Domain 3: Security Engineering; Security Models Flashcards
Is Bell-LaPadula mandatory or discretionary?
Mandatory.
What is reading down?
When a subject reads an object at a lower security level.
What is writing up?
When a subject passes information to an object which has higher sensitivity than the subject has permission to access.
What is the State Machine Model?
A state machine model is a mathematical model that groups all possible system occurences, called states. Every possible state of a system is evaluated, showing all possible interactions between subjects and objects. If every state is proven to be secure, the system is proven to be secure.
What is the focus of the Bell-LaPadula Model?
Maintaining the confidentiality of objects. This means not allowing users at a lower security level to access objects at a higher level.
What are the two rules Bell-LaPadula observes?
The Simple Security Property and the * Security Property.
What is the Simple Security Property?
“no read up”. A subject at a specific classification level cannot read an object at a higher level.
What is the * Security Property? (Star Security Property)
“no write down”. A subject at a higher classification level cannot write down to an object at a lower level.
Within the Bell-Lapadula access control model, what are the two properties that dictate how the system will issue security labels for objects?
The Strong Tranquility Property states that security labels will not change while the system is operating. The Weak Tranquility Property states that security labels will not change in a way that conflicts with defined security properties.
What is Lattice-based access control?
Lattice-based access control allows security controls for complex environments. For every relationship between a subject and object, there are defined upper and lower access limits implemented by the system. The subject can be allowed access to higher or lower classification depending on their needs. Subjects have a Least Upper Bound (LUB) and Greatest Lower Bound (GLB) depending on their position in the latice.
What is the Biba-Model?
Focuses on Integrity of data. “no write up;no read down”. This prevents bad data from being written to higher classification levels, and bad data being read from lower classification levels.
Within the Biba-Model, the rule for “no read down” is called?
The Simple Integrity Axiom.
Within the Biba-Model, the rule for “no write up” is called?
The * Integrity Axiom.
What is the Clark-Wilson model?
Clark-Wilson is a real-world integrity model that protects integrity by requiring subjects to access objects via programs. Because the programs have specific limitations to what they can and cannot do, this model effectively limits the capabilities of the subject.
What are the two primary concepts Clark-Wilson uses to ensure the security policy is enforced?
Well-formed transactions and Separation of Duties.