Key Principles

Question 1

Confidentiality

Answer 1

the property that information is not made available to unauthorized entities

Question 2

Integrity

Answer 2

the property that information is not altered or destroyed in an unauthorized manner

Question 3

Authentication

Answer 3

the act of confirming the identity of an entity interacting with a system

Question 4

Authorization

Answer 4

the act of assigning rights and privileges to entities interacting with a system

Question 5

Non-repudiation

Answer 5

the ability to associate actions or changes to a unique individual

Question 6

Least Privilege

Answer 6

Every component and entity has the minimum possible
privileges to complete its task

Question 7

Zero Trust

Answer 7

Dropping privileges is hard.
Start with zero privileges and add only the ones that are necessary.

Question 8

Economy of Mechanism (8 Design Principles for Security)

Answer 8

Design should be as simple as possible. Complex mechanisms are difficult to test.

Question 9

Fail-safe Defaults (8 Design Principles for Security)

Answer 9

Default state should be “lack of access.” Examples: No default pswd, no debugging interfaces or backdoors. Secure initial config. Start with highest security level. Invalid configuration falls back to high security.

Question 10

Complete Mediation (8 Design Principles for Security)

Answer 10

Complete access control -> Every access to every object checked.
Authentication and authorization are critical. Any value that can be influenced by user can’t be trusted

Question 11

Open Design (8 Design Principles for Security)

Answer 11

NOT security by obscurity. Design should be available for everyone to build trust and allow reviews. Security should depend on secrecy of a small token

Question 12

Separation of Privilege (8 Design Principles for Security)

Answer 12

Access depends on more than one condition. Examples: launching missile requires two people and keys, bank safe needs two physical keys

Question 13

Least Privilege (8 Design Principles for Security)

Answer 13

Every component and entity has the minimum possible privileges to complete its task. Examples: Avoid running progs as root, drop privileges when no longer needed

Question 14

Least Common Mechanism (8 Design Principles for Security)

Answer 14

Reduce mechanisms used by more than one component, person…
Reduces surprise interactions. Avoids race conditions.
Reduces dangerous information flows

Question 15

Psychological Acceptability (8 Design Principles for Security)

Answer 15

Easy to use interfaces to tools and technologies otherwise people will use them incorrectly/for the wrong reasons/not at all

Question 16

Trusted Computing Base (TCB)

Answer 16

• an abstraction layer (that represents a small amount of high-privilege software and hardware) that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security
• components responsible for enforcing security policy
• we blindly trust that it behaves correctly, because if it was bad, then all of the security measures we make on the upper levels are pointless

Question 17

Capabilities

Answer 17

• processes have capabilities (NOT users)
• divide root privileges into smaller units that can be enabled/disabled independently
• purpose: only give application the set of privileges it needs

Question 18

Validate ________

Answer 18

Validate INPUT!
Easier and more reliable to define acceptable input by the affirmative (ie input MUST be X, not input is not Y)

Question 19

Sanitize ________

Answer 19

Sanitize OUTPUT!
(remove any sensitive information that you don’t want to be seen, like error messages)

Question 20

Same Origin Policy

Answer 20

• script from one origin can’t access data associated with a different region
• enforced by browser, tracks with objects map where
• ex: Facebook tab on browser can’t read cookies from bank tab

Question 21

MAC (Message Authentication Code)

Answer 21

• mathematical cryptographic summary of the data
• hash + authentication = MAC (Message Authentication Code)
• get MAC when you use your key as input to hash algorithm

Question 22

Security by Obscurity

Answer 22

• when security doesn’t depend on cryptography
• assumes that system complexity –> not understandable to attackers –> system secure
• ok to use obscurity to protect intellectual property, but bad to use as the foundation of a system’s security

Question 23

Intrusion Detection Systems (IDS)

Answer 23

• goal: detect attacks on a system
• contrast to prevention, recovery
• blocklisting & allowlisting signatures of known events
• blocklisting prone to false negatives
• allowlisting prone to false positives

Question 24

Linux Kernel

Answer 24

Major component of TCB, able to interpose on or inspect everything a program does

Operates in supervisor mode:
- Process management.
- Memory management.
- Filesystem.
- Device drivers and hardware abstraction.
- Enforcement of security model & policy.

Question 25

Processes

Answer 25

• Units of computation.
• Has own virtual memory space.
• Code, data, stack, heap, CPU context, kernel controlled-resources.
• OS isolates processes from each other. Can have multiple threads of execution.
• processes act on behalf of a user, sensitive operations checked against user credentials

Question 26

Attributes of Processes

Answer 26

Process ID (PID): unique identifier
User ID (UID): owner user
Effective User ID (EUID): checked for access control
Saved User ID (SUID): to temporarily drop and restore privileges

Question 27

Content Security Policy (CSP)

Answer 27

• lets websites declare allowed origins of content
• server specifies the policy in Content-Security- Policy header in HTTP response. Browser enforces the policy
• dangerous features disabled (eval(), inline CSS, inline JavaScript and event handlers)
• effective against XSS: can’t inject inline code & can’t include code from attacker origin

Question 28

Cross-Origin Resource Sharing (CORS)

Answer 28

• mechanism to relax SOP, to allow controlled cross-origin requests
• browser allows scripts to access cross-origin resources if the server indicates this is allowed via special HTTP headers

Question 29

Subresource Integrity (SRI)

Answer 29

• mechanism to protect integrity during website delivery when assets are delivered through a third party (e.g., a CDN)
• website owner includes hashes of assets and browser verifies hash after retrieving resource

Question 30

Least Privilege

Answer 30

• explicitly declare what you can do
• every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose

Question 31

Golden rule of crypto

Answer 31

DON’T BUILD YOUR OWN CRYPTOGRAPHIC PRIMITIVES
- its super hard and you will mess up.

Question 32

Untrusted input is…

Answer 32

anything that comes from the external world