Egna frågor 1 (koncept) Flashcards
What does confidentiality mean?
The resource is protected from unauthorized read access
What does integrity mean?
The resource is protected from unauthorized write (change or delete) access
What does availability mean?
The resource can be accessed by authorized subjects in an unaltered way
What are the three main security counter measures?
Prevention
Detection
Response
What is as important for PET?
Data and metadata
What is important for TET?
Fairness concern: bias, discrimination
Accountability concern: compliance
Transparency concern: explainability
Explain the principle of least privilege
The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work. Under POLP, users are granted permission to read, write or execute only the files or resources they need to do their jobs: In other words, the least amount of privilege necessary.
Explain the principle of complete mediation
Every access to every object must be checked for authority. This principle, when systematically applied, is the primary underpinning of the protection system. It forces a system-wide view of access control, which in addition to normal operation includes initialization, recovery, shutdown, and maintenance. It implies that a foolproof method of identifying the source of every request must be devised. It also requires that proposals to gain performance by remembering the result of an authority check be examined skeptically. If a change in authority occurs, such remembered results must be systematically updated.
Explain the principle of economy of mechanism
Keep the design as simple and small as possible. This well-known principle applies to any aspect of a system, but it deserves emphasis for protection mechanisms for this reason: design and implementation errors that result in unwanted access paths will not be noticed during normal use (since normal use usually does not include attempts to exercise improper access paths). As a result, techniques such as line-by-line inspection of software and physical examination of hardware that implements protection mechanisms are necessary. For such techniques to be successful, a small and simple design is essential.
Explain the principle of open design
The principle of open design states that the security of a mechanism should not depend on the secrecy of its design or implementation.
Explain the principle of psychological acceptability
The principle of psychological acceptability states that security mechanisms should not make the resource more difficult to access than if the security mechanisms were not present. Configuring and executing a program should be as easy and as intuitive as possible, and any output should be clear, direct, and useful.
Explain the principle of separation of privilege
In computer programming and computer security, privilege separation is a technique in which a program is divided into parts which are limited to the specific privileges they require in order to perform a specific task. This is used to mitigate the potential damage of a computer security vulnerability.
A common method to implement privilege separation is to have a computer program fork into two processes. The main program drops privileges, and the smaller program keeps privileges in order to perform a certain task. The two halves then communicate via a socket pair. Thus, any successful attack against the larger program will gain minimal access, even though the pair of programs will be capable of performing privileged operations.
Explain the principle of least common mechanism
The principle of least common mechanism states that mechanisms used to access resources should not be shared. Sharing resources provides a channel along which information can be transmitted, and so such sharing should be minimized.
Explain the principle of fail-safe defaults
The principle of fail-safe defaults states that, unless a subject is given explicit access to an object, it should be denied access to that object. Whenever access, privileges, or some security-related attribute is not explicitly granted, it should be denied.
Other definition:
Fail-safe defaults: Base access decisions on permission rather than exclusion. This principle means that the default situation is lack of access, and the protection scheme identifies conditions under which access is permitted.
Explain the principle of privacy by design
Privacy by design means that the privacy protection rules are taken into account already when IT systems and procedures are designed. It is a way to ensure that the General Data Protection Regulation’s requirements are complied with and that the data subjects’ rights are protected.
What is the definition of weak collision resistance?
Given an arbitrary x there exists no x’ with x’ != x so that h(x) = h(x’)
What is the definition of strong collision resistance?
There exist no x and x’ with x != x’ so that h(x) = h(x’)
What is the difference between strong and weak collision resistance?
The obvious difference in their definitions is that for weak collision resistance we assume to be bound to a particular choice of x, whereas in the definition of strong collision resistance we are free to arbitrarily choose our x and x’.
What two properties does the Bell-LaPadula model enforce?
The simple security property: no process may read data at a higher level.
This is also known as no read up (NRU);
The *-property: no process may write data to a lower level. This is also
known as no write down (NWD).
Explain mandatory access control
In general, when systems enforce a security policy independently of user actions, they are described as having mandatory access control, as opposed to the discretionary access control in systems like Unix where users can take their own access decisions about their files.
What is the Chinese wall model?
The goal of the Chinese Wall Model is to ensure that information can not flow between two corporations being in conflict of interest.
The objects (i.e. unit of information) are grouped into datasets. Each dataset represents a corporation. Moreover, each dataset belongs to one or more conict of interest class (CI).
There are two main rules to respect:
(ss-rule) a subject can read an object if
the object is in a dataset that has been already accessed by the subject or the object belongs to a CI that has never been accessed by the subject
(*-rule) a subject can write an object O if
the subject can read the object and
the subject can not read objects outside the dataset of O.
What is the Compartmentation and the lattice model?
Basic idea: accessing the information requires both clearance and membership in the suitable group.
What is the BMA model?
Developed by the British Medical Association to describe the information flows permitted by medical ethics. Each of these has potential applications outside its initial field.
What does metamorphic mean in terms of viruses?
Metamorphic code is used by some viruses when they are about to infect new files, and the result is that the next generation will never look like current generation. The mutated code will do exactly the same thing (under the interpretation used), but the child’s binary representation will typically be completely different from the parent’s. Mutation can be achieved using techniques like inserting NOP instructions (brute force), changing what registers to use, changing flow control with jumps, changing machine instructions to equivalent ones or reordering independent instructions.
Polymorphic malware also makes changes to code to avoid detection. It has two parts, but one part remains the same with each iteration, which makes the malware a little easier to identify
Metamorphic code can also mean that a virus is capable of infecting executables from two or more different operating systems (such as Windows and GNU/Linux) or even different computer architectures. Often, the virus does this by carrying several viruses within itself. The beginning of the virus is then coded so that it translates to correct machine-code for all of the platforms that it is supposed to execute in. This is used primarily in remote exploit injection code where the target platform is unknown.
