Domain 3 - Security Engineering

Question 1

Twofish

Answer 1

A symmetrical cryptography algorithm adapted from Blowfish and uses up to 256 bit keys on 128 bit blocks. It was a finalist for AES.

Question 2

Blowfish

Answer 2

A symmetrical cryptography algorithm developed by Bruce Schneier that is very fast and memory efficient. It is a Festal-type cipher that divides the input blocks into halves and then uses them in XORs against each other. Key sizes up to 448 bits on 64 bit blocks.

Question 3

CAST

Answer 3

A symmetrical cryptography algorithm developed by Carlisle Adams and Stafford Tavares. CAST-128 is a Feistal-type block cipher with 64 bit blocks. CAST-256 was an unsuccessful candidate for AES.

Question 4

Secure and Fast Encryption Routine (SAFER)

Answer 4

A symmetrical cryptography algorithm with all internally used algorithms being patent-free. Block cipher with 64 or 128 bit blocks.

Question 5

International Data Encryption Algorithm (IDEA)

Answer 5

A symmetrical cryptography algorithm developed as a replacement for DES and uses 128 bit keys on 64 bit blocks.

Question 6

RC5

Answer 6

A symmetrical cryptography algorithm developed by Ron Rivest of RSA. Keys can vary from 0 to 2040 bits, rounds can adjust from 0 to 255 and input blocks can be 16, 32 or 64 bits.
It has 4 modes of operation:
RC5 - block cipher mode similar to DES ECB
RC5-CBC - cipher block chaining mode
RC5-CBC-Pad - Similar to CBC but can handle any length of plaintext input
RC5-CTS - cipher text stealing will generate cipher text equal in length to plain text for any length

Question 7

RC4

Answer 7

A symmetrical cryptography algorithm developed by Ron Rivest and is stream-based. Key lengths of 8 to 2048 bits. No current, practical ways to attack. WEP cracks using RC4 are related to implementation issues rather than algorithm.

Question 8

Null Cipher

Answer 8

An option used to tell the encryption system to not use any cipher.

Question 9

Substitution Cipher

Answer 9

Simple substitutes one letter for another. Caesar cipher and ROT-13 are examples.

Question 10

Playfair Cipher

Answer 10

A substitution cipher where an agreed on keyword is written into a 5 by 5 square with the remaining alphabet filling the latter slots. Message is broken into 2 character groups and rules are followed to use the square to map to 2 character cipher text groups. Allies used heavily in the Second World War.

Question 11

The Rail Fence

Answer 11

A transposition cipher that writes plain text into diagonal lines across two or more rows. The cipher text is simply the new rows appended in order.

Question 12

Rectangular Substitution Tables

Answer 12

A transposition cipher that writes plain text into an agreed upon grid size with the cipher text created in an agreed upon method i.e. columns first to last, top to bottom.

Question 13

Monoalphabetic Cipher

Answer 13

A simple substitution cipher that uses one mapping between plain text and cipher text characters. Caesar cipher is an example that offset the alphabet by 3 letters.

Question 14

Polyalphabetic Cipher

Answer 14

A substitution cipher that uses more than one mapping between plain text and cipher text characters. For example, four alphabets could be used switching between them in order for each character of plain text. Designed to make frequency analysis more difficult.

Question 15

Blais de Vigenere Cipher

Answer 15

A polyalphabetic cipher that uses 26 alphabets with each one offset by one place. An agreed upon keyword is used to determine which alphabet is used for each position in the text.

Question 16

Bell-LaPadula Model

Answer 16

Originally developed for the U.S. Department of Defense. It is focused on maintaining the confidentiality of objects.

Question 17

Bell-LaPadula - Simple Security Property

Answer 17

“No read up”: a subject at a specific classification level cannot read an object at a higher classification level. Subjects with a Secret clearance cannot access Top Secret objects, for example.

Question 18

Bell-LaPadula - Security Property

Answer 18

“No write down”: a subject at a higher classification level cannot write to a lower classification level. For example, subjects who are logged into a Top Secret system cannot send emails to a Secret system.

Question 19

Bell-LaPadula - Strong Tranquility Property

Answer 19

Security labels will not change while the system is operating.

Question 20

Bell-LaPadula - Weak Tranquility Property

Answer 20

Security labels will not change in a way that conflicts with defined security properties.

Question 21

Lattice-based access controls

Answer 21

For every relationship between a subject and an object, there are defined upper and lower access limits implemented by the system. This lattice, which allows reaching higher and lower data classification, depends on the need of the subject, the label of the object, and the role the subject has been assigned. Subjects have a Least Upper Bound (LUB) and Greatest Lower Bound (GLB) of access to the objects based on their lattice position.

Question 22

Biba Model

Answer 22

Biba is the model of choice when integrity protection is vital.
Biba takes the Bell-LaPadula rules and reverses them, showing how confidentiality and integrity are often at odds. If you understand Bell-LaPadula (no read up; no write down), you can extrapolate Biba by reversing the rules: no read down; no write up.

Question 23

Biba Model - Simple Integrity Axiom

Answer 23

“No read down”: a subject at a specific classification level cannot read data at a lower classification. This prevents subjects from accessing information at a lower integrity level. This protects integrity by preventing bad information from moving up from lower integrity levels.

Question 24

Biba Model - Integrity Axiom

Answer 24

“No write up”: a subject at a specific classification level cannot write data to a higher classification. This prevents subjects from passing information up to a higher integrity level than they have clearance to change. This protects integrity by preventing bad information from moving up to higher integrity levels.

Question 25

Clark-Wilson Model

Answer 25

A real-world integrity model that protects integrity by requiring subjects to access objects via programs. Because the programs have specific limitations to what they can and cannot do to objects, Clark-Wilson effectively limits the capabilities of the subject.

Question 26

Clark-Wilson - Two Concepts

Answer 26

Uses two primary concepts to ensure that security policy is enforced:
* Well-formed transactions
* Separation of duties.
Well-formed transactions provide integrity. The process is comprised of the “access control triple”: user, transformation procedure, and constrained data item.

Question 27

Chinese Wall Model

Answer 27

Also known as Brewer-Nash is designed to avoid conflicts of interest by prohibiting one person, such as a consultant, from accessing multiple conflict of interest categories (CoIs).

Question 28

Access Control Matrix

Answer 28

A table defines what access permissions exist between specific subjects and objects. The rows of the table show the capabilities of each subject; each row is called a capability list. The columns of the table show the ACL for each object or application.

Question 29

Lipner Model

Answer 29

Combines elements of Bell-LaPadula and Biba with the idea that job functions or roles is a novel way to protect both confidentiality and integrity. Assigns security levels and functional categories to subjects and objects.

Question 30

Graham-Denning Model

Answer 30

Primarily concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed.

Question 31

Graham-Denning - Primitive Protection Rights

Answer 31

1. Create Object
2. Create Subject
3. Delete Object
4. Delete Subject
5. Read Access Right
6. Grant Access Right
7. Delete Access Right
8. Transfer Access Right

Question 32

Harrison-Ruzzo-Ullman Model

Answer 32

Composed of a set of generic rights and a finite set of commands. Very similar to Graham-Denning.

Question 33

State Machine Model

Answer 33

State describes a system at a point in time. This model describes the behavior of a system as it moves between states, from one moment to another. Defines which actions will be allowed at any point in time to ensure that a secure state is preserved.

Question 34

Noninterference Models

Answer 34

A type of multilevel model with a high degree of strictness, severely limiting any higher-classified information from being shared with lower-privileged subjects even when higher-privileged subjects are using the system at the same time. Deals with covert channels that may leak information inappropriately.

Question 35

Matrix-Based Models

Answer 35

Focus on one-to-one relationships between subjects and objects as opposed to lattice-based models that treat similar subjects and objects with similar restrictions.

Question 36

Information Flow Models

Answer 36

Focuses on how information is allowed or not allowed between individual objects. Most other models focus on subject-to-object relationships. Used to determine if information is being properly protected throughout a given process. Identifies potential covert channels between compartments in compartmented systems.

Question 37

Zachman Framework

Answer 37

An architecture framework that allows for communication and collaboration of all entities in the deployment of the architecture. It is a logical structure for identifying and organizing the descriptive representations (models) that are important to the management and deployment of systems.

Question 38

Sherwood Applied Business Security Architecture (SABSA)

Answer 38

A holistic lifecycle for developing security architecture that begins with assessing business requirements and subsequently creating a “chain of traceability” through the phases of strategy, concept, design, implementation, and metrics. Same basic outline as the Zachman Framework.

Question 39

SASBA Levels

Answer 39

Contextual security architecture
Conceptual security architecture
Logical security architecture
Physical security architecture
Component security architecture
Operational security architecture

Question 40

The Open Group Architecture Framework (TOGAF)

Answer 40

Focuses on the critical role of requirements analysis in each step of creating an architecture. Inspired by earlier frameworks from the US Department of Defense.

Question 41

IT Infrastructure Library (ITIL)

Answer 41

Defines organizational structure and skill requirements for an IT organization as well as a set of operational procedures and practices that direct IT operations and infrastructure, including information security operations.

Question 42

ITIL Activities

Answer 42

1. Service Strategy
2. Service Design
3. Service Transition
4. Service Operations
5. Continuous Service Improvement

Question 43

Trusted Computer System Evaluation Criteria (TCSEC)

Answer 43

Frequently referred to as the Orange Book.

US Department of Defense standards for the implementation of security protections in computing systems.

Question 44

Orange Book Evaluation Criteria Divisions

Answer 44

Highest trust to lowest
A - Verified Protection - A1:Verified Design
B - Mandatory Protection - B3:Security Domains, B2:Structured Protection, B1:Labeled Security Protection
C - Discretionary Protection - C2:Controlled Access Protection, C1:Discretionary Security Protection.
D - Minimal Protection - D1:Minimal Protection

Question 45

Information Technology Security Evaluation Criteria (ITSEC)

Answer 45

Not widely accepted outside the US.

Assurance levels defined as E1 thru E6.

Question 46

The Common Criteria

Answer 46

Some international adoption but not universal.
Protection Profiles:
EAL1 - Functionality tested
EAL2 - Structurally tested
EAL3 - Methodically tested and checked
EAL4 - Methodically designed, tested and reviewed
EAL5 - Semi-formally designed and tested
EAL6 - Semi-formally verified design and tested