Security Architecture

Question 1

The rings are (theoretically) used as follows:

Answer 1

• Ring 0—Kernel
• Ring 1—Other OS components that do not fit into ring 0
• Ring 2—Device drivers
• Ring 3—User applications

Question 2

Complex Instruction Set Computer (CISC)

Answer 2

Uses a large set of complex machine language instructions, which reduces the program size, x86 CPUs.

access calls to main memory are fewer as compared to RISC.

CISC is more powerful than RISC

Question 3

Reduced Instruction Set Computer (RISC)

Answer 3

RISC uses a reduced set of simpler instructions.

the commands be shorter and simpler, requiring more individual instructions to perform a complex task

Question 4

Time multiplexing

Answer 4

shares (multiplexes) system resources between

multiple processes, each with a dedicated slice of time.

Question 5

security kernel has three main requirements

Answer 5

• Isolation: It must provide isolation for the processes carrying out the reference monitor concept, and the processes must be tamperproof.
• Completeness: it must be invoked for every access attempt, impossible to circumvent, and must be implemented in a complete and foolproof way.
• Verifiability: It must be small enough to be tested and verified in a complete and comprehensive manner.

Question 6

Type 1 hypervisor (bare metal)

Answer 6

is part of an OS that runs directly on host hardware.

VMWare ESX

Question 7

Type 2 hypervisor

Answer 7

runs as an application on a normal OS, such as Windows . VMWare Workstation is Type7.

Question 8

Service-Oriented Architecture (SOA)

Answer 8

environments “allow for a suite of interoperable services” to be used within multiple, separate systems from several business domains.

“Services are expected to be platform independent” - not dependent upon a particular programming language.

using standard means available within their programming language of choice.

Question 9

Polyinstantiation

Answer 9

means the database will create two entries with the same primary key: one labeled secret and one labeled top secret.

Question 10

Inference

Answer 10

is the ability to deduce (infer) sensitive or restricted information from observing available information.

An example of a “database inference control is polyinstantiation”.

Question 11

Aggregation

Answer 11

is a mathematical process: a user combines information from separate resources to derive restricted information.

Aggregation is similar to inference, but there is a key difference, as no deduction is required. Aggregation asks every question and receives every answer, and the user assembles restricted information.

Note: to prevent aggregation and inference, we use cell suppression to hide specific cell that contain information.

Question 12

Data mining

Answer 12

searches large amounts of data to determine patterns that would otherwise get lost in the noise.

Disadvantage: risk of a violation or privacy and integrity risk.

Question 13

Zachman Framework for Enterprise Architecture

Answer 13

provides six frameworks for providing information security, asking what, how, where, who, when, and why and mapping those frameworks across rules, including planner, owner, designer, builder, programmer, and user.

These frameworks and roles are mapped to a matrix.

Question 14

SABSA

Answer 14

a holistic life cycle for developing security architecture that begins with assessing business requirements and subsequently creating a “chain of traceability” through the phases of strategy, concept, design, implementation, and metrics.

Question 15

Weakness of Bill-LaPadula

Answer 15

 No mention of integrity and availability.
 It doesn’t address need-to-know and no mechanism for a one-to-one mapping of subjects and objects
 No policies for changing access data control.
 Contains covert channels and Static in nature.

Question 16

Clark–Wilson uses two primary concepts to ensure that security policy is enforced:

Answer 16

Well-formed transactions and

Certification, enforcement, and separation of duties.

Question 17

access control triple are

Answer 17

Subject 
Transformation procedure (program) - well-formed transaction
Constrained data item (object) - data that requires integrity.

Question 18

In Clark–Wilson, the assurance is based

Answer 18

based upon integrity verification procedures (IVPs) that ensure that data are kept in a valid state.

Question 19

In Clark–Wilson, an audit record is made and entered into the access control system to provide

Answer 19

both detective and recovery controls in case integrity is lost.

Question 20

Within Clark–Wilson, certification monitors

Answer 20

certification monitors integrity

enforcement preserves integrity.

Question 21

Clark–Wilson requires that users

Answer 21

are authorized to access and modify data.

It also requires that data is modified in only authorized ways.

Question 22

Lipner

Answer 22

combines elements of Bell–LaPadula and Biba together with the idea of job functions or roles to protect both confidentiality and integrity.

Two ways to of implementing integrity:
Lipner’s first method, using only Bell–LaPadula model
Lipner’s second method combines Biba’s integrity model with Bell–LaPadula.

Question 23

take–grant protection model

Answer 23

a directed graph uses states and state transitions in designing the protection system.

Created to show that it is possible to secure a computer system even when the number of subjects and objects is large.

Rules include take, grant, create, and remove are depicted as a protection graph which governs allowable actions.

Question 24

Graham-Denning Model

Answer 24

concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed.

It has three parts: objects, subjects, and rules.

Question 25

Harrison–Ruzzo–Ullman (HRU) model

Answer 25

maps subjects, objects, and access rights to an access matrix. It is considered a variation to the Graham–Denning Model.

It differs from Graham–Denning because it considers subjects to be also objects.

Question 26

Dedicated mode

Answer 26

 One classification label only.
 All users can access all data.
 Clearance for all information.
 Need to know for ALL data.

Question 27

system high mode

Answer 27

 The system contains objects of mixed labels (e.g., confidential, top secret,…).
 All subjects must possess a clearance equal to the system’s highest object.
 All users can access some data, based on need to know for SOME data.

Question 28

compartmented mode

Answer 28

 All subjects accessing the system have the necessary clearance.
 All users can access some data, based on their need to know and approval.
 Need to know for SOME data.
 Use of information labels.
 Objects are placed into “compartments” and require a formal (system-enforced) need to know to access. It use technical controls to enforce need to know

Question 29

Multilevel mode

Answer 29

stores objects of differing sensitivity labels and allows system access by subjects with differing clearances.

The reference monitor mediates access between subjects and objects

The highest risk of all modes.

Question 30

C1

Answer 30

Discretionary Security Protection

Question 31

C2

Answer 31

Controlled Access Protection

Question 32

B1

Answer 32

Labeled Security Protection

Question 33

B2

Answer 33

Structured Protection

Question 34

B3

Answer 34

Security domains

Question 35

A1

Answer 35

Verified design

Question 36

The equivalent ITSEC/TCSEC ratings are

Answer 36

Lowest E0
Highest E6

• E0: D
• F-C1,E1: C1
• F-C2,E2: C2
• F-B1,E3: B1
• F-B2,E4: B2
• F-B3,E5: B3
• F-B3,E6: A1

Question 37

Target of evaluation (ToE)

Answer 37

the system or product that is being evaluated.

Question 38

Security target (ST)—

Answer 38

the documentation describing the ToE, including the security requirements and operational environment.

Question 39

Protection profile (PP)

Answer 39

An implementation-independent specification for future product., which contains a set of functional and assurance requirements for a specific category of products or systems, such as firewalls or intrusion detection systems.

Question 40

Levels of evaluation

Answer 40

• EAL1. Functionally tested
• EAL2. Structurally tested
• EAL3. Methodically tested and checked
• EAL4. Methodically designed, tested, and reviewed
• EAL5. Semi-formally designed, and tested
• EAL6. Semi-formally verified, designed, and tested
• EAL7. Formally verified, designed, and tested

Question 41

What is used to control the flow of information in the Clark-Wilson model?

Answer 41

the access triple rule

user, transformation procedure, and constrained data item.

Question 42

Which component manages the authorized access associations between users and resources?

Answer 42

security kernel

Question 43

Which entities control the flow of information in the lattice-based access control (LBAC) model?

Answer 43

n upper bound and a lower bound of authorized access for subjects.

Question 44

Which two factors ensure that information is compartmentalized in the information flow model?

Answer 44

classification and need to know

Question 45

What determines the security level that is needed to view an object?

Answer 45

classification

Question 46

Which system evaluation methods analyze the functionality and assurance of products?

Answer 46

Common Criteria (CC) and Information Technology Security Evaluation Criteria (ITSEC)

Question 47

Which security model ensures that the activities performed at a higher security level do not affect the activities at a lower security level?

Answer 47

the noninterference model

By implementing this model, the organization can be assured that covert channel communication does not occur

Question 48

Which Rainbow Series book covers security issues for networks and network components?

Answer 48

the Red Book

Question 49

Which access control model uses states and state transitions in designing the protection system?

Answer 49

the Take-Grant model

Question 50

What are the four phases of NIACAP?

National Information Assurance Certification and Accreditation Process

Answer 50

definition, verification, validation, and post accreditation

Question 51

Simple Object Access Protocol (SOAP)

Answer 51

is a protocol specification for exchanging structured information in the implementation of web services and networked environments.

Question 52

Threat modeling vs. Vulnerability analysis

Answer 52

Threat modeling identifies potential threats and attack vectors.

Vulnerability analysis identifies weaknesses and lack of countermeasures.

Question 53

What techniques can be used to enforce process isolation?

Answer 53

virtual memory,

object encapsulation treats a process as a “black box,”

Time multiplexing shares (multiplexes) system resources between multiple processes, each with a dedicated slice of time as an example.

Question 54

EPROM

Answer 54

can be erased by ultraviolet light

Question 55

EEPROM

Answer 55

ay be “flashed,” or erased and written to multiple times electronically. EEPROM is a modern type of ROM.

Question 56

To prevent aggregation and inference, we use

Answer 56

cell suppression to hide specific cell that contain information.

Question 57

Database inference control is

Answer 57

polyinstantiation.

Question 58

Database aggregation controls may include

Answer 58

restricting normal users to a limited amount of queries.

Question 59

hotfix

Answer 59

repairs to a computer during its normal operation so that the computer can continue to operate until a permanent repair can be made.

Question 60

Patches

Answer 60

temporary fixes to a program.

Once more data is known about an issue, a service pack or hotfix may be issued to fix the problem on a larger scale.

Question 61

A multilevel lattice model

Answer 61

A multilevel lattice model describes strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers they are in.

Question 62

What is the purpose of ring protection?

Answer 62

used to control interactions between different execution domains with different levels of privilege, via API.

Question 63

What is pipelining?

Answer 63

combines multiple steps into one combined process, allowing simultaneous fetch, decode, execute, and write steps for different instructions.

Question 64

What is pipeline stage?

Answer 64

each stage in is called a pipeline

Question 65

What is pipeline depth?

Answer 65

is the number of simultaneous pipeline stages that may be completed at once.

A CPU without pipelining would have to wait an entire cycle before performing another computation.

Question 66

To ensure that integrity is attained, three following integrity goals:

Answer 66

 1) Data is protected from modification by unauthorized users;
 2) Data is protected from unauthorized modification by authorized users by implementing separation of duties, which divides an operation into different parts and requires different users to perform each part.
 3) Data is internally and externally consistent.

Question 67

To prevent aggregation and inference, we use

Answer 67

cell suppression to hide specific cell that contain information.

Question 68

Database inference control is

Answer 68

polyinstantiation

Question 69

Database aggregation controls may include

Answer 69

restricting normal users to a limited amount of queries.