2) the arithmetic log unit (ALU) - data transfer operations, arithmetic operations, data editing and decision making. performs whatever arithmetic and logical operations the program calls for - crunches numbers and adds
Registers - primary storage memory unit - stores instructions and data for current programs in use - holds data
The fetch-decode-execute cycle is:
Sometimes known as the fetch and execute cycle but is three phases - fetch, decode and execute.
Fetch decode without pipeline and with pipeline
- fetch = get the instruction (add these two numbers)
- decode = I understand the instruction - what you want me to do (ok I know what you want and I will add the two numbers
- execute = do the instruction (add the two numbers)
- store = save in register after execution and move on (get the result of the two added numbers) - considered part of the execution phase
pipeline loads something up and does multiple things at the same time - it becomes 4x faster
pipeline is CPU and is a hardware thing
What are the 2 basic types of instruction sets (CPU design):
An instruction set is a set of low-level instructions a CPU knows how to execute.
1) Complex-instruction-set-computer (CISC) - performs many operations per instruction and a wide variety of instructions - offers programmers a lot of flexibility with relatively little effort - X86
- this is one longer command
- most laptops and desktops are CISC
2) Reduced-instruction-set-computer (RISC) - simpler instructions using fewer cycles - pare things down to their basics and concentrate on making a small instruction set as efficient as possible. This boosts performance, but places more burden on the programmer. - ARM
- this is multiple commands
- most cell phones are RISC
Interrupt - stop the CPU from doing what it inteded to do and interrupt CPU execution
1) ____ executes multiple tasks concurrently on ONE CPU and is also a heavy weight process (HWP)
2) ____ allows multiple threads concurrently on on CPU and is also a light weight process (LWP)
3) ____ executes multiple tasks concurrently on multiple CPUs
1) Multi-tasking: can process more than one user program at the same time on one CPU. A task is a heavy weight process where each process has its own copy of memory. all load their own copy of something. Processes do not share anything
2) Multithreading: light weight process where each thread uses shared memory for shared libraries (save RAM) - you point to a shared process. threads share RAM and memory
3) Multiprocessing: the computer has more than one CPU and it can execute instructions in parallel
- — Symmetrical multiprocessing system - they support more than on processor and CPUs share the processing of system processes equally
- — Asymmetrical Multiprocessing systems - one processor will take care of the system processes and other processors will run the applications
Memory protection techniques:
1) ____ Prevents one process from affecting the confidentiality, integrity, or availability of another
2) ____ randomizes addresses used by programs, which makes jumping code injected via buffer overflows more difficult
3) ____ marks pages of the stack non-executable
1) Process isolation and is a memory protection technique - I cannot read you memory
2) Address space Layout Randomization (ASLR): random addresses used by program. previously, memory locations were highly predictable, allowing an attacker to predict where their injected shellcode would be placed in memory and allowing them to jump it and execute.
3) Non eXecutable stack: e.g., Linux NX, Microsoft data execution prevention (DEP) - you can write but you cannot execute - its an XOR - or you can execute but you cannot write
What is virtual memory?
Virtual memory is a set of memory addresses managed by the OS that doesn’t correspond directly to physical memory. To the CPU, virtual memory looks like physical memory. It can hold both programs and data, but gives the OS the choice of where to store the data.
Virtual memory maps the virtual address space into the chosen physical address space. When the system needs to access a memory address, the OS can translate the virtual address into a physical one and fetch the data from the correct location. Because virtual memory hides the actual storage location from the hardware, the OS is free to store the data wherever it likes, including a mass storage device, such as a hard drive. This lets the system address a larger amount of memory than it actually contains. The OS uses the main memory as a cache to hold the most recently or most frequently accessed data, whereas the rest of the data is stored on the hard drive or the disk.
threads also use virtual addresses
What is Paging and Page Fault?
Paging occurs when the OS copies virtual memory from disk to main memory or vice-versa.
Page fault is an exception that results in paging - it is when the process realizes the data is in disk and needs to be called to main memory to be used which prompts paging - e.g., you dont use a word document for a while. when you go to open it you notice it takes a second or two to load - this is because the document went to disk and is being called back to main memory. There was a page fault which prompted paging to occur
Swaps are similar to paging but swap is one big swap all at once
Locked memory prevents data from being paged
What is memory addressing?
The theoretical ability to store and retrieve data in memory is useless without the ability to tell the memory system where to store or fetch the data. Each byte in memory is assigned a unique address that distinguishes it from the other bytes.
What are the ways a CPU can address memory?
1) Direct addressing - simplest form of addressing. The system knows the exact location of data in memory and requests the data by passing the actual address to the memory subsystem
2) Indirect addressing - The first location contains an address (a pointer) to another location that holds the data
3) Register direct addressing - the CPU contains tiny memory areas known as registers. Registers are temporary storage for the task the CPU works on at that instant. To operate on values from main memory, the values must first be loaded into a register. Register direct addressing is slightly different from the other types of addressing in that it never refers to main memory. It simply refers to a specific register that already contains the required data
4) Register indirect addressing - In this addressing mode, the system looks in the specified register for the data’s address in main memory
5) Indexed addressing - Uses a memory location, plus an offset (called an index register). For example, the address may contain an array and the index register references an element of the array (go here plus this)
What is the operating system?
The OS is the heart of the computer and is loaded by a boot program. It controls everything that happens with the hardware and brings the hardware to life
The mainframe boot process is called Initial Program Load (IPL)
The OS does:
1) program execution
2) system access
3) error detection
4) accounting
Process States are:
1) run
2) wait
3) ready
4) sleep
5) interrupt
What are the OS states?
1) User - layer in the operating system where user applications run
2) Privileged - protected area of the operating system (or kernel) responsible for memory, process, disk and task management.
What is the kernel of the OS?
The kernel is the essential nucleus of the OS, the core that provides basic services for all other parts. A kernel can be contrasted with a shell, the outermost part of an OS that interacts with user commands. Typically, a kernel includes an interrupt handler that handles all requests that compete for the kernels’ services, a scheduler that determines which programs share the kernel’s processing time in what order, a virtual memory manager, and a supervisor that gives use of the computer to each process when it is scheduled.
Applications can request kernel service through system calls. When the kernel is executing on a CPU, the system is operating in privileged mode. This means it can interface directly with other parts of the OS and view all the internal data structures.
When user applications run in user mode, they rely on the system call interface to request services from the kernel.
Because the code that makes up the kernel is needed continuously, it is loaded into protected memory so that it will not be overlaid with other less frequently used parts of the OS. In a VM system, the kernel would never be swapped out to the disk and would remain in physical RAM at all times.
How can you protect you OS? What are the mechanisms?
1) Layering - organization of functions into separate components, each of which interacts with the others in a sequential way. Each layer will interface only with the layer above it and the layer below it and should work independently. If one layer in the system fails, it should not affect the other layers.
2) Abstraction - the process of finding commonality in different objects, and then exploiting it to make the objects simpler to manage. The ultimate goal is to reduce complexity and to hide the inner workings of the system. A good example of this is when you hit the save button in word. You dont know all the detail in the background of what is happening to save the file. All you see is the file was saved - you dont want to see the inards of saving. Example - you turn on a sink and water comes out, you dont want to know how the water gets out, just that it works. Simplification.
What are the layers of the ring layer protection?
1) Ring 0 = OS Kernel
2) Ring 1 = Operating System components that are not part of the kernel
3) Ring 2 = I/O drivers and utilities
4) Ring 3 = Applications and programs
Note that most systems only use Ring 0 and Ring 3 - if all rings were used, you would have to go to each ring for a system call which would cause latency and slow down the program. Example if when you hit the save button, its easier to go from ring 3 to ring 0 vs. go through every ring to save the file. Grinds away and does every step.
Ring 3 = least secure
Ring 0 = most secure
The ____ is a dedicated hardware chip that stores encryption keys.
Pull the disk from the motherboard but without the TPM chip, it wont work, even if you have username and password.
Key use is full disk encryption - if you pull the drive form the laptop and dont have the TPM chip, you cannot decode the data
What is virtualization?
Think Cloud…
Virtualization takes an application, desktop, or server and provides virtualized hardware. There is no direct hardware access as all access is via virtualized hardware created by the virtualization software.
the hy[pervisor runs on the host, controlling the virtual machines and their access to the real hardware.The hypervisor is the key to the security. Attacks on virtualization usually target the hypervisor.
Benefits of virtualization - lower hardware costs, cooling and electricity costs, simplified administration (easier patching, backups, etc.), server consolidation, create system snapshots and restore later, clone systems, simpler system testing, simpler BCP
The hardware server is called the host and runs multiple virutalized operating systems (called virtual machine or guests).
VDI - think NYL desktop - Virtual Desktop Infrastructure
VPS - virtual private server (VPS) - virtual machine hosted by a third-party internet hosting company. Offer full VM OS access - you own it. This is similar as putting your own physical server in a co-location, facility, the owner has full control of the server OS.
P2V - physical to virtual - change a physical host to a virtual machine
What are the two types of virutalization?
1) Full virtualization - runs unmodified applications or operating systems designed to run directly on computer hardware
2) Para-virtualization - runs specially modified applications or operating systems
How do you secure virtualization?
- Still need to patch and harden
- Must properly segment the network
Specific requirements for virtualization:
- protect the hypervisor
- protect the special host
What is VM Escape
It is the risk of a successful attach from:
1) virtual machine to host operating system
2) virtual machine to another virtual machine
The attack is against the hypervisor or virtual devices controlled by the hypervisor - all virtual machines and potentially the host itself, are at risk.
This is a risk if you co-mingle VM with different security requirements on the same hypervisor - consider having a different hypervisor for each network.
Basically, the VM gives you access to not just your RAM but other RAM - you can copy on or off to all hypervisor ram, run code on the hypervisor, and therefore, can disrupt other systems and anything on the hypervisor even if you shouldnt have accesss to it. You escape out of your VM to others through the hypervisor and copy data or write code.
You should disable drag, drop, and copy and paste and turn off as many virtual devices as you can.
PATCH your hypervisor routinely!
What is a database?
What is a database management system?
1) A collection of related data intended for sharing by multiple users
2) DBMS - stores data and provides operations on the database, such as create, delete, update and search. It also provides security and integrity controls
What are two common database language types and functions?
1) Data definition language (DDL) - defines database schema
2) Data manipulation language (DML) - examines and manipulates contents of a database
Database systems also have serious security issues for CIA. How do you prevent some of those security issues? (mainly integrity)
1) Ensure users do not attempt to access the same data at the same time - control this through use of locks that are imposed on rows or fields in the database. Or use a deadlock. This handles the issue of concurrency (2 people entering into the same cell)
2) Semantic Integrity - wrong data type. ensures that data types, logical values, uniqueness constraints and operations are enforced. Keep track of what type of data is entered and only valid types are accepted. (e.g., if you are recording number of sick days, you cannot have a letter in the field, it should be a number.
3) Entity Integrity - cannot have duplicate keys- ensures each entry has a unique primary key that is not null
4) Referential Integrity - Prevents users from entering inconsistent data - The data must be able to refer back somewhere. All foreign keys must point to an existing primary key or there can be a serious integrity problem.
5) Commit - executed when the changes you make to a record are submitted to the database. As long as the commit is not completed, the information is temporarily stored and not saved
- — 2-phase commit: vote first before committing (distributed databases). Someone made a change on server a and someone else made a change on server b - server a asks if you are good with this, if server b says no I am not, they roll back to the snapshot
- — rollback if commit is unsuccessful - when you return to a previous known good state and revert to a specific checkpoint if a problem had arisen
- — Database returns to its previous state
6) Checkpoint & Database Journal - If a system fails, there is a return to the point before failure. Roll back to the checkpoint and replay the database journal. Checkpoint is not live. So you roll-back to the most recent snapshot, and then you replay the journal which has the log of every change. Restore to a checkpoint and then replay the journal which is every time and therefore you restore integrity
What is a data warehouse?
Brings together structured data from disparate data sources. Key goal is to allow for complex queries to be performed in a manager that will not negatively impact an online data store intended for immediate access needs.
What is data mining?
Detecting abnormal patterns in large datasets
- — intrusion detection
- — fraud detection
- — auditing the database
think when your bank calls you if you make a purchase out of the country. This is an example of the data mining identifying an abnormal pattern and alerting you
What are some security issues with database vulnerabilities and threats?
1) Inference - pentagon pizza story - user deducts information of higher sensitivity from lower sensitivity information.
- — controls - (1) content dependent access rules (you asked for 5 phone numbers so go away) - (2) Enforced during query processing
2) Aggregation - user has aright to only certain data items in a larger collection of items. The user obtains knowledge that he or she does not have a right to about the larger collection of data.
- — I will download the whole phone book. You can ask for some peoples extensions, however, if you ask for each extension one by one you can eventually aggregate the whole collection and have the whole collection which you shouldn’t have access to.
What are the two types of fault tolerance? (redundancy mechanisms)
1) Active-active: All databases are taking transactions simultaneously with synced data. If one computer fails the user does not notice the difference. The failed computer will get fixed while the other computer maintains the availability.
2) Active-passive (shadow) - you have 2 databases with synced data. One takes transactions and one does not. Primary goes down, the secondary stands up
What is an applet?
A small Java program downloaded by users who visit web pages. They provide more functionality and a richer experience to users. They are common on dynamic websites or sites that have animated or interactive functions. They are restricted from accessing the local file system or the network. Due to some of the difficulties in delivering applets to a variety of different browsers, a lot of developers have switched to server side Java programs instead. these programs are called ServLets. A remote code also runs on a client which introduces additional risks.
What is Java?
Java is a programming language. Is is:
- Object-oriented
- Platform independent - generates bytecode which is interpreted into machine code by Java Virtual Machine (JVM) and can be run cross-platform which is not specific to a processor. You can write one application and run it on Linux, Windows, Mac, etc. Each platform has its own JVM but the JVM runs the same bytecode. You can write one app and be done.
How do you maintain security?
- Sandbox - an application that runs your browser is executed in what is similar to a VM. It does not have the capability to perform functions outside of this box. It protects against malicious applets.
What is activeX?
When a user connects to a web page that has an embedded control, the browser’s Authenticode technology will verify the signature with the Certificate Authority (CA) that has signed the control to verify it has not been modified. It then downloads the control. Internet Explorer does not allow untrusted or unsigned controls to execute.
Relies on the use of a digital signature that can be disabled by the end-user.
Used a lot to distribute valid patches or updates to users.
It is an object-oriented programming technology and tool.
It can be run anywhere in the ActiveX network, is equivalent to a Java applet and can be created with several languages.
OWASP stands for:
Open Web Application Security Project - focused on web application security risks
What is clickjacking?
tricks a user into clicking on a malicious link or taking harmful action by putting an innocuous window on top of another one. A window that appears benign is placed over a window that is malicious.
The usr only sees the top window and doesnt realize there is another window below it.
Also called UI redressing.
What are cookies?
Cookies are used to store information related to an HTTP session (unique session ID). They can be used to maintain a session state (e.g., active) which identifies a user whilst in the middle of using the applications. A secure session ID should be at least 128 bits in length and random.
The two types of cookies are:
1) Session cookies - in memory and deleted upon browser exit
2) Persistent - saved to disk and may be used long-term.
Cookies can be altered by a user. Secure cookies are transmitted via SSL/TLS only. You can intercept SSL/TLS.
What is cross-site scripting? XSS (includes XSRF)
Reflects a scrip via a trusted website that launches an attack on web server clients and commonly uses JavaScript. It is based on a lack of input validation and/or output encoding by websites.
e.g., you can input malicious javascript code into a a blog because there is no input validation into the blog site.
The common goal is to steal cookies (Cross-Site Request Forgery)
Protection - same origin policy - if a site gives me a cookie, only that site can ask for it back.
Protection - input validation:
- --- blacklisting - ban specific characters. Say whats banned and accept the rest - --- whitelisting - say what you allow and reject the rest (superior to blacklisting)
What is a SQL Injection?
Structured Query Language (SQL) is a database language.
Goal of SQL injection is to achieve read/write access to the data tier, via the presentation and logic tier. The attacker sends SQL commands via the web server. This requires poor input validation, allowing characters such as sing quote.
Basically - in an input field, instead of a last name lets say, you enter a SQL code and command the database to spit back information you shouldnt have access to. Can also command the computer to do malicious things like delete the records or manipulate the data.
