P1L6 Flashcards

1
Q

Discretionary Access Control (DAC)

A

owner of resource decides how it can be shared

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

problems with DAC

A
  • information flow problem (cannot control that if someone has access to a file would further share the contain of it)
  • in many organizations, the user does not get to decide how/who to share
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Mandatory Access Control (MAC)

A
  • company and users in the company will decide who has access to the data.
  • Regulatory requirements might limit sharing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

label in MAC

A
  • indicate sensitivity/category/clearance/need-to-know
  • TCB associates labels with object/user
  • exact nature of label depends on model/policy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

comparing labels

A
  • dominate
  • equal
  • not comparable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

BLP read down rule (simple security)

A
  • user can read documents at lower security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

BLP write up rule (star property)

A
  • user can write documents at higher security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

tranquility principle

A

classification of an obj/subj does not change during a session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

biba vs BLP

A
  • biba focuses on integrity while BLP focuses on confidentiality
  • biba read up, write down
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

policy for commercial environments

A
  • clearance is not common
  • data can only be accessed by certain applications
  • separation-of-duty & conflict-of-interest
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

clark-wilson policy

A

usser -> program -> obj

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

chinese wall policy

A

user can not access obj from another user in the same conflict class

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

trusting software

A
  • functional correctness
  • maintain data integrity
  • protect disclosure of sensitive data
  • confidence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TCB design principle

A
  • least privilege for users/programs
  • economy: keep trusted code as small as possible
  • open design: obscurity doesn’t work
  • complete mediation
  • fail safe default
  • easy of use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

how to build a TCB

A
  • authentication

- access control (MAC & DAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

how to protect data in OS

A

it needs to protect itself (tamperproof)

17
Q

data protection security features of trusted OS

A
  • object reuse protection
  • disk blocks, mem reuse
  • allocate disk or mem, then look to see what’s left behind
  • zero out objs before use
  • secure file deletion
  • secure disk destruction
18
Q

kernel design requirements

A
  • enforce all sec mechanisms
  • good isolation, small size
  • reference monitor controls access to objects
  • tamperproof
  • un-bypassable
  • analyzable
19
Q

use of testing

A
  • demonstrate the existence of problem
20
Q

testing challenge

A
  • test case generation
  • code coverage
  • exponential number of different executions
  • different execution environments
21
Q

formal verification

A
  • checking a mathematical specification of a program
  • model checking, automated theorem proving
  • exponential time & space complexity
22
Q

model checking can show absence of a problem

A

True. Model checking is a form of formal verification.