Domain 3 - Security Engineering - Security Models Flashcards

1
Q

Security Model - what is it?

A

provides ‘rules of the road’ for securely operating systems. Can be used in determining policy.

provides a way for designers to map abstract statements into a security policy that prescribes the algorithms and data structures necessary to build hardware and software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Read down, Write up

A

Applies to Mandatory Access Control models.

Read down = user reads an object at a lower sensitivity leve.

Write up = user writes to an object then labels it at a higher sensitivity level than the clearence they themselves possess.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

State Machine Model

A

Based on concept of FSM (Finite State Machine) Mathematical Model that groups all possible system occurrences (called states). Every possible state is evaluated as secure.

Each input results in a transition to a new state that must be evaluated for secureness.

Basis of many other sec. models.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Bell-Lapadula Model

A

Based on State-Machine and information flow models. Origin in DOD. Main focus is on confidentiality of objects.

Simple Security Property

*Security Property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Bell Lapadula

  • What is Simple Security Property?

What is the star property AKA Security Property?

A

No Read Up (SSP)

No Write Down (SP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Bell Lapadula

  • What is Strong Tranquility Property
A

labels will not change while a system is operating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Bell Lapadula

  • What is Weak Tranquility Property
A

Labels can’t change in a way that conflicts with defined security properties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Lattice-based Controls

A

o Security for complex environments
o For every relationshiop between a subject and object – there are defined upper and lower access limits
o Subject have Least UpperBound and Greatest Lower Bound
o Multi level and multi lateral

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Integrity Models

A

Focus on integrity moreso than confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Biba Model

A

Integrity based model. Based on State Machine and Information flow. Two primary rules
Simple integrity axioim – no read down
*Integrity Axiom – no write up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Biba Model - what is Simple integrity axiom?

A

no read down. Prevents subjects from accessin info at lower integrity level - protects integrity by preventing bad info from reaching higher levels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Biba Model - what is star property AKA integrity axiom?

A

no write up.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Clark-Wilson

A

Integrity model
Real world model
o Requires subjects to access objects via programs
o Two primary concepts
Well formed transactions
Separation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Clark-Wilson - what are Well formed transactions?

A

Abiltity to enforce control over apps.

Comprised of: User, Transformation procedure, and Constrained Data Item.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Clark - Wilson - certification, enforcement, and separation of duties

A

All TP (Transformation procedures) must record enough information to reconstruct the data transaction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Clark - wilson separation of duties

A

ensure authorized users don’t change data in an inappropriate way.

17
Q

Information Flow Model

A

Based on State-machine model. Focused on controlling information flow and type of information. Designed to prevent unauthorized, insecure, or restricted info flow. Excludes all un-defined flow pathways.

18
Q

Chinese Wall Model (Brewer Nash)

A

AKA Brewer-Nash. Designed to avoid conflicts of interest. Specifically addresses consultants/contractors in financial institutions.

o Subject can write to an object only if the subject cannot read another object in a diff data set

19
Q

Non-interference Model

A

Loosely based on Information Flow model. Instead of information flow, is concerned with how Actions at a higher security level affects states at lower level

Not concerned with the flow of data but more so with what a subject knows

Addresses the inference attack that occurs when someone has access to some type of info and can guess something they don’t have clearance to.

20
Q

Take-Grant Model

A

Dictates how rights can be passed from subject to subject, or from subject to object.

Has four rules
Take rule, grant rule, create rule, and remove rule.

21
Q

Access Control Matrix

A

Commonly used in OS and applications
Table that defines access permissions between subjects and objects

22
Q

Graham-denning Model

A

Focuses on the secure creation and deletion of both subjects and objects.

Has 8 primary protection rules.

23
Q

Zachmann Framework for enterprise architecture

A

Six frameworks for providing information sec.

24
Q

Harrison-ruzzo-ullman model

A

Matrix based, variation of graham-denning model.

Six primitive operations.

25
Q

Trusted Computing Base

A

Subset of a complete information system. Combination of hardware, software, and controls working together to form the trusted base or ‘core’ to enforce your security policies. Should be as small as possible.

26
Q

Security perimeter

A

Imaginary Boundary that separates TCB from the rest of system.

27
Q

Goguen-Meseguer Model

A

Integrity Model. Predetermining the set or domain of objects a subject can access.

28
Q

Sutherland Model

A

Integrity Model. Focuses on preventing interference in support of integrity. Sets of States.

29
Q

Star Security Property AKA Confinement Property

A

Subject may not write information to an object at a lower sensitivity level. No write down.

30
Q

Reference Monitor

A

Part of the TCB that validates access to every resource prior to granting access. Stands between every subject and object.

31
Q

Biba vs Bell Lapadula

A