Domain 3 (Security Engineering)

Question 1

What is the Trusted Computer Base (TCB)?

Answer 1

All of the protection mechanisms within a computer system

Question 2

What is the Security Perimeter?

Answer 2

It seperates that trusted and untrusted components within a computer system (inside/outside TCB)

Question 3

What is the Reference Monitor?

Answer 3

Mediates subject access to object permittions (Rules)

Question 4

What is the Security Kernel?

Answer 4

Enforces the Reference Monitor. That which falls inside the TCB. (Enforcement)

Question 5

What are the four CPU cycles?

Answer 5

Fetch
Decode
Execute
Store

Question 6

What do Security Models do?

Answer 6

Security policy outlines goals, Security Model provides the how-to

Question 7

What are the characteristics of the Bell-Lapadula?

Answer 7

Focused on confidentiality.

1) Cant read higher then subjects security clearance.
2) Cannot write data to level lower.
3) Can only read/write at own level

Question 8

What are the characteristics of the Biba Model?

Answer 8

Focused on integrity. Uses integrity levels. Down Data’s Dirty.

Question 9

What are the characteristics of the Clark-Wilson model?

Answer 9

Focused on integrity. Separation of duties. Keep users out of your stuff or they’ll break it. Force a user through an API.