Lecture 10 Flashcards
Security Models
What is the first thing to do when developing security models for an organization/fixing security issues?
evaluate the current levels of security exposure
What are Security Models used for?
formalize security policies by providing a set of rules.
When a system complies with a set of ________, it can be said to exhibit a level of trust.
security criteria
The _____, known as the orange book, is a combination of hardware software, and controls that work together to form a trusted base to enforce your security policy.
A. Trusted Control Baseline
B. Trusted Computing Base
C. Bell-LaPaluda
D. TCSEC
B. Trusted Computing Base
In the TCB, _______ validates access to every resource and may be a conceptual part of the TCB.
reference monitor
The _____ describes a system that is secure in every part of its possible states.
A. Secure State Model
B. Trusted Computing Base
C. Bell-LaPaluda
D. TCSEC
A. Secure State Model
The _____ describes a system that is secure in every part of its possible states. States depend on the previous state and the input.
A. Secure State Model
B. Trusted Computing Base
C. Bell-LaPaluda
D. TCSEC
A. Secure State Model
A ______ is based on the state machine model and focuses on the flow of information. It is designed to prevent unauthorized, insecure or restricted information flow.
information flow model
The _____ is concerned with the interaction of a higher subject being noticed or interacting with a lower subject.
Interference Model
A composition theory is based on what?
How inputs and outputs between multiple systems relate to one another.
What are the 3 types of composition theories?
A. Linked B. Cascading C. Hookup D. Waterfall E. Feedback
B. Cascading
C. Hookup
E. Feedback
The _____ employs a directed graph to dictate how rights can be passed from one subject to another or subject to an object.
A.Trusted Computing Base
B. Information Flow Model
C. Take-Grant Model
D. Biba Model
C. Take-Grant Model
A ______ is a table of subjects and objects that shows what privileges are given to the subject for that object.
Access Control Matrix
The _____ was developed by the DoD to address concerns about protecting classified information. A subject w/any level of clearance can access resources at or below its clearance level on a need-to-know basis.
A. Trusted Computing Base
B. Biba Model
C. Bell-LaPadula Model
D. TCSEC
C. Bell-LaPadula Model
The ____ property states that a subject may not read info at a higher sensitivity level. (no read up)
A. * (Star) Security
B. Simple Security
C. Discretionary
B. Simple Security