Domain 3. Sec Architecture and Engineering - Security Models

Question 1

Which Bell-LaPadula rule is also known as the “no write down” rule?

Answer 1

Star (*) Property

Question 2

Bell-LaPadula Rules

Answer 2

Confidentiality Model:

Most likely in Government and Military programs. Strict need-to-know environments

Simple security property: (no read up).

Star () property: (no write down).

Strong start () property: No read or write to security level you don’t have access to.

Question 3

Lattice-based Model

Answer 3

A security model that uses a hierarchical lattice structure to define and enforce access rights. The lattice structure sets varying security levels for different resources and users.

The Bell-LaPadula model is an example of a lattice-based model. In Lattice-based models, subjects can only access objects as long as they are in range of their lattice position. The object’s classification and labels determine lattice positions.

Question 4

Clark-Wilson Model

Answer 4

Integrity Model

Relies mostly on separation of duties.

Uses transformation procedures (TPs) and constrained data items (CDIs)

Similar to Biba Model..

Question 5

Biba Model

Answer 5

Integrity Model

Prevents info flow from low sec level to higher.

Question 6

Brewer and Nash Model

Answer 6

Confidentiality model (I think)
- Use a dynamic access control based on objects previous
actions.
- Subject can write to an object if, and only if, the subject
cannot read another object in a different dataset.
- Prevents conflict of interests among objects.

Question 7

Information Flow Model

Answer 7

An information-flow model prevents the movement of information from one classification to another.

Bell LaPadula and Biba are both information-flow models.

The model controls the flow of information from high security to low security classifications. These models are used to avoid unauthorized access to data or to compromise the integrity of data.

Question 8

Lipner Model

Answer 8

Commercial Mode BLP + Biba

Question 9

Graham-Denning Model

Answer 9

Focuses on the secure creation and deltion of subjects and objects.

Uses an access matrix.

Rule 1: Transfer Access,
Rule 2: Grant Access,
Rule 3: Delete Access,
Rule 4: Read Object,
Rule 5: Create Object,
Rule 6: Destroy Object,
Rule 7: Create Subject,
Rule 8: Destroy

Question 10

Harrison-Ruzzo-Ullman
Model

Answer 10

Extensionof the Graham-Denning model.

Restricts operations able to perform on an object to a defined
set to preserve integrity

Question 11

M of N Control

Answer 11

Split knowledge control policy used to manage Key Escrow using the Minimum (M) of the total Number (N) of employees.

Question 12

State Machine Model

Answer 12

State machine security models require that all actions that change the state must be authorized, and the machine’s state must remain secure during transitions.

Question 13

State Transition

Answer 13

Change of a system between one state and another. i.e. A VM is booted from a snapshot.

Question 14

MAC

Answer 14

Mandatory Access Control:

Uses classifications and labels to define user access.

Often referred to as lattice-based model because it looks like a garden wall.

Question 15

Cryptology

Answer 15

Cryptology is the science of secure communications. It is the study of both cryptography and cryptanalysis.

Question 16

Cryptography

Answer 16

Cryptographers study encryption

Question 17

Cryptanalysis

Answer 17

Cryptanalysts study methods to break encryption.

Question 18

Noninterference model

Answer 18

Class of Security Models:

Concerned with how the actions of a subject at a higher sec level affect the system state or actions of a subject at a lower level.

Loosely based on the information flow model,

Addresses how the actions of a higher security level subject impacts the system state or actions of a subject at a lower security level.

(Information flow model is in turn based on the state machine model. Information flow models are constructed to block unauthorized, insecure, or restricted information flow)

Question 19

State-Machine Model

Answer 19

Uses state variables to represent the system’s state of security through state transitions.

Question 20

Common Criteria

Answer 20

Security Framework- International version of TCSEC (US) and ITSEC (EU) to a global/international version of these evaluations.

Target of Evaluation

Has 7 EAL Levels, 1 is lowest, 7 is highest.

SAR (security assurance requirements)

Question 21

TCSEC

Answer 21

This is the orange book. The Formal implementation of the bell-lapadula model.

Question 22

Orange Book

Answer 22

THIS IS ITSEC! This book was part of the Rainbow Series of books that defined various computer security standards and guidelines. The Rainbow Series of books was published by the US Department of defence itself. Formal implementation of the bell-lapadula model.

Question 23

Take-Grant protection model

Answer 23

Employs a directed graph to show how rights can be passed from one subject to another or from a subject to an object.

A subject with a grant right - can then GRANT that right to any other subject or object.

A subject with a TAKE right, can take a right from another subject.

Additionally there are CREATE and REMOVE rule to generate or delete rights.

Question 24

BLP vs Biba

Answer 24

BLP = No Read Up, No Write Down

Biba = No Read Down, no Write up

Question 25

Bell-Lapadula and Biba:

Reading is simpler than writing = simple rule = read.

It’s written in the stars = * rule = write.

Question 26

Access Control Triple

Answer 26

When Subjects access and modify objects indirectly through an interface or program. This is known as the “access triple” and is made up of the subject/program/object.

Concept in Clark-Wilson model

Question 27

Security Protection Rings - which are not usually implemented

Answer 27

1 and 2 usually contain drivers. Drivers are usually integrated into ring 0, so rings 1 and 2 functionally are not used all that often.