SB 5: Policy Languages and Policy Types Flashcards
What is a security policy?
It defines secure and non-secure system states. It considers all relevant aspects of “CIA”.
C: identifies states where information leaks can happen. It must also be able to handle changes of authorization.
I: identifies authorized ways to change information and entities authorized to change it.
A: the services that must be provided.
Name some general policy models
Military security policy: primarily provides confidentiality
Commercial security policy: primarily provides integrity
Confidentiality policy: place no trust in objects, only dictates if the object can be disclosed.
Integrity policy: indicate how much an object can be trusted and what can be done with the object.
What is a secure system?
A system that starts in an authorized state and that cannot enter a unauthorized state.
What types of access control are there?
DAC: Discretionary Access Control. An individual user can set an access control mechanism to allow or deny access to an object.
MAC: Mandatory Access Control. A system mechanism controls access to an object and an individual cannot alter that access.
ORCON: Originator Controlled Access Control. Bases access on the creator of an object (or the information it contains)
Describe the Bell LaPadula Model
Interested in confidentiality. To protect against unauthorized access to information.
A subject has a security clearance.
An object has a security classification.
The simple security property: No read up.
*- security property: No write down.
Combines MAC and DAC
What is the purpose/goal of integrity policies?
To preserve the integrity of the data.
Describe Biba’s Model (strict integrity policy)
Interested in integrity. To protect against unauthorized changes of information.
Primarily designed for high security, multilevel security environments.
Why not allow read down and write up? Because we want to protect the integrity of the information. Prevent misinformation.
No reads down, no writes up.
Gives us a way to think about threats to the integrity of information.
Very difficult to fully implement the model in a real world environment.
What is the purpose/goal of availability policies?
Also mention the average/worst case model
To describe when, and for how long, a resource is available. Ensures a resource can be accessed in a timely fashion.
Average case model: to support availability in general. Naturally occurring failures that can happen due to hardware or software failures.
Worst-case model: availability as a security requirement. Failures as a result of an attack.
What is role-based access control?
The information someone has access to depends on the role they have in their work.
What is a break-the-glass policy?
It’s a policy that allows access controls to be overridden in a controlled manner. When an override happens it is logged thus allowing it to be analyzed at a future time.
What does a confidentiality policy do?
It aims to prevent unauthorized disclosure of information
What are some principles of operation for requirements in a commercial context?
Separation of duty: if two or more steps are required to perform critical functions, at least two different people should perform the steps.
Separation of function: separating the development of new programs from the production systems.
Auditing: analyzing systems to determine what actions took place and who performed them.
Describe the Clark-Wilson integrity model
Transactions as the basic operation. Well-formed transactions.
What is a trust model?
It deals with the initial evaluation of whether information can be trusted or not. Provide information about the credibility of data and entities.
Trust is subjective therefore trust models typically express the trustworthiness of one entity in terms of another.
What is a deadlock?
A state where some set of processes are blocked because each process is holding a resource and waiting for another resource acquired by some other process.