Lecture 10 Notes Flashcards

1
Q

reference monitor

A

part of the TCB that validates access to every resource prior to granting access requests

stands between each subject and object

may be a conceptual part of the TCB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

security kernel

A

The collection of components in the TCB that work together to implement reference monitor functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

security perimeter

A

imaginary boundary that separates the TCB from the rest of the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

trusted paths

A

For the TCB to communicate with the rest of the system, it must create secure channels called, also called

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

TCSEC guidelines on trusted paths

A

B2 and higher systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

State Machine Model

A

The state machine model describes a system that is secure in every of its possible states, and it is based on the notion of Finite State Machine (FSM)
A state is a snapshot of a system at a specific moment in time
Next state and output are a function of current state and input

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Information Flow Model

A

The information flow model focuses on the flow of information
Based on a state machine model
Designed to prevent unauthorized, insecure, or restricted information flow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Bell-LaPadula and Biba Model Type

A

Information Flow Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Bell-LaPadula

A

preventing information from flowing from a high security level to a low security level

This is accomplished by blocking lower-classified subjects from accessing higher-classified objects

With these restrictions, the model is focused on maintaining the confidentiality of objects, but it does not address integrity and availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Biba

A

preventing information from flowing from a low security level to a high security level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Noninterference Model

A

The noninterference model is loosely based on the information flow model

However, it is concerned with how the actions of a subject at a higher security level affect the system state or actions of a subject at a lower security level

The actions of a higher level subject A should not affect the actions of lower level subject B or even be noticed by B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

composition theories

A

explain how outputs from one system relate to inputs to another system

Cascading
Input for one system comes from the output of another system

Feedback
One system provides input to another system, and vice versa

Hookup
One system sends input to another system and also to external entities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Take-Grant Model

A

The Take-Grant model employs a directed graph to dictate how rights can be passed
from one subject to another
from a subject to an object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Access Control Matrix

A

An access control matrix is a table of subjects and objects indicating the actions or functions that each subject can perform on each object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

access control list (ACL)

A

An ACL is tied to the object: it lists valid actions each subject can perform

Each column of the matrix is an access control list (ACL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

capabilities list

A

A capability list is tied to the subject: it lists valid actions that can be taken on each object

From an administration perspective, using only capability lists for access control is a management nightmare
To remove access to a particular object, every user (subject) that has access to it must be individually manipulated

Each row of the matrix is a capabilities list

17
Q

Properties of Bell-LaPadula State Machine

A

Focused on Confidentiality

The Simple Security Property states that a subject may not read information at a higher sensitivity level (no read up)

The * (star) Security Property states that a subject may not write information to an object at a lower sensitivity level (no write down)
This is also known as the confinement property

The Discretionary Security Property states that the system uses an access matrix to enforce discretionary access control (need-to-know)

18
Q

Properties of Biba State machine

A

Focused on integrity

The Simple Integrity Property states that a subject cannot read an object at a lower integrity level (no read down)

The * (star) Integrity Property states that a subject cannot modify an object at a higher integrity level (no write up)

As with Bell-LaPadula, Biba requires that all subjects and objects have a classification label

19
Q

Brewer and Nash Model

A

AKA Chinese Wall

Creates security domains that are sensitive to conflict of interest

20
Q

Closed System

A

Designed to work with a narrow range of other systems, generally all from the same manufacturer

Standards for closed systems are often proprietary and not normally disclosed

In closed-source (or commercial) solutions source code and internal logic are hidden from the public

21
Q

Open System

A

Designed using agreed-upon industry standards

Much easier to integrate with systems from different manufacturers

In open-source solutions source code and internal logic are exposed to the public

22
Q

Confinement

A

Process confinement allows a process to read from and write to only certain memory locations and resources

23
Q

Bounds

A

Each process that runs on a system is assigned an authority level (e.g., user and kernel)

24
Q

Isolation

A

When a process is confined through enforcing access bounds, that process runs in isolation

25
Q

Controls

A

Controls use access rules to limit the access by a subject to an object

26
Q

Trust

A

A trusted system is one in which all protection mechanisms and security components work together to process sensitive data for many types of users while maintaining a stable and secure computing environment

27
Q

Assurance

A

Assurance is simply defined as the degree of confidence in the satisfaction of security needs

28
Q

TCSEC

A

AKA “Orange Book”

The TCSEC established guidelines to evaluate a stand-alone computer from the security perspective

Category A: Verified protection
Category B: Mandatory protection
Category C: Discretionary protection
Category D: Minimal protection

29
Q

ITSEC

A

The ITSEC represents an initial attempt to create security evaluation criteria in Europe

The ITSEC guidelines evaluate the functionality and assurance of a system using separate ratings for each category

The functionality rating of a system states how well the system performs all necessary functions based on its design and intended purpose
Rating scale: F-D (F1) – F-B3 (F6)

The assurance rating represents the degree of confidence that the system will work properly in a consistent manner
Rating scale: E0 – E6

ITSEC addresses concerns about loss of integrity and availability in addition to confidentiality

30
Q

Common Criterion

A

The Common Criteria represent a global effort that involves everybody who worked on TCSEC and ITSEC as well as other players

This document was converted by ISO into an official standard
ISO 15408, Evaluation Criteria for Information Technology Security

Protection Profiles (PPs) specify the security requirements and protections of a product that is to be evaluated (Target of Evaluation, TOE)

Security Targets (STs) specify the claims of security from the vendor that are built into a TOE

31
Q

Common Criterion Assurance Levels

A

Assurance levels
EAL1: Functionally tested
EAL2: Structurally tested
EAL3: Methodically tested and checked
EAL4: Methodically designed, tested, and reviewed
EAL5: Semi-formally designed and tested
EAL6: Semi-formally verified, designed, and tested
EAL7: Formally verified, designed, and tested

32
Q

Covert Channel

A

A covert channel is a method to pass information over a path that is not normally used for communication

All levels at or above B2 must contain controls to detect and prohibit covert channels (TCSEC)

33
Q

Covert storage channels

A

Conveys information by writing data to a common storage area where another process can read it

34
Q

Covert timing channels

A

Conveys information by altering the performance of a system component or modifying a resource’s timing in a predictable manner

35
Q

Payment Card Industry – Data Security Standard (PCI-DSS)

A

PCI-DSS is a collection of requirements for improving the security of electronic payment transactions

36
Q

International Organization for Standardization (ISO)

A

ISO is a worldwide standards-setting group of representatives from various national standards organizations

ISO defines standards for industrial and commercial equipment, software, protocols, and management, among others

37
Q

Certification

A

Internal comprehensive evaluation of the technical and nontechnical security features of an IT system

38
Q

Accreditation

A

A formal declaration by a Designated Approving Authority (DAA) that an IT system is approved to operate in a particular security mode using prescribed safeguards at an acceptable level of risk (external evaluation)