Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Information security > Introduction to Information security > Flashcards

Introduction to Information security Flashcards

1
Q

What is a threat

A

A potential occurence that can have an adverse effect on the assets and resources of a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a vulnerability

A

A characteristic in a system that allows for a threat to occur. A weakness in the system that makes the threat possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an attack

A

An action that involves exploiting a system vulnerability in order to cause an existing threat to occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 4 types of threats?

A

Disclosure, deception, disruption and usurpation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is disclosure?

A

When information is available or leaked to an attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is deception?

A

Providing false information or tricking someone to do what you want them to do.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is disruption?

A

Preventing communication from happening, for example disrupting information from being shared

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is disruption?

A

Preventing communication from happening, for example disrupting information from being shared

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is usurpation?

A

When someone gets unauthorized access to a system or parts of a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is snooping?

A

And disclosure attack where someone is getting and viewing information they weren’t supposed to have. Usually done with direct access to a machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the CIA triad that is used to uphold computer security?

A

Upholding the three properties of confidentiality, integrity and availablility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is confidentiality?

A

Prevention of disclosure of authorized information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is integrity?

A

Prevention of unauthorized modification of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is availability?

A

The ability to withstand unauthorized withholding of information.
The necessary and promised data and system functionality should be available for indiviuals when they need them to be.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is accountability in respect to of information security?

A

Who can you blame or account resources to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is non-repudiation?

A

Not being able to deny one’s actions or repudiate, because of evidence or records of the action happening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is computer security?

A

A system needs to behave in the way the designer intended it to.
Preventing attackers from achieven objectives through unautherized acces or use of systems.
How a system behaves in respect to integrity, confidentiality and availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are security policies?

A

Policies set by organizations to keep their organization secure.
Tells what you are and aren’t supposed to do (i.e. going to certain websites on a work computer, downloading apps)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is security mechanisms?

A

Ways to enforce security policies to make them work in practice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is one way that a security policy can be viewed as successful/effective?

A

When the policy handles multiple states of a system (secure states, insecure state) and there is no way for a system to transition to move from a secure to an insecure state. The system must also begin in a secure state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are three concept that can be used in security mechanisms to enforce security policies

A

Prevention (making sure aspects of the policy can’t be violated)
Detection (detecting policy violation, or determining when the policy was violated).
Recovery (Being able to revert back to a secure state after violation).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are some types of security mechanisms?

A

Physical controls: Physical mechanisms that stop things from happening (locks)

Hardware and software controles: Mechanisms that can run checks/test to ensure a policy is held (access control, authorization).

Cryptography: Enforces confidentiality and integrity inside computer systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are some methods to decide what security mechanisms to put into practice?

A

Evaluate added cost to possible mechanisms when their in use - mitigating (how to make things expensive for an attacker)
Laws and regulations
Risk analysis and assesment (likelyhood, possible consequences, how tolerable is the risk)’
Cost-benefit analysis (calculates the benefits of implementation and the associated cost of doing so)
Human issues (usability): Prioritizing mechanisms that are easy for users to use or realistic that users actually will use properly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What does security mechanisms want to accomplish?

A

Making the system so difficult to attack or so expensive to penetrate that it is no longer worth it for an attacker to do so

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
What does security mechanisms want to accomplish?
Making the system so difficult to attack or so expensive to penetrate that it is no longer worth it for an attacker to do so
24
What is mitigantion in regards to information security?
Reduction of severity or seriousness of an event. Centered around limiting impact of threats
25
What is hacktivism?
The action of hacking with politically or socially motivated purposes
26
What is an hobbyist hacker?
A hacker who's is not employed by the government or an organization
27
What happens during a security breach
A system has transitioned from a secure state to an insecure state
28
What is security by designation
A user grants authority, so the user has the necessary context to know why it should be granted.
29
What is security by admonition?
The program initiates the request for authority. A user might not understand if it should be granted or not. A user may not have the context to decide whether to grant it.
30
When is security by admonition required?
When a user is likely to grant an actor the ability to do something that the user doesn't want.
31
What is the principle of "Path of least resistance"?
The most natural way of executing a task should also be the safest
32
What is the principle "Appropriate boundaries"? (TODO)
33
What is the principle of "Explicit authorization"?
A user’s authority should only be granted to another actor through an explicit user action understood to imply granting.
34
Define the principle of "Visibility" in secure interaction design
The interface should let the user easily review any active authority relationships that could affect security decisions.
35
Define the principle of "Recoverability" in secure interaction design
The interface should let the user easily revoke authority that the user has granted, whenever revocation is possible.
36
Define the principle of "Expected ability" in secure interaction design
The interface should not give the user the impression of having authority that the user does not actually have.
37
Define the principle of "Trusted path" in secure interaction design
The user’s communication channel to any entity that manipulates authority on the user’s behalf must be unspoofable and free of corruption.
38
Define the principle of "Identifiability" in secure interaction design
The interface should ensure that identical objects or actions appear identical and that distinct objects or actions appear different
39
Define the principle of "Expressiveness" in secure interaction design
The interface should provide enough expressive power to let users easily express security policies that fit their goals.
40
Define the principle of "Clarity" in secure interaction design
The effect of any authority-manipulating user action should be clearly apparent to the user before the action takes effect.
41
What are the 5 steps in the methodology for physical security?
Assessment, assignment, arrangement, approval, action
42
What is assesment in physical security methodology?
A thorough examination of the facility to be protected - Scope of the property - Establish all points of entry and egress - Potential points of entry and egress - Existing security measures - Evaluation of physical property - Risk assessment (how much risk is there)
43
What is assignment in physical security methodology?
Establish the required level of security for specific areas and assets within the facility - High level (data centers, executive offices, finance and acconting) - Medium (Entry and egress, reception, elevators) - Low level (Common areas, cubicle farm)
44
What is approval in physical security methodology?
Submit all plans, costs to get them approved - Hardware (quotes form vendors) - Costs (plan A-B-C - have multiple plans, flexibility, options) - Schedules (time frame from completion, interference with business operations)
45
What is action in physical security methodology?
Implement the proper security plans - Construction (construction, inspection, corrections) - Training (security officers, users, policy) - Testing (ensure systems works as planned, compliance testing)
46
What are the four fundamental design principles?
Principle of open design, principle of sweeping simplifications, principle of design iteration and principle of least astonishment
47
What is the principle of open design in design principles?
Get others to comment and give feedback on you design. "Given enough eyeballs, all bugs are shallow". The more people that looks at the system, the bigger a chance that flaws, vulnerabilities and errors are found.
48
What is the principle of sweeping simplifications in design principles? (KISS - keep it simple stupid)
The less complicated something is, the less likely it is that someone made an error in the design or implementation of the system. Complexity is the enemy of security. To achieve this in complex systems, implement layering where each layer implement the principle of sweeping simplifications, and only communicate with the adjacent layers.
49
What is the principle of design for iteration in design principles?
Design your software in a way that makes it possible to implement changes later on. Important since priorities and threats change over time. Being able to adapt and update a system over time
50
What is the principle of least astonishment in design principles?
As software are written for the user, if any error occurs, these should be presented in a way that makes sense to the user. The system should create an experience that follows what the user thinks should happen. Connected to the principle of phsycological acceptability. Security mechanisms should be comprehensable and fit efficiantly into user activities.
51
What is the principle of minimizing secrets in design principles?
Secrets shoul be few and should be easily changable. These should not be baked into the code, and changing them should not require chenging of the source code. Should never assume that the attacker can't see the code - the code itself is not secret. The security of a mechanism should not depend upon secrecy of it's design or implementation (obscurity). Secrets should also maximize entropy, meaning they should increase an attacker's work factor
52
What is the principle of complete mediation in design principles?
All access to objects should be checked to ensure allowed access. One of the most vital parts of system security is access control. This principle is often embedded in the piece of software called reference monitor, which checks the authenticity, authorization and integrity of access requests. Every request should be checked. Access rights are always completely validated, every time an access occurs.
53
What is the principle of fail safe defaults in design principles?
The default values in a system should be sane and secure. The idea is to "fail-closed", meaning to fail in a way that does not compromise other parts of the system. "Fail-open" would allow an attacker to achieve some objective. Default behaviour of a system should be a safe one. Don't fail and then let all requests in, rather fail and let no requests in. No access by default - for example.
54
What is the principle of least privilege in design principles?
Privileges should only be granted such that an individual can perform their duty, and nothing more. Permissions must also be granular enough to only grant the permission nedded to fulfill the duty. This principle also ensures privacy
55
What is the principle of economy of mechanism in design principles?
Security mechanisms should be as simple as possible. Complex security mechanisms leads to errors.
56
What is the principle of least common mechanism in design principles?
Mechanisms used to access resources should not be shared. Shared resources can lead to denial-of-service attacks or other attacks. An example is when seperate processes execute with shared CPU/RAM resources, the different processes can affect each other (?).
57
What is security by obscurity?
When a system tries to increase security by hiding parts of the system. For example hide design or implementation. This is not good and will not work, as one should always assume an attacker has access to the source code.
58
What is the principle of separate privileges in seure design patterns?
A protection mechanism is more flexible if it requires two seperate keys to unlock - allowing for two person control. An example are dual-keys for safety deposit boxes.
59
What is the principle of Physological aceptability in secure design principles?
A policy interface should reflect the user's mental model of protection. This is to avoid users using a mechanism incorrectly if the mechanism does not make sense to them. Passwords fail this, even though people know they should use strong passwords, not share them, and not re-use them, people will still do that.
60
What is the physical security principle of "work factor"?
Stronger security will make the attacker work harder, in software security this would translate to trial-and-error attempts. Larger and more complex password and encryptions will lead to more attempts required to guess them. However, as attackers penetrate system by exploiting vulnerabilities that does not rely on trial-and-error this principle does not necessarily relate to all software security situations.
61
What is the physical security principle of "compromise recording"?
A system should keep attack records even if the attacks aren't blocked. In software security the benefit of these records can be questionable. If a system weren't able to prevent an attack that modified data, the attack records themselves may have been modified - questionable integrity.
62
What is the security principle of Defence in depth?
A system shouold be built with independant security layers, making it necessary for an attacker to break through multiple security measures. This echoes the least common mechanism - but targets a separate problem
63
What is the security principle of Chain of control?
Ensure that trustworthy software is being executed, or that the software's behaviour is restricted to enforce the intended security policy. Malware should not be able to redirect the CPU to execute its code with enough privileges.
64
What is the principle of Transitive trust?
If A trust B, and B trust C, then A also trusts C.
65
What is the principle of duty?
Decompose a critical task into separate elements performed by seperate individuals or entities.
66
What is threat modelling?
Reflecting on what can happen to a system, where is the vulnerabilities, what is the security issues? What are you concerned about an attacker doing? How can we go about addressing these conserns? Find out what parts of the system are prioritized, what needs protection and what doesn't. Which ways would you protect the different parts of a system? Think about the integrity of the different parts of the system, and the information stored there.
67
What are the steps in the security life cycle (threat modelling)
- Threats: What threats do we have? - Policy: What policies is put in place to mitigate those threats - Specification: Specify how the policies would work in the system - Design: Design the system - Implementation: Implement the system - Operation and maintenance As new threats or new things comes up in the cycle, the steps needs to be moved through again to adapt to these changes.
68
What is a threat?
Something that can happen to a system (data leak, data modification...)
69
What is a vulnerability?
A weakness in a system that allows for a threat to occur.
70
What is an attack?
An action that exploits a vulnerability to cause a threat to occur.
71
How do you use risk to decide which security mechanisms to implement?
As security mechanisms can affect things like performance and costs, complex and unecessary security mechanisms shouldn't be implemented unless there's a big enough risk.
72
What are assets?
Data, personell, devices, facilities and systems that allows the organization to achieve its purpose.
73
What is done during threat modelling?
First we need to get an understanding of the system we are protecting (study the details, are there any design flaws, how does the system work). Then the assets and resources we are trying to protect are identified. Then we try to predict who the adversaries/threats against our assets are, and what they might do to try and gain access to the assets (attack trees, attack graphs). What resources and abilities do they have? Remember, attackers get better over time. If a system is deployed to last over many years, the mitigations should last as long. Then we try to determine the risk associated with the asstes. Finally, necessary security techniques are deployed to mitigate the attacks we have. You prioritize security analysis and develop mitigations based on the potential severity of things.
74
What are attack trees?
Tools used to list the threats and attacks, and reason how different activites can occur and how these can work together to achieve an attack. Allows to systematically consider potential attacks that may realize a threat. The parent node is the action/goal (rob a bank) The child nodes describes what will happen to make this occur (steal a gun AND hold up the teller). When both child nodes need to happen - are dependant on each other (AND) we draw a connector between them. If only one need to happen (OR) there is no connector between the children (climb through the airvent or sneak in through the back door) The lowest children/leaf nodes is what needs to happen to achieve their parent, and so on until we reach the root node.
75
What are the steps of threat modeling?
1. Understand your system 2. Understand what assets/resources need to be protected 3. Predict who the potential attackers are against a particular asset, and what are the possible attacks? 4. Perform risk assessment. Determine what is the expected risk (quantitive and qualitative) because of an attack. 5. Perform risk management. Employ security mechanisms (mitigations), if needed. Determine if these are cost affective.
76
What is the microsoft STRIDE model?
A model used to decide what threats are possible against our system and likely to happen, and that categorizes threats into: - Spoofing: - Tampering - Repudiation - Information disclosure - Denial of servide - Elevation of Privilege
77
What is the DREAD model used in threat modeling?
A model used to rank threats in order to know what is most important to take care of immediately. The method ranks threats based on: - Damage - Reproducibility - Exploitation cost - Affected users - Discoverability Rate each of these from 1-5 and add these up to a total rating for the given attack.
78
What is risk?
Whenever there is an asset, that asset may be at risk. A risk is when there is a chance that a negative event will occur that may cause loss of value.
79
What is risk analysis/risk assessment/risk management?
The process of identifying assets at risk, putting measurements on potential loss and assigning a probability of a negative event occuring. Process of planning how to control risk.
80
How is risk calculated mathematically?
risk = p(attack) * c(attack) p: probability c: consequence
81
What are IT assets?
Subset of assets including information, IT processes and functionality, IT systems.
82
What are the 4 things often done when doing risk assesment?
Risk reduction, mitigation, transfer and acceptance
83
What is risk reduction?
Making it less likely that a negative event happens
84
What is risk mitigation?
Making it so that when something negative happens, it is less impactful
85
What is risk transfer?
Making it so that when a negative event happens, all the negative impact does not land on you.
86
What is risk acceptance?
When one is willing to accept the given amount of risk
87
Describe the quantitive approach to risk assessment
Compute the expected monetary loss of all events that affect and asset. Then calculate the probability of each event occuring. Use risk formula to calculate an exact numerical risk value.
88
Describe the qualitative approach to risk assessment
Use categories such as low, medium and high to label events that threatens an asset and label the consequence of this event occuring. High impact + low probability = Medium risk
89
Give an example of how risk is being qualitatively labeled?
The department of defense in the USA is using these labels to label risk: Confidential: Unautherized disclosure of which reasonably could be expected to cause damage to national security secret: Unautherized disclosure of which reasonably could be expected to cause serious damage to national security top secret: Unautherized disclosure of which reasonably could be expected to cause exceptionally grave damage to national security
90
What is the advantages of using and quantitative approach to risk assesment?
It gives you an exact number that can be presented and compared with other senarios. Good for reliability questions (disks failing, time to failure)
91
What is the disadvantages of using a quantitative approach in computer security?
Failures are not random. Attackers and their skill-level and motivation can drastically change a company's risk profile. This makes it difficult to calculate probability. Difficult to be sure the values calculated are correct and presise, will often be inaccurate.
92
What is Single loss expectancy (SLE)?
The monetary loss of one asset being compromised because of a risk
93
What is Annual rate of occurence (ARO)
Describes the annual frequency of a threat occuring
94
What is Annual Loss Expectancy (ALE)
Multiply the SLE with the ARO (SLE x ARO)
95
What is ACS in risk assessment?
...
96
What is ANB in risk assessment?
...
97
What is a Cyber killchain and what is it's purpose?
The model identifies what adversaries must complete in order to achieve their goal. Understanding the steps of an attack.
98
When using attack trees, what are the difference between continuous labels and using boolean labels for the nodes?
Boolean labels: If a node is expensive/non-expensive, possible/impossible, easy to estimate/measure/label Continuous label: exact cost of node (75K), difficult to measure presisely - potential large error
99
What does system security engineering concern?
Identifying security risk, requirements and recovering strategies. Involves defined processes through which designers develop security mechanisms.
100
What does system security engineering concern?
Identifying security risk, requirements and recovering strategies. Involves defined processes through which designers develop security mechanisms.
101
Give example of the 3 steps of threat modelling when dealing with a complex software system
Characterizing the system: Understanding system componentsand their interconnections, understanding assumptions, dependencies. Creating a system model emphasizing its main characteristics Identifying assets and access points Identifying threats: Creates the threat profile of the system. Describes which attacks needs to be mitigated and which are accepted as low risk
102
What is done when characterizing a system during threat modelling
Understanding system componentsand their interconnections, understanding assumptions, dependencies. Using different modeling techniques (Network modelling, Data Flow Diagrams, to dissect a system into its functional components)
103
Why are Data Flow Diagrams usefull during threat modelling
Allows for easier identifying threats by following adversary's data and command as they are processed by the system. See how they are parsed and acted on, and seeing which assets they interract with
104
What is done when assets and access points are identified during threat modelling
Who are the potential adversariies? What is their motivation and goals? How much inside information do they have?
105
What are access points in a system?
What attackers use to gain access to the assets (sockets, config files, read/write filesystem access)
106
What is a trust boundary?
Is a boundary across which there is a varied level of trust
107
What is a trust level?
The level of trust needed to access certain parts of a system
108
What is done when threats are identified during threat modelling
Stepping through each system asset and connect a list of attack goals to that asset. Correlating threats to assets by creating adversary hypotheses
109
What is spoofing?
Using someone else's credentials to gain access to an asset
110
What is tampering?
Changing data to mount an attack
111
What is repudiation?
When a user denies performing an action, but the target of the action has no way of prooving othervise
112
What is information disclosure?
Disclosure of information to a user who does not have permissions to see it
113
What is denial of service?
Reducing the ability of valid users to access resources
114
What is elevation og privileges?
Occurs when an unprivileged user gain privileged status
115
What is mitigating a risk?
Reduce the risk or the consequences with countermeasures
116
What is an example of transfering risk
Having insurance, giving warnings
117
How is attack trees built
Root node: Goal Leaf nodes: Different ways of achieving the goal AND nodes: Represent steps to achieving the same goals. Nodes with the same parent, that all needs to be fulfilled OR nodes: Alternative ways to achieve the same goal Node values: Bool (Impossible I, Possible P, legal/illegal, expensive/non-expensive), continuous (exact cost, probability...). Can combine continuous values - node have both cost and probability. Or cost and f it needs special equipment to execute. Countermeasures can affect node values: bribing would originaly be 10K, but if you pay them 80K, the new cost would be 70K. Bool Value of OR node: Possible if any child is possible Bool Value of AND node: Only possible if all children arepossible Continuous value of OR node: Value of cheapest child Continuous value of AND node: Sum of all children
118
How do you create attack trees?
Identify goals- these will be the root nodes of individual trees. Think of all attacks against each goal and add them as child-nodes down the tree. Repeat down the tree until done. Research node values
119
Which three statements holds true when considering a computer system that is a finite stat automation with state transitions?
- A security policy is a statement that partitions a system into a set of secure and authorized states, and a set of non-secure or unautherized states. - A secure system will start in an authorized state and cannot enter an unauterized state - A breach of security occurs when a system enters an unautherized state.
120
What are two forms that security policies come in?
A security policy that lists a sries of rules that must be followed in order to ensure safety of the organization. Tells you what you are and aren't supposed to do. The second is a more technical and complete way to model a security policy. A security policy will ensure that one can only reach/transitiobn to a secure state of a system when one starts off at a secure state of the system. Security policies for a system should take care of and ensure different security properties are being achieved. For example properties such as integrity, availability and confidentiality.
121
When does information have the property of confidentiality?
X are some entities, and Y are some information. Y has the property of confidentiality with respect to X if no member of X can obtain information of Y. A confidentiality policy is effective if the policy ensures Y its property of confidentiality.
122
When does information have the property of integrity?
X are some entities, and Y are some information. Y has the property of integrity with respect to X if Y is unmodifiable by X. A integrity policy is effective if the policy ensures Y its property of integrity.
123
When does information have the property of availability?
X are some entities, and Y are some information. Y has the property of availability with respect to X if all members of X can access Y. A availability policy is effective if the policy ensures Y its property of availability.
124
What is a security mechanism?
The thing that actually enforces a policy. The things that do the actions that prevent you from bypassing a policy.
125
What are the difference between security policies and security mechanisms?
policies set rules, mechanisms enforces them
126
What are military based security policies?
Policies design to protect information and prevent it from getting in the wrong hands.
127
What are commercial based security policies?
Integrity based security policies that tries to prevent people from tampering with and modify information.
128
What is a security model?
A model that represent a bunch of security policies to make us understand if the set of policies do infact provide the necessary protection for the system we want to protect. Put the policies and all its actors into context.
128
What is a security model?
A model that represent a bunch of security policies to make us understand if the set of policies do infact provide the necessary protection for the system we want to protect. Put the policies and all its actors into context.
129
What is the Bell-La Padula model (BLP)?
A model used to provide confidentiality to a system. Have a set of subjects and objects where each subject and object has their own clearance and/or classification to them. There is different rules of who are able to read and write to these subjects of different classification. Classification examples: Top Secret, secret, confidential, unclassified Who can read files in a system? - Every person who has reason to read the given files, and whos classification is the level above the files level. Meaning people can read all files with lower (or the same) classification as themselves, that they have reason to read.
130
What are the two rules of the BLP model?
Simple security property: You can only read information with the same clearance as yourself, or clearance below, that you have a reason for needing to read. Security clearance of object has to be at least as high as that of the object. L(o) <= L(s), s: subject, o: object Start property (*-property): People can only write to things at their level of clearance, or higher. A subject s who have read access to an object p, may have write access to an object o, as long as o has higher clearance than p, and s has discretionary write access to o. L(o) >= L(p).
131
What does the two rules of the BLP model want to prevent?
The two rules want to prevent classified information to leak to subjects with lower classification that the information it self. This is prevented by not allowing write-down, meaning a person who can read top level cleared information, cannot write to files below this top clearance level.
132
Describe the "Basic security theorem"
If you have a system with a secure initial state, and you define all the transformations according to the two rules/properties of the BLP model, a system will be secure.
133
Name a way in which the BLP model is impractical
People of high clearance often need to communicate with people below their clearance. However, to allow this, the *-Property of the BLP model is ignored, meaning the models theoretical guarantee of the security of a system is broken.
134
What is the Need to Know Principle?
If a person need to know certain information, they should be able to obtain and read it. However, if a person not necessarily needs to know a piece of information, even if the information is of the same clearance level, they should not be able to obtain it.
135
How is compartmentalization used in the BLP model?
Information should be appointed a compartment in addition to a clearance level. If a person want to read the information in a compartment, they would then need both the required clearance level, in addition to access to the given compartment.
136
What is the tranquility principle?
An assumption maked in the BLP model is that security levels of information and subjects are constant. This is however often not the case in practise. With tranquility you want to think about how security levels within a system can change. Strong tranquility would mean that security properties will not change during the lifetime of the system, where as weak tranquility would mean that security properties will change over time, but not in a way that violates the security assumptions.
137
Describe the Biba Integrity model
Model focusing on integrity and has a hierarchical construction. Each object and subject in a system is labeled with an integrity label. If someone wishes to write to some piece of data, the data should benefit from the integrity of the individual, or at least remain neutral. This means that a subject can only write to data equal to its level, or below. Subject should only read data that would increase their integrity, meaning they can only read data with greater or equal integrity to their own.
138
Compare the BLP model and the Biba model
BLP is for confidentiality and Biba is for integrity. The hierarchicals structure of the models are reversed: - BLP allows read-down, but not write-down (read equal or below, write equal or above.) - Biba allows read-up, but not write-up (read equal or above, write equal or below.)
139
Describe the Lipner's model
More practical model compared to the Biba model and the BLP model. Contains three principles that ensure an organization remains safe. - Separation of duty: If two or more steps are required to perform a critical function, at least two different people should perform the steps. - Separation of function: Resources such as servers, repositories, etc. should be isolated from each other based on function. - Auditing
139
Describe the Lipner's model
More practical model compared to the Biba model and the BLP model. Contains three principles that ensure an organization remains safe. - Separation of duty: If two or more steps are required to perform a critical function, at least two different people should be needed to perform the steps. - Separation of function: Resources such as servers, repositories, etc. should be isolated from each other based on function. Example, don't run testing and production code on the same systems. - Auditing: An organization should analyze system to determine what actions took place, and who performed them. (Focus on non-repudiation) Can use Biba and BLP to prove the system holds the necessary security properties
140
Describe the Clark-Wilson Integrity Model
Tackles how an entity is allowed to change data. The model formalizes the notion of information integrity. Uses transactions, which are way of doing modification of data in a database. The model defines enforcement rules and certification rules that define data items and processes that provide the basis for an integrity policy. One party goes and does a transaction, and another arty certifies that the transaction are accurate and follows a set of rules. As long as both parties does not collude, the system is secure.
141
When using the Clark-Wilson model, when transactions are done, information of the transaction is appended to a log. Why is it necessary that it is only possible to append information to this log, and not modify it in the log?
142
Describe the chinese wall model
The model builds on the principle of avoiding conflict of interests between different businesses, by allowing for a company to only provide services for companies that do not directly compete with each other.
143
Describe the chinese wall model
The model builds on the principle of avoiding conflict of interests between different businesses, by allowing for a company to only provide services for companies that do not directly compete with each other.
144
How would you define trust in a cyber security context?
The expectation that arises within a community of regular, honest, cooperative behaviour based on commonly shared norms. For example, when we say we trust security mechanisms, we don't trust the mechanisms themselves, but rather the organisation that implemented them. The reason we trust the organisation is because of our common set of norms, which include the concept that a security mechanism should protect data, and not put it at any risk.
145
What is a security policy with relation to trust?
Security policies are related to trust, because they are related to mechanisms, which are inherently trust decisions. Security policies communicate to trustworthy and cooperative people that norms are expected of them. As these parties as cooperative, they will comply to these expectations. When defining trust reliant on the concept of shared norms, a security policy is an explicit definition of the norms on which we base our trust desicions. (Policies define what we expect of parties in regards to their behaviour and intent).
146
When implementing a security mechanism, what happens in regards to tryst?
A trust boundary is creating. This essentially mean that the system is divided into parts we expect untrusted-subject to have access to, and parts only trysted parties an access.
147
Why is trust important to consider?
If system would be designed to create trust bounderies for every possible subject, at some point the costs of implementation would exceed the cost of potential negative outcome. Therefore it is important to realise that some parties, actually most parties, are trustworthy and comply with social norms.
148
What three questions should we have in mind when forming security policies?
1. What behaviour do we want to see upheld? 2. Is our policies clear? (violation of policies are more likely to be caused my misunderstanding than of malicious intent) 3. Who do we trust and distrust?
149
What are three things that help keeping people trustworthy and stay away from malicious actions?
1. Moral pressure (we are taught from a young age toact according to social norms) 2. Reputational pressure (Companies would not want to be caught doing something that could destroy their reputation) 3. Institutional pressure (if penalty exceed the potential gain, most people would stay away from the action)
150
What three things should we think about when deciding which mechanisms to use?
1. Do I trust the mechanism? 2. Does the asset sit between the asset i wish to protect and the untrusted party? Does it create the proper trust boundary? 3. Does the mechanism enforce the norm or desired policy?
151
What are the general principles of security policies?
The management of the organisation should actively take action to comply with the policies. If not, it will be difficult to get the rest of the organisation to comply.
152
In an organisation, who is it important that is concerned about the security aspect?
Managers, system designers, end users in some degree, company lawyers
153
Name the two types of security policies
Inclusive- and exclusive policies
154
What are inclusive policies?
Policies that specifically defines which behaviour is allowed. Behaviour that is not mentioned, is automatically not allowed. (White list)
155
What are exclusive policies?
Policies that specifically defines which behaviour is not allowed. Behaviour that is not mentioned, is automatically allowed. (Black list)
156
What are exclusive policies?

Information security (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions