Security Architecture and Engineering

Question 1

Which aspect of the CIA triad is the Bell-LaPadula model concerned with

Answer 1

Confidentiality

Question 2

What are the three properties of the Bell-LaPadula model

Answer 2

Simple security property - no read up
* Security property - no write down
Strong * property - no read or write up and down

Question 3

What type of access control does the Bell-LaPadua model apply to

Answer 3

Mandatory

Question 4

Which aspect of the CIA triad is the BIBA model concerned with

Answer 4

Data Integrity

Question 5

What type of access control does the BIBA model apply to

Answer 5

Mandatory

Question 6

What are the axioms and properties of the BIBA model

Answer 6

The Simple Integrity Axiom states that a subject at a given level of integrity must not read data at a lower integrity level (no read down).
The * (star) Integrity Axiom states that a subject at a given level of integrity must not write to data at a higher level of integrity (no write up).[3]
Invocation Property states that a process from below cannot request higher access; only with subjects at an equal or lower level.

Question 7

What type of access control is Lattice based access control

Answer 7

Mandatory

Question 8

What is LBAC

Answer 8

Lattice based access control

Question 9

What access does a subject with Top Secret {crypto, chemical} have?
What access does a subject with Top Secret {chemical} have

Answer 9

Everything
Only {Chemical} in secret and top secret

Question 10

The Graham-Denning model uses what three concepts

Answer 10

Objects, Subjects and Rules

Question 11

In the Graham-Denning Model what are the 8 rules

Answer 11

Transfer, Grant and Delete ACCESS (3)
Read create and destroy OBJECT (3)
Create and Destroy SUBJECT (2)

Question 12

What is the HRU

Answer 12

Harrison Ruzzo Ullman model - an operating system level computer security model

Question 13

How is the HRU different from the Graham-Denning Model

Answer 13

Considers Subjects to be Objects too

Question 14

What are the six primitive operations of the HRU

Answer 14

Create (object or subject)
Destroy (object or subject)
Add right to access matrix
Remove right from access matrix

Question 15

What aspect of the CIA triad does the Clark-Wison model focus on

Answer 15

Integrity

Question 16

This security model separates users from the back-end data through “Well-formed transactions and “Separation of Duties”

Answer 16

Clark-Wilson Model

Question 17

What concepts does the Clark-Wilson model use

Answer 17

Subject/Program/Object

Question 18

In the Clark Wilson model what are well formed transactions

Answer 18

A series of operations that transition a system from one consistent state to another consistent state

Question 19

Which model prohibits information flow between subjects and objects that would create a conflict of interest

Answer 19

Brewer-Nash

Question 20

Which model ensures that any actions that take place at a higher security level do not affect or interfere with actions that take place at a lower level

Answer 20

Non-Interference model

Question 21

What are security modes

Answer 21

Mandatory access control (MAC)
Discretionary Access Control (DAC)

Question 22

Using fixed-length sequences of input plaintext symbols as the unit of encryption

Answer 22

Block Mode Encryption

Question 23

Size in symbols (usually bits or bytes) for a particular block mode encryption algorithm or process

Answer 23

Block size

Question 24

The study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services

Answer 24

Cryptanalysis

Question 25

The science that deals with hidden, disguised, or encrypted communications, files, or other information. It consists of both cryptography and cryptanalysis

Answer 25

Cryptology

Question 26

The complete set of hardware, software, communications elements, and procedures that allows parties to communicate, store information, or use information that is protected by cryptographic means. The system includes the algorithm, key, and key management functions, together with other services that can be provided through cryptography.

Answer 26

Cryptosystem

Question 27

One or more parameters that are inherent to a particular cryptographic algorithm and its implementation in a cryptosystem.

Answer 27

Cryptovariable(s)

Question 28

The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering.

Answer 28

Encryption

Question 29

A form of cryptanalysis that uses the frequency of occurrence of letters, words, or symbols in the plaintext alphabet as a way of reducing the search space.

Answer 29

Frequency Analysis

Question 30

A system that uses both symmetric and asymmetric encryption processes.

Answer 30

Hybrid Encryption System

Question 31

Refers to transmitting or sharing control information, such as encryption keys and cryptovariables, over the same communications path, channel or system controlled or protected by that information.

Answer 31

In-Band

Question 32

A process of reconstructing an encryption key from the ciphertext alone, such as when the original key has been corrupted, lost, or forgotten. Requires a known way of reverse-engineering the algorithm (i.e., a successful means of conduction a ciphertext-based attack).

Answer 32

Key recovery - but if you can do it, then it was not safe

Question 33

Represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password.

Answer 33

Key space

Question 34

A security model that ensures that objects and subjects at one level of sensitivity don’t inappropriately interact with the objects and subjects at other levels. Each data access attempt is independent of all others and approved, if appropriate, by the security architecture.

Answer 34

Non-interference Model

Question 35

System elements that are used to provide a value chosen over a key space, such that on successive uses of the function the values returned will have as close to a near-perfect random distribution over that key space as possible.

Answer 35

Random and Pseudorandom Number Generators

Question 36

A symmetric encryption key generated for one-time use, such as during a specific internet connection session.

Answer 36

Session key

Question 37

A system using a process that treats the input plaintext as a continuous flow of symbols and encrypts one symbol at a time.

Answer 37

Stream mode encryption system

Question 38

The process of exchanging one letter orbit in an input plaintext (and its alphabet) for another symbol in the output alphabet.

Answer 38

Substitution

Question 39

An encryption or decryption process using substitution.

Answer 39

Substitution Cipher

Question 40

The process of reordering the plaintext to hide its meaning

Answer 40

Transposition or permutation

Question 41

An encryption or decryption process using transposition.

Answer 41

Transposition cipher

Question 42

The amount of effort necessary to break a cryptographic system, usually measured in total elapsed time

Answer 42

Work factor