SB 5: Policy Languages and Policy Types Flashcards

1
Q

What is a security policy?

A

It defines secure and non-secure system states. It considers all relevant aspects of “CIA”.
C: identifies states where information leaks can happen. It must also be able to handle changes of authorization.
I: identifies authorized ways to change information and entities authorized to change it.
A: the services that must be provided.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name some general policy models

A

Military security policy: primarily provides confidentiality
Commercial security policy: primarily provides integrity
Confidentiality policy: place no trust in objects, only dictates if the object can be disclosed.
Integrity policy: indicate how much an object can be trusted and what can be done with the object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a secure system?

A

A system that starts in an authorized state and that cannot enter a unauthorized state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What types of access control are there?

A

DAC: Discretionary Access Control. An individual user can set an access control mechanism to allow or deny access to an object.
MAC: Mandatory Access Control. A system mechanism controls access to an object and an individual cannot alter that access.
ORCON: Originator Controlled Access Control. Bases access on the creator of an object (or the information it contains)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe the Bell LaPadula Model

A

Interested in confidentiality. To protect against unauthorized access to information.

A subject has a security clearance.
An object has a security classification.

The simple security property: No read up.
*- security property: No write down.

Combines MAC and DAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the purpose/goal of integrity policies?

A

To preserve the integrity of the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe Biba’s Model (strict integrity policy)

A

Interested in integrity. To protect against unauthorized changes of information.

Primarily designed for high security, multilevel security environments.

Why not allow read down and write up? Because we want to protect the integrity of the information. Prevent misinformation.

No reads down, no writes up.

Gives us a way to think about threats to the integrity of information.
Very difficult to fully implement the model in a real world environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose/goal of availability policies?

Also mention the average/worst case model

A

To describe when, and for how long, a resource is available. Ensures a resource can be accessed in a timely fashion.

Average case model: to support availability in general. Naturally occurring failures that can happen due to hardware or software failures.
Worst-case model: availability as a security requirement. Failures as a result of an attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is role-based access control?

A

The information someone has access to depends on the role they have in their work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a break-the-glass policy?

A

It’s a policy that allows access controls to be overridden in a controlled manner. When an override happens it is logged thus allowing it to be analyzed at a future time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does a confidentiality policy do?

A

It aims to prevent unauthorized disclosure of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some principles of operation for requirements in a commercial context?

A

Separation of duty: if two or more steps are required to perform critical functions, at least two different people should perform the steps.

Separation of function: separating the development of new programs from the production systems.

Auditing: analyzing systems to determine what actions took place and who performed them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe the Clark-Wilson integrity model

A

Transactions as the basic operation. Well-formed transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a trust model?

A

It deals with the initial evaluation of whether information can be trusted or not. Provide information about the credibility of data and entities.

Trust is subjective therefore trust models typically express the trustworthiness of one entity in terms of another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a deadlock?

A

A state where some set of processes are blocked because each process is holding a resource and waiting for another resource acquired by some other process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can a deadlock be handled?

A

Prevention: preventing (at least) one of the four conditions that cause a deadlock from holding. Expensive.
Avoidance: Dijkstra’s Banker’s algorithm. Makes checks to determine if a request will lead to a deadlock or not. Not used in practice.
Detection and recovery: allows deadlocks and then recovers from them. The recovery can be manual or automatic. Rollback is one method for recovery.

17
Q

How can a deadlock arise?

A

If the following four conditions hold simultaneously:
1. Mutual exclusion - the resource is not shared.
2. Hold and wait - holding a resource and waiting for another to become available
3. No preemption - a held resource cannot be released.
4. Circular wait - a set of entities are holding resources that each is waiting for

18
Q

What are the two essential components of a denial of service model?

A

Waiting time policy: controls the time between a request and the allocation. When the time bound is exceeded a denial of service occurs. The environment matters, pacemaker vs internet purchase.

User agreement: constraints a process must meet in order to ensure service.

These two components combined ensures that processes can get the resources they need and not create a denial of service.

19
Q

Shortly describe what a SYN flood is.

A

The most common type of flooding attack.

It aims to consume all available bandwidth and absorb all available memory.