Lecture 10 Notes Flashcards
reference monitor
part of the TCB that validates access to every resource prior to granting access requests
stands between each subject and object
may be a conceptual part of the TCB
security kernel
The collection of components in the TCB that work together to implement reference monitor functions
security perimeter
imaginary boundary that separates the TCB from the rest of the system
trusted paths
For the TCB to communicate with the rest of the system, it must create secure channels called, also called
TCSEC guidelines on trusted paths
B2 and higher systems
State Machine Model
The state machine model describes a system that is secure in every of its possible states, and it is based on the notion of Finite State Machine (FSM)
A state is a snapshot of a system at a specific moment in time
Next state and output are a function of current state and input
Information Flow Model
The information flow model focuses on the flow of information
Based on a state machine model
Designed to prevent unauthorized, insecure, or restricted information flow
Bell-LaPadula and Biba Model Type
Information Flow Model
Bell-LaPadula
preventing information from flowing from a high security level to a low security level
This is accomplished by blocking lower-classified subjects from accessing higher-classified objects
With these restrictions, the model is focused on maintaining the confidentiality of objects, but it does not address integrity and availability
Biba
preventing information from flowing from a low security level to a high security level
Noninterference Model
The noninterference model is loosely based on the information flow model
However, it is concerned with how the actions of a subject at a higher security level affect the system state or actions of a subject at a lower security level
The actions of a higher level subject A should not affect the actions of lower level subject B or even be noticed by B
composition theories
explain how outputs from one system relate to inputs to another system
Cascading
Input for one system comes from the output of another system
Feedback
One system provides input to another system, and vice versa
Hookup
One system sends input to another system and also to external entities
Take-Grant Model
The Take-Grant model employs a directed graph to dictate how rights can be passed
from one subject to another
from a subject to an object
Access Control Matrix
An access control matrix is a table of subjects and objects indicating the actions or functions that each subject can perform on each object
access control list (ACL)
An ACL is tied to the object: it lists valid actions each subject can perform
Each column of the matrix is an access control list (ACL)