Domain 3-Security Engineering (Engineering and Management of Security) Flashcards
Bell-LaPadula
No Read Up, confidentiality , Simple Security Property and the * Security Property
Simple Security Property
no read up
Security Property
a subject at a higher classification level cannot write to a lower classification level.
Strong Tranquility Property
states that security labels will not change while the system is operating
Weak Tranquility
Property states that security labels will not change in a way that conflicts with defined security properties
Lattice-based access
allows security controls for complex environments
Simple Integrity Axiom
no read down:” a subject at a specific classification level cannot read data at a lower classification. This prevents subjects from accessing information at a lower integrity level. This protects integrity by preventing bad information from moving up from lower integrity levels.
Integrity Axiom
“no write up:” a subject at a specific classification level cannot write to data at a higher classification.
Clark-Wilson
is a real-world integrity model that protects integrity by requiring subjects to access objects via programs.
Clark-Wilson enforces the concept
separation of duties and transformation procedures within the system.
The Chinese Wall model/ Brewer-Nash
by prohibiting one person, such as a consultant, from accessing multiple conflict of interest categories
The noninterference model ensures
that data at different security domains remain separate from one another.
The noninterference model
ensures that data at different security domains remain separate from one another.
The Take-Grant Protection Model
contains rules that govern the interactions between subjects and objects, and permissions subjects can grant to other subjects
Harrison-Ruzzo-Ullman Model
In addition to HRU’s different operations, it also differs from Graham-Denning because it considers subjects to be also objects
Abstraction
hides unnecessary details from the user.
A security domain
is the list of objects a subject is allowed to access. More broadly defined, domains are groups of subjects and objects with similar security requirements.
The Ring Model
The ring model is a form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode) from each other
The northbridge
is directly connected to the CPU, and is faster than the southbridge.
SMP systems
SMP systems have one operating system to manage all CPUs.
AMP systems
have one operating system image per CPU, essentially acting as independent systems.
A monolithic kernel
is compiled into one static executable and the entire kernel runs in supervisor mode.
Microkernels
A microkernel is usually smaller and has less native functionality than a typical monolithic kernel (hence the term “micro”), but can add functionality via loadable kernel modules
transparent virtualization
uns stock operating systems, such as Windows 10 or Ubuntu Linux 15.04, as virtual guests. No changes to the guest OS are required.
Paravirtualization
uns specially modified operating systems, with modified kernel system calls. Paravirtualization can be more efficient, but requires changing the guest operating systems. This may not be possible for closed operating systems such as the Microsoft Windows family.
Covert Storage Channels
A storage channel example uses shared storage, such as a temporary directory, to allow two subjects to signal each other.
A covert timing channel
relies on the system clock to infer sensitive information
Maintenance hooks
are a type of backdoor; they are shortcuts installed by system designers and programmers to allow developers to bypass normal system checks during development, such as requiring users to authenticate
Polymorphic virus
a virus that changes its signature upon infection of a new system, attempting to evade signature-based antivirus software
Multipartite virus
a virus that spreads via multiple vectors. Also called multipart virus.
A rootkit
is malware that replaces portions of the kernel and/or operating system
SOAP (originally an acronym for ‘Simple Object Access Protocol,’ but now simply ‘SOAP’)
provides the connectivity
Electronic Code Book (ECB)
is the simplest and weakest form of DES. It uses no initialization vector or chaining. Identical plaintexts with identical keys encrypt to identical ciphertexts. Two plaintexts with partial identical portions (such as the header of a letter) encrypted with the same key will have partial identical ciphertext portions.
Cipher Block Chaining (CBC) mode
is a block mode of DES that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted.
One limitation of CBC mode is
that encryption errors will propagate: an encryption error in one block will cascade through subsequent blocks due to the chaining, destroying their integrity
he primary difference is CFB is a …….
stream mode.
Output Feedback (OFB)
Since the subkey is not affected by encryption errors, errors will not propagate.
Counter (CTR)
encryption can be done in parallel
Triple DES
the primary weakness is that it is slow and complex compared to newer symmetric algorithms
“double DES”
s not used due to a meet-in-the-middle attack: see the “Cryptographic Attacks” section for more information.
International Data Encryption Algorithm (IDEA)
the primary drawbacks are patent encumbrance and its slow speed compared to newer symmetric ciphers such as AES
AES uses
128-bit (with 10 rounds of encryption), 192-bit (12 rounds of encryption), or 256-bit (14 rounds of encryption) keys to encrypt 128-bit blocks of data
A known plaintext attack
relies on recovering and analyzing a matching plaintext and ciphertext pair: the goal is to derive the key that was used.
Encrypting without knowing the key is done …
via an “encryption oracle,
Linear cryptanalysis
is a known plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key
Side-channel attacks
use physical data to break a cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting.
An implementation attack
xploits a mistake (vulnerability) made while implementing an application, service or system.
The birthday attack is used
o create hash collisions.
Key Clustering
s when two symmetric keys applied to the same plaintext produce the same ciphertext. This allows two different keys to decrypt the ciphertext.
A Hashed Message Authentication Code (HMAC)
combines a shared key with hashing. IPsec uses HMACs
IPsec (Internet Protocol Security) is a suite of protocols that provide a cryptographic layer to both
to both IPv4 and IPv6.
IPsec includes two primary protocols:
Authentication Header (AH) and Encapsulating Security Payload (ESP). AH and ESP provide different, and sometimes overlapping functionality.
Authentication Header provides
authentication and integrity for each packet of network data. AH provides no confidentiality; it acts as a digital signature for the data. AH also protects against replay attacks, where data is sniffed off a network and resent, often in an attempt to fraudulently reuse encrypted authentication credentials.
Encapsulating Security Payload
primarily provides confidentiality by encrypting packet data. It may also optionally provide authentication and integrity.
