Domain 3: Security Engineering and Architecture

Question 1

Common Criteria

Answer 1

Structured methodology for documenting security requirements, documenting and validating. Based on ISO 15408

Question 2

Protection Profile

Answer 2

Specifies the security requirements and protections of a product that is to be evaluated. Organised around TCB entities. Evaluation Assurance Levels (EAL)

Question 3

Evaluation Assurance Levels (EAL)

Answer 3

EAL0 - Inadequate assurance
EAL1 - Functionally tested
EAL2 - Structurally tested
EAL3 - Methodically tested and checked
EAL4 - Methodically designed, tested, and reviewed
EAL5 - Semi formally designed and tested
EAL6 - Semi formally verified design and tested
EAL7 - Formally verified design and tested

Question 4

Target of Evaluation (TOE)

Answer 4

The target for the product

Question 5

Protection Profile (PP)

Answer 5

Set of security requirements of TOE

Question 6

Security Functional Requirements (SFRs)

Answer 6

Specific individual security functions

Question 7

Engineering principles for IT Security

Answer 7

Use NIST SP 800-27

• Initiation; need expressed, purpose documented, impact assessment
• Development/Acquisition; system designed, purchased, programmed, developed or constructed
• Implementation; system tested and installed, certification
• Operation/Maintenance; performs function, security operations, audits
• Disposal; disposition of information, HW and SW

Physical controls are your first line of defense, and people are your last

Question 8

OS Kernel

Answer 8

Loads and runs binary programs, schedules task swapping, allocated memory and tracks physical location of files on computers hard disk, manages IO/OP requests from software, and translates them into instructions for CPU

Question 9

Primary storage

Answer 9

Temporary storage area for data entering and leaving the CPU

Question 10

Random Access Memory

Answer 10

Temporary holding place for data used by the OS. It is volatile. Two types of RAM exist: Dynamic and Static. Dynamic RAM needs to be refreshed periodically, while Static RAM’s data does not need to be refreshed

Question 11

ROM

Answer 11

Read only memory is non-volatile which means when a computer is turned off the data is not lost. EEPROM can be altered

Question 12

Process States

Answer 12

• Stopped: process finishes or must be terminated
• Waiting: the process is ready for continued execution but is waiting for a device or access request
• Running: executes on the CPU and keeps going until it finishes; its time slice expires, or it is blocked
• Ready; process prepared to executve when CPU ready

Question 13

Multitasking

Answer 13

Execute more than one task at the same time

Question 14

Multitasking

Answer 14

More than one CPU is involved

Question 15

Multiprocessing

Answer 15

More than one CPU is involved

Question 16

Multi-Threading

Answer 16

Execute different parts of a program simultaneously

Question 17

Single state machine

Answer 17

Operates in the security environment at the highest level of classification of the information within the computer. In other words, all users on that system must have clearance to access the info on that system.

Question 18

Multi state machine

Answer 18

Can offer several security levels without risk of compromising the system’s integrity

Question 19

CICS

Answer 19

Complex instructions. Many operations per instruction. Less number of fetches

Question 20

RISC

Answer 20

Reduced instructions. Simpler operations per instructions. More fetches

Question 21

Generations of Software

Answer 21

1st Gen: Machine Language
2nd Gen: Assembler
3rd Gen: FORTRAN: C++
4th Gen: Natural/focus and SQL
5th Gen: Prolog, list artificial intelligence languages based on logic

Question 22

Memory Segmentation

Answer 22

Dividing memory into segments

Question 23

Protection Keying

Answer 23

Numerical values, divides physical memory up into particular sized blocks, each of which has an associated numerical value called a protection key

Question 24

Paging

Answer 24

Divides memory address space into even sized blocks, called pages. To emulate that we have more RAM than we have. System kernel knows the location of the page file.

Question 25

DEP

Answer 25

Data Execution Prevention: A system level memory protection feature that is built into the OS DEP prevents code from being run from different pages, such as default heap, stacks, and memory pools

Question 26

ITIL

Answer 26

Best practices for IT operations, including change management and configuration management.

Question 27

Security Models

Answer 27

Defines allowed interaction between subjects and objects at a particular moment in time

Question 28

State Machine Model

Answer 28

Describes a system that is always secure no matter what state it is in. If all aspects of a state meet the requirements of the security policy, that state is considered secure. A transition occurs when accepting input or producing output. A transition always results in a new state (also called a state transition). A secure state machine model always boots into a secure state, maintains a secure state across all transitions, and allows subjects to access resources only in a secure manner compliant with the security policy.

Question 29

Information Flow Model

Answer 29

Based on state machine model, the Bell LaPadula and Biba models are both information flow models. Information flow models are designed to prevent unauthorised, insecure, or restricted information flow, often between different levels of security (these are often to as multilevel models). The information flow model also addresses covert channels by specifically excluding all non-defined flow pathways.

Question 30

Noninterference Model

Answer 30

Loosely based on information flow model. Focuses on actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level. Basically, the actions of subject A (high) should not affect the actions of subject B (low) or even be noticed by subject B. The noninterferance model can be imposed to provide a form of protection against damage caused by malicious programs such as trojan horses.

Question 31

Confinement

Answer 31

Restricts actions of a program. Process confinement allows a process to read from and write to only certain memory locations and resources. This is known as sandboxing.

Question 32

Bounds

Answer 32

A process consist of limit set on the memory addresses and resources it can access. The bounds state the area within which a process is confined or contained

Question 33

Isolation

Answer 33

When a process is confined through enforcing access bounds that process runs in isolation. Process isolation ensures that any behaviour will affect only the memory and resources associated with the isolated process.

Question 34

Matrix Model

Answer 34

Provides access rights to subjects for objects, access rights are read, write and executed. Columns are ACL’s, rows are capability lists, and supports discretionary access control

Question 35

Bell LaPadula

Answer 35

Focused on preventing information flow from a high security level to a low security level. Confidentiality model, developed by DOD.

• Cannot read up, cannot write down
• Tranquillity principle prevents security levels of subjects from being changed once they are created

Question 36

BIBA Model

Answer 36

Integrity model. Focused on protecting objects from external threat, by preventing information flow from a low security level to a high security level.

• Cannot read down
• Cannot write up

Question 37

Clark Wilson

Answer 37

Integrity model, which enforces access to objects only through programs.

Question 38

Information Flow Model

Answer 38

Each object is assigned a security class and value, and information is constrained to flow in the directions that are permitted by the security policy. Thus flow of information from one security level to another.

Question 39

Brewer and Nash

Answer 39

Provides dynamic access control based on user’s previous actions. Prevents conflict of interests from members of the same organisation to look at information that creates a conflict of another member of that organisation. THINK OF STOCK MARKETS

Question 40

Lipner Model

Answer 40

Combines Bell LaPadula and Biba model

Question 41

Graham-Denning

Answer 41

Focused on relationship between subjects and objects

Question 42

Take Grant

Answer 42

Uses a direct graph to specify the rights that subjects can transfer to objects or that subjects can take from other objects.
Uses STATES and STATE Transitions

• Take Rule: Allows a subject to take rights over an object
• Grant Rule: Allows a subject to grant rights to an object
• Create Rule: Allows a subject to create new rights
• Remove Rule: Allows a subject to remove its own rights

Question 43

Composition Theory

Answer 43

Three recognised types of composition theories:

1. Cascading: input for one system comes from the output of another system
2. Feedback: One system provides input to another system, which reciprocates by reversing those roles (so that system A first provides input for system B and then system B provides input to system A).
3. Hookup: One system sends input to another system but also sends input to external entities.

Question 44

MAC

Answer 44

Subjects are labelled as to their level of clearance. Objects are labelled as to their level of classification or sensitivity.

Question 45

Subjects

Answer 45

Entity who can perform work tasks, such as users, data owners (protect data), and data custodian (classify and protect data)

Question 46

ITSEC

Answer 46

The Information Technology Security Evaluation Criteria refers to any system being evaluated as a target of evaluation. It is used in Europe only. Addresses CIA. It evaluates functionality and assurance separately. Assurance from E0 to E6 (highest), and F1 to F10 (highest). Therefore, a system can provide low assurance and high functionality or vice-versa.

Does not rely on the notion of a TCB, and it doesn’t require that a system’s security components be isolated within a TCB. Includes coverage for maintaining targets of evaluation after changes occur without requiring a new formal evaluation.

Question 47

Certification

Answer 47

Is evaluation of security features and safeguards if it meets the requirements. Certification is the comprehensive evaluation of the technical and nontechnical security features of an IT system and other safeguards made in support of the accreditation process to establish the extent to which a particular design and implementation meets a set of specified security requirements.

Question 48

Accreditation

Answer 48

The formal declaration by the designated approving authority (DAA) that an IT system is approved to operation in a particular security mode using a prescribed set of safeguards at an acceptable level of risk. Once accreditation is performed, management can formally accept the adequacy of the overall security performance of an evaluated system.

Question 49

System Accreditation

Answer 49

A major application or general support system is evaluated

Question 50

Site Accreditation

Answer 50

The applications and systems at a specific, self-contained location are evaluated

Question 51

Type Accreditation

Answer 51

An application or system that is distributed to a number of different locations is evaluated

Question 52

TCSEC: Orange Book

Answer 52

Trusted Computer System Evaluation Criteria. From the US DoD, it evaluates operating systems, application, and systems. It doesn’t touch the network part. It only addresses confidentiality.

• ITSEC: 1, TCSEC: D: Minimal protection, any system that fails higher levels
• ITSEC 2, TCSEC C1: DAC (identification, authentication, and resource protection).
• ITSEC 3, TCSEC C2: DAC (controlled access protection (object reuse, protect audit trail))
• ITSEC 4, TCSEC B1: MAC (security labels, based on Bell LaPadula security model. Labeled security process, isolation, devices.
• ITSEC 5, TCSEC B2: MAC, strucutred protection. Seperate operation/admin roles. Configuration management.
• ITSEC 6, TCSEC B3: MAC, security domain (trusted recovery), monitor event and notification.
• ITSEC 7, TCSEC A; mac; formal verified protection

Question 53

Rainbow Series

Answer 53

Red= trusted network, Orange = TCSEC evaluation, Brown = trusted facilities management, Tan=audit, Aqua=glossary, Green=password management

Question 54

ISO 27001

Answer 54

Focused on the standardisation and certification of an organisation’s information security management system (ISMS), security governance, a standard, ISMS. Info security minimum systems

Question 55

ISO 27002

Answer 55

A guideline which lists security control objectives and recommends a range of specific controls.

Question 56

COBIT 5

Answer 56

Based on five key principles for governance and management of enterprise IT:

1. Meeting stakeholder needs
2. Covering the enterprise end-to-end
3. Applying a single, integrated framework
4. Enabling a holistic approach
5. Separating governance from management. COBIT is used not only to plant the IT security of an organisation but also as a guideline for auditors.

Question 57

Virtualisation

Answer 57

Used to host one or more OS’s within memory of a single host computer. Such an OS is also known as a guest OS. From the perspective that there is an orgiinal or host OS installed directly on the hardware, the additional OS’s hosted by the hypervisor are guests.

Question 58

VM

Answer 58

Virtual Machine. Simulated environment created by the OS to provide a safe and efficient place for programs to execute.

Question 59

Virtual SAN

Answer 59

Software defined shared storage system is a virtual re-creation of a SAN on top of a virtualised network or an SDN.

Question 60

TOCTTOU Attack

Answer 60

Race condition exploits, and communication disconnects are known as state attacks because they attack timing, data flow control, and transition between one system state to another.

Question 61

RACE

Answer 61

Two or more processes require access to the same resource and must complete their tasks in the proper order for normal functions.

Question 62

Register - Memory

Answer 62

Small memory in CPU that directly provide accessible memory locations that the brain of the CPU (ALU) uses when performing calculations

Question 63

Stack Memory Segment

Answer 63

Used by processors to communicate instructions and data to each other

Question 64

Monolithic OS Architecture

Answer 64

All the code working in kernel mode in an ad hoc and non-modularised OS

Question 65

Memory Addressing

Answer 65

When using memory resources, the processor must have some means of referring to various locations in memory. The solution to this problem is known as addressing.

Question 66

Register Addressing

Answer 66

When the CPU needs information from one of its registers, it uses a register address (e.g. register 1) to access its content

Question 67

Immediate Addressing

Answer 67

A way to refer to data, such as immediate addressing where the CPU is told to add 2 to the value in the register

Question 68

Direct Addressing

Answer 68

The CPU is provided with actual address of the memory location to access. The address must be located on the same memory page as the instruction being executed.

Question 69

Indirect Addressing

Answer 69

Similar to direct addresing. However, the memory address supplied to the CPU as part of the instruction doesnt contain the actual value that the CPU is to use as an operand. The CPU reads the indirect address to learn the address where the desired data resides and then retrieves the actual operation from that address.

Question 70

Base + Offset Addressing

Answer 70

Uses a value stored in one of the CPU’s registers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to that base address and retrieves the operaand from that computed memory location.

Question 71

PaaS

Answer 71

Platform as a Service.