Security Architecture and Engineering Flashcards
Which aspect of the CIA triad is the Bell-LaPadula model concerned with
Confidentiality
What are the three properties of the Bell-LaPadula model
Simple security property - no read up
* Security property - no write down
Strong * property - no read or write up and down
What type of access control does the Bell-LaPadua model apply to
Mandatory
Which aspect of the CIA triad is the BIBA model concerned with
Data Integrity
What type of access control does the BIBA model apply to
Mandatory
What are the axioms and properties of the BIBA model
The Simple Integrity Axiom states that a subject at a given level of integrity must not read data at a lower integrity level (no read down).
The * (star) Integrity Axiom states that a subject at a given level of integrity must not write to data at a higher level of integrity (no write up).[3]
Invocation Property states that a process from below cannot request higher access; only with subjects at an equal or lower level.
What type of access control is Lattice based access control
Mandatory
What is LBAC
Lattice based access control
What access does a subject with Top Secret {crypto, chemical} have?
What access does a subject with Top Secret {chemical} have
Everything
Only {Chemical} in secret and top secret
The Graham-Denning model uses what three concepts
Objects, Subjects and Rules
In the Graham-Denning Model what are the 8 rules
Transfer, Grant and Delete ACCESS (3)
Read create and destroy OBJECT (3)
Create and Destroy SUBJECT (2)
What is the HRU
Harrison Ruzzo Ullman model - an operating system level computer security model
How is the HRU different from the Graham-Denning Model
Considers Subjects to be Objects too
What are the six primitive operations of the HRU
Create (object or subject)
Destroy (object or subject)
Add right to access matrix
Remove right from access matrix
What aspect of the CIA triad does the Clark-Wison model focus on
Integrity
This security model separates users from the back-end data through “Well-formed transactions and “Separation of Duties”
Clark-Wilson Model
What concepts does the Clark-Wilson model use
Subject/Program/Object
In the Clark Wilson model what are well formed transactions
A series of operations that transition a system from one consistent state to another consistent state
Which model prohibits information flow between subjects and objects that would create a conflict of interest
Brewer-Nash
Which model ensures that any actions that take place at a higher security level do not affect or interfere with actions that take place at a lower level
Non-Interference model
What are security modes
Mandatory access control (MAC)
Discretionary Access Control (DAC)
Using fixed-length sequences of input plaintext symbols as the unit of encryption
Block Mode Encryption
Size in symbols (usually bits or bytes) for a particular block mode encryption algorithm or process
Block size
The study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services
Cryptanalysis
The science that deals with hidden, disguised, or encrypted communications, files, or other information. It consists of both cryptography and cryptanalysis
Cryptology
The complete set of hardware, software, communications elements, and procedures that allows parties to communicate, store information, or use information that is protected by cryptographic means. The system includes the algorithm, key, and key management functions, together with other services that can be provided through cryptography.
Cryptosystem
One or more parameters that are inherent to a particular cryptographic algorithm and its implementation in a cryptosystem.
Cryptovariable(s)
The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering.
Encryption
A form of cryptanalysis that uses the frequency of occurrence of letters, words, or symbols in the plaintext alphabet as a way of reducing the search space.
Frequency Analysis
A system that uses both symmetric and asymmetric encryption processes.
Hybrid Encryption System
Refers to transmitting or sharing control information, such as encryption keys and cryptovariables, over the same communications path, channel or system controlled or protected by that information.
In-Band
A process of reconstructing an encryption key from the ciphertext alone, such as when the original key has been corrupted, lost, or forgotten. Requires a known way of reverse-engineering the algorithm (i.e., a successful means of conduction a ciphertext-based attack).
Key recovery - but if you can do it, then it was not safe
Represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password.
Key space
A security model that ensures that objects and subjects at one level of sensitivity don’t inappropriately interact with the objects and subjects at other levels. Each data access attempt is independent of all others and approved, if appropriate, by the security architecture.
Non-interference Model
System elements that are used to provide a value chosen over a key space, such that on successive uses of the function the values returned will have as close to a near-perfect random distribution over that key space as possible.
Random and Pseudorandom Number Generators
A symmetric encryption key generated for one-time use, such as during a specific internet connection session.
Session key
A system using a process that treats the input plaintext as a continuous flow of symbols and encrypts one symbol at a time.
Stream mode encryption system
The process of exchanging one letter orbit in an input plaintext (and its alphabet) for another symbol in the output alphabet.
Substitution
An encryption or decryption process using substitution.
Substitution Cipher
The process of reordering the plaintext to hide its meaning
Transposition or permutation
An encryption or decryption process using transposition.
Transposition cipher
The amount of effort necessary to break a cryptographic system, usually measured in total elapsed time
Work factor
