Security Architecture & Design Flashcards
What are the 9 main components of the CPU?
Arithmetic Logic Unit (ALU) Bus Interface Unit (BIU) Control Unit Decode Unit Floating Point Unit (FPU) Memory Management Unit (MPU) Pre-fetch Unit Protection Test Unit (PTU) Registers
Which component of the CPU performs numerical calculations? Arithmetic Logic Unit (ALU) Bus Interface Unit (BIU) Control Unit Decode Unit Floating Point Unit (FPU) Memory Management Unit (MPU) Pre-fetch Unit Protection Test Unit (PTU) Registers
Arithmetic Logic Unit (ALU)
Which component of the CPU supervises data transfers over the bus system between the CPU and I/O devices? Arithmetic Logic Unit (ALU) Bus Interface Unit (BIU) Control Unit Decode Unit Floating Point Unit (FPU) Memory Management Unit (MPU) Pre-fetch Unit Protection Test Unit (PTU) Registers
Bus Interface Unit (BIU)
Which component of the CPU coordinates other CPU components during program execution? Arithmetic Logic Unit (ALU) Bus Interface Unit (BIU) Control Unit Decode Unit Floating Point Unit (FPU) Memory Management Unit (MPU) Pre-fetch Unit Protection Test Unit (PTU) Registers
Control Unit
Which component of the CPU converts incoming instructions into individual commands? Arithmetic Logic Unit (ALU) Bus Interface Unit (BIU) Control Unit Decode Unit Floating Point Unit (FPU) Memory Management Unit (MPU) Pre-fetch Unit Protection Test Unit (PTU) Registers
Decode Unit
Which component of the CPU handles higher math operations for the ALU and control unit? Arithmetic Logic Unit (ALU) Bus Interface Unit (BIU) Control Unit Decode Unit Floating Point Unit (FPU) Memory Management Unit (MPU) Pre-fetch Unit Protection Test Unit (PTU) Registers
Floating Point Unit (FPU)
Which component of the CPU handles addressing and cataloguing data that's stored in memory and translates logical addressing into physical addressing? Arithmetic Logic Unit (ALU) Bus Interface Unit (BIU) Control Unit Decode Unit Floating Point Unit (FPU) Memory Management Unit (MPU) Pre-fetch Unit Protection Test Unit (PTU) Registers
Memory Management Unit (MMU)
Which component of the CPU monitors all CPU functions to ensure they are properly executed? Arithmetic Logic Unit (ALU) Bus Interface Unit (BIU) Control Unit Decode Unit Floating Point Unit (FPU) Memory Management Unit (MPU) Pre-fetch Unit Protection Test Unit (PTU) Registers
Protection Test Unit (PTU)
Which component of the CPU hold CPU data, addresses and instructions temporarily, in special buffers? Arithmetic Logic Unit (ALU) Bus Interface Unit (BIU) Control Unit Decode Unit Floating Point Unit (FPU) Memory Management Unit (MPU) Pre-fetch Unit Protection Test Unit (PTU) Registers
Registers
Which component of the CPU pre-loads instructions into CPU registers? Arithmetic Logic Unit (ALU) Bus Interface Unit (BIU) Control Unit Decode Unit Floating Point Unit (FPU) Memory Management Unit (MPU) Pre-fetch Unit Protection Test Unit (PTU) Registers
Pre-fetch Unit
The basic operation of a microprocessor consists of two distinct phases. What are they?
fetch and execute
Fetch and Execute are otherwise known as what in CPU terms?
Basic Machine Cycle
What is the basic machine cycle controlled by?
CPU Clock signals
What are the 4 operating states for a computer CPU?
- Operating (or run) state
- Problem (or application) state
- Supervisory state
- Wait state
During which CPU state are only a limited subset of non privileged instructions available?
Problem (or application) state
When the CPU executes a privileged instruction, meaning that instruction is available to a system admin or authorised user/process only, what state is the CPU in?
Supervisory state
What are the two basic types of CPU designs?
- Complex Instruction Set Computing (CISC)
- Reduced Instruction Set Computing (RISC)
Which CPU design can perform multiple operations per instruction and is optimised for systems in which the fetch phase is the longest part of the instruction execution cycle?
- Complex Instruction Set Computing (CISC)
Which CPU design uses fewer, simpler instructions, requiring fewer clock cycles to execute and is optimised for systems in which the fetch and execute phases are approximately equal?
- Reduced Instruction Set Computing (RISC)
What are two ways of describing a microprocessor?
- Scalar
- Superscalar
What is the difference between scalar and superscalar
Scalar executes a single instruction at a time whereas superscalar can execute multiple instructions concurrently
Which classification of processor can alternate the execution of multiple subprograms or tasks on a single processor?
- Multitasking
- Multiprogramming
- Multiprocessing
Multitasking
Which classification of processor alternates the execution of multiple programs on a single processor?
- Multitasking
- Multiprogramming
- Multiprocessing
Multiprogramming
Which classification of processor executes multiple programs on multiple processors simultaneously?
Multiprocessing
What is “Multistate” in relation to a processor?
OS supports multiple operating states, ie Normal and Safe mode in Windows.
What term is used for an operating system that provides different shell environments, profiles or privilege levels for each user, e.g. “Run As” in Windows?
Multi-User
Which piece of hardware groups electronic conductors that interconnect the various components of the computer?
Bus
What are the 3 bus structures?
- Data Bus
- Address Bus
- Control Bus
Which bus structure transmits data between the CPU, memory and peripheral devices?
- Data Bus
- Address Bus
- Control Bus
- Data Bus
Which bus structure transmits addresses of data and instructions between the CPU and memory?
- Address Bus
Which bus structure transmits control information (device status) between the CPU and other devices?
- Control Bus
Which part of a computer stores programs, instructions and data?
Memory
What are the two main types of physical (real) memory?
Random Access Memory (RAM)
Read Only Memory (ROM)
What are the two main types of RAM?
Dynamic RAM
Static RAM
Which type of RAM is faster and doesn’t need to be refreshed?
SRAM or DRAM?
SRAM
Firmware typically uses which type of memory?
RAM or ROM?
ROM
The term “Main Storage” and “Primary memory” relates to what?
Physical memory (normally RAM)
What are the 4 variations of ROM?
- Programmable Read-Only memory (PROM)
- Erasable PROM (EPROM)
- Electonically EPROM (EEPROM)
- Flash Memory
Which type of ROM cannot be re-written?
- Programmable Read-Only memory (PROM)
- Erasable PROM (EPROM)
- Electonically EPROM (EEPROM)
- Flash Memory
PROM
Which type of ROM can be erased by shining UV light on the chip?
- Programmable Read-Only memory (PROM)
- Erasable PROM (EPROM)
- Electonically EPROM (EEPROM)
- Flash Memory
- Erasable PROM (EPROM)
Dynamic storage on non-volatile magnetic media such as a hard disk is otherwise known as what?
Secondary memory
A paging file, swap space or swap partition is typically known as what type of memory?
Virtual memory
What are two important security concepts associated with memory?
- the protection domain
- memory addressing
Which security concept prevents other programs or processes from accessing or modifying the contents of address space that’s already been assigned to another active program or process?
the protection domain
What security concept describes the method used by the CPU to access the contents of memory?
- memory addressing
What is the difference between memory space and address space?
memory space describes the amount of physical memory in a computer system whereas address space specifies where memory is located in a computer system.
What is otherwise known as a hard coded address assigned to physically installed memory and can only be accessed by the OS that maps physical address to virtual addresses?
A physical memory address
What is the term used to describe the address that applications use to specify a desired location in memory?
Virtual (or symbolic) memory address
What are the 5 common virtual memory addressing modes?
- Base addressing
- Absolute addressing
- Indexed addressing
- Indirect addressing
- Direct addressing
Which virtual memory address mode is the origin for calculating other addresses?
- Base addressing
- Absolute addressing
- Indexed addressing
- Indirect addressing
- Direct addressing
- Base addressing
Which virtual memory address mode identifies a location without reference to the base address, or it may be the base address itself?
- Base addressing
- Absolute addressing
- Indexed addressing
- Indirect addressing
- Direct addressing
- Absolute addressing
Which virtual memory address mode specifies an address relative to an index register? If the index register changes, the resulting memory location changes)
- Base addressing
- Absolute addressing
- Indexed addressing
- Indirect addressing
- Direct addressing
- Indexed addressing
Which virtual memory address mode contains the address to the final desired location in memory?
- Base addressing
- Absolute addressing
- Indexed addressing
- Indirect addressing
- Direct addressing
- Indirect addressing
Which virtual memory address mode specifies the address of the final desired memory location?
- Base addressing
- Absolute addressing
- Indexed addressing
- Indirect addressing
- Direct addressing
- Direct addressing
What is the difference between virtual memory and virtual addressing?
virtual memory combines physical memory and hard disk space to create more apparent memory whereas virtual addressing is the method used by applications and programs to specify a desired location n physical memory
What is firmware?
A program or set of computer instructions stored in the physical circuitry of ROM memory.
BIOS is a common example of firmware. True or False?
True
What does BIOS stand for?
Basic Input-Output System
What does a computer BIOS do?
Contains instructions needed to start a computer when it is first powered on
What are the 3 main components of an operating system?
- Kernel
- Device Drivers
- Tools
What is the core component of an operating system, that allows processes, controls hardware devices and communication to external devices that may be connected to the computer?
Kernel
What are the 6 main functions of the OS?
- Process management
- Resource Management
- I/O device management
- memory Management
- File management
- Communications Management
Virtualisation - What is a hypervisor?
software program that allocates resources for each resident OS and serves as an OS for multiple OS’s
The entire compliment of protection mechanisms within a computer system that’s responsible for enforcing a security policy (hardware, firmware, software) is otherwise known as what?
Trusted Computing Base (TCB)
The ability to permit or deny the use of an object by a subject is otherwise known as what?
Access Control
What is the system component called that enforces access control on an object?
Reference Monitor
What is a security kernel?
It’s the combination of hardware, firmware, software elements in a TCB that implements the reference monitor concept
What are the 3 requirements of the security kernel?
- Mediate all access
- Be protected from modification
- Be verified as correct
What is the “Security Mode of Operation”?
describes how a system handles stored information at various classification levels
What are the four system classification levels commonly assigned to authorised user’s by the US military?
- Dedicated
- System High
- Multi-level
- Limited access
Which of the following system classification levels requires that all authorised users have a clearance level equal to or higher than the highest level of information processed on the system and a valid need to know?
- Dedicated
- System High
- Multi-level
- Limited access
- Dedicated
Which of the following system classification levels requires that all authorised user have a clearance level equal to or higher than the highest level of information processed on the system, but a valid need to know isn’t necessarily required?
- Dedicated
- System High
- Multi-level
- Limited access
- System High
Which of the following system classification levels is information at different classification levels stored or processed on a TCB and where authorised users must have an appropriate classification level, but access restrictions are enforced by the system accordingly?
- Dedicated
- System High
- Multi-level
- Limited access
- Multi-level
Which of the following system classification levels doesn’t require authorised user’s to have security clearance , but the highest level of information on the system is Sensitive But Unclassified? (SBU)
- Dedicated
- System High
- Multi-level
- Limited access
- Limited Access
A Trusted Computer System is a system with a Trusted Computer Base. True or False?
True
What are the four types of security designs that can protect a system during hardware/software failure?
- Fault tolerant
- Fail-safe
- Fail-soft (resilient)
- Fail-over
Which of the four recovery procedures is used were the system continues to operate after the failure of a computer or network component?
- Fault tolerant
- Fail-safe
- Fail-soft (resilient)
- Fail-over
- Fault tolerant
Which of the four recovery procedures describes when a hardware or software failure is detected, a program execution is terminated and the system is protected from compromise?
- Fault tolerant
- Fail-safe
- Fail-soft (resilient)
- Fail-over
Fail-safe
Which of the four recovery procedures desribes when a hardware or software failure is detected, certain non-critical processing is terminated and the computer or network continues to function in a degraded mode?
- Fault tolerant
- Fail-safe
- Fail-soft (resilient)
- Fail-over
Fail-soft (resilient)
Which of the four recovery procedures describes when a hardware or software failure is detected, the system automatically transfers processing to a component, such as a clustered server?
- Fault tolerant
- Fail-safe
- Fail-soft (resilient)
- Fail-over
Fail-over
Which recovery procedure is used where a system must be able to detect & correct or circumvent a system fault?
- Fault tolerant
- Fail-safe
- Fail-soft (resilient)
- Fail-over
Fault tolerant
Name 5 common types of security architecture vulnerabilities?
- Covert channels
- Rootkits
- Race conditions
- State attacks
- Emanations
Security Architecture Vulnerabilities: What is a covert channel?
Unknown, hidden communication that take place within the medium of a legitimate communications channel
Security Architecture Vulnerabilities: What is a rootkit?
Rootkits use various techniques to hide themselves within the target system
Security Architecture Vulnerabilities: What are race conditions?
A flaw in the system where the output or result of an activity in the system is unexpectedly tied to the timing of other events.
Security Architecture Vulnerabilities: What is a state attack?
Commonly used on web-based applications that involves an attacker stealing a user’s session ID and thus compromising the application.
Security Architecture Vulnerabilities: What are emanations?
The unintentional emissions of electromagnetic or acoustic energy that can be intercepted by eavesdroppers.
In relation to race conditions, what is the-time-of-check-to-time-of-use bug?
Two programs that try to open the same file for exclusive use are able to open the file, when only one should be able to.
What term is used to describe multiple layers of protection?
Defence in depth
Name 6 common types of system hardening:
- Remove all unnecessary components
- Remove all unnecessary accounts
- Close all unnecessary network listening ports
- Change default passwords
- All necessary programs should run at the lowest possible privilege
- Install security patches
What is a heterogeneous environment?
An environment that contains a variety of different systems, ie Windows Server, Linux, Solaris
What is the advantage of a heterogeneous environment?
various types of systems may not possess common vulnerabilities making them harder to attack
What is a homogeneous environment?
one were all of the environments are the same. ie all servers on Windows Server 2008
What is the disadvantage of a homogeneous environment?
weakness in one system could mean weakness in all meaning if one is compromised so could all
What are two types of system resilience?
- Filter malicious input
- Redundant components
What is “Filter malicious input” in relation to system resilience?
System can recognise and reject input that may be an attack
What are redundant components in relation to system resilience?
System contains redundant components that permit the system to continue running even when hardware failures or malfunctions occur
Name 4 types of redundant components in relation to system resilience?
- multiple power supplies
- multiple network interfaces
- redundant storage techniques (RAID)
- redundant server architecture (clustering)
What is a maintenance hook?
Hidden, undocumented features in software programs that are intended to inappropriately expose data or functions for illicit use.
Name 4 common types of security countermeasures that a security expert should consider to implement against a hacker
- Reveal as little info as possible, ie don’t display OS, database, app version.
- Limit access based on role
- Disable unnecessary services
- Use strong authentication
What is TEMPEST?
testing of electromagnetic frequencies emanating from systems
TEMPEST: what are the 3 levels of protection depending on the distance between an attacker and target system?
Level 1 - Systems with only 1 metre of safe distance
Level 2 - Systems with 20 metres of safe distance
Level 3 - Systems with 100 metres of safe distance
Bell LaPadula, Access Matrix and Take-Grant address which principle of CIA?
Confidentiality
Biba and Clark-Wilson address which principle of CIA?
Integrity
The basic premise of Bell LaPadula is that information cannot flow downward. True or False?
True
What is the “Simple Security Property” (SS Property)
A subject can’t read information from an object that has a higher sensitivity label than the subject (also known as no read up or NRU)
What is the *-property (star property)
A subject can’t write information to an object that has a lower sensitivity label than the subject. (also known as no write down or NWD)
Is Bell LaPadula a discretionary or mandatory access control system?
Mandatory
What two additional properties can provide Bell LaPadula with the flexibility of a discretionary access control system?
- Discretionary Security Property
- Trusted Subject
What is the discretionary security property in relation to Bell LaPadula?
determines access based on an access matrix
What is a “trusted subject” in relation to Bell LaPadula?
A trusted subject is an entity that can violate the *-property but not its intent
What access rights to an object does the Access Matrix model provide for a subject?
Read / Write / Execute (R/W/X)
Is the Access Matrix model a discretionary or mandatory access model?
Discretionary
What is the Take-Grant system?
specifies the rights that a subject can transfer to or from another subject or object
Take-Grant specifies rights through 4 basic operations. What are they?
Create, Revoke, Take and Grant
Which integrity is a lattice-based model and only address the first goal of integrity, ie ensuring that modifications to data aren’t made by unauthorised user’s or processes?
Biba
What are the two properties of Biba?
Simple Integrity Property
*-integrity property (Star Integrity Property)
In relation to Biba, what is the Simple Integrity Property?
A subject can’t read information from an object that has a lower integrity level than the subject. (otherwise known as no read down)
In relation to Biba, what is the *-integrity property?
A subject can’t write information to an object that has a higher integrity level than the subject (otherwise known as no write up)
Which integrity model meets the following criteria?
- establishes a security framework for use in commercial activities, such as the banking industry
- addresses all 3 goals of integrity
- identifies special requirements for inputting data
Clark-Wilson
The Clark-Wilson model specified which 4 requirements for inputting data?
Unconstrained Data Item (UDI)
Constrained Data Item (CDI)
Integrity Verification procedures (IVP)
Transformation Procedures (TP)
What is Unconstrained Data Item (UDI)?
data outside the control area such as input data
What is Constrained Data Item (CDI)?
Data inside the control area (integrity must be preserved)
What are Integrity Verification Procedures (IVP) used for?
Checks validity of CDI’s
What are Transformation Procedures (TP) used for?
Maintains integrity of CDI’s
Which integrity model is based on the concept of a “well formed transaction”, in which a transaction is sufficiently ordered and controlled so that it maintains internal and external consistency?
Clark-Wilson
Which Access Control model does the following describe?
- based on flow of information rather than imposing access controls
- uses a security policy to assign class, value and direction of flow from one application/system to another?
Information Flow Model
Which type of access control model is useful for analysing covert channels, through detailed analysis of the flow of information in a system including the sources of information and paths of flow?
Information Flow Model
Which Access Control Model ensures that the actions of different subjects and objects aren’t seen by (and don’t interfere with) other objects and subject on the same system?
Non-Interference Model
the standard fr quantifying the security of a computer system or network is known as?
Evaluation Criteria
What are the 4 common types of evaluation criteria?
- Common Criteria
- Trusted Computer System Evaluation Criteria (TCSEC)
- Trusted Network Interpretation (TNI)
- European Information Technology Security Evaluation Criteria (ITSEC)
TCSEC is commonly known by which other name?
The Orange book
Which Evaluation Criteria is the formal implementation of the Bell LaPadula model?
- Common Criteria
- Trusted Computer System Evaluation Criteria (TCSEC)
- Trusted Network Interpretation (TNI)
- European Information Technology Security Evaluation Criteria (ITSEC)
TCSEC
What were the 3 objectives of TCSEC?
- Measurement
- Guidance
- Acquisition
In relation to TCSEC, which objective provides a metric for assessing comparative levels of trust between different computer systems?
- Measurement
- Guidance
- Acquisition
- Measurement
In relation to TCSEC, which objective provides customers a standard for specifying acquisition requirements and identifying systems that meet those requirements?
- Measurement
- Guidance
- Acquisition
- Acquisition
In relation to TCSEC, which objective identifies standard security requirements that vendors must build into systems to achieve a given trust level?
- Measurement
- Guidance
- Acquisition
-Guidance
What are the 4 basic control requirements identified in the Orange Book?
- Security Policy
- Assurance
- Documentation
- Accountability
What are the 4 specific requirements of the TCSEC security policy?
- Discretionary Access Control
- Mandatory Access Control
- Object Re-use
- Labels
What does Object Re-Use protect against in relation to TCSEC?
protects confidentiality of objects that are re-assigned after initial use and can define procedures for actually erasing the data.
In which type of system are Labels required?
DAC or MAC systems?
MAC
What are the 3 labelling requirements of TCSEC?
integrity
export
subject/object
What is the difference between a “covert storage channel” and “covert timing channel”?
- covert storage channel conveys information by altering stored system data
- covert timing channel covey’s information by altering a system’s resources, performance or timing.
What are the 9 operation assurance requirements in TCSEC?
- System Architecture: system design that implements specific security features
- System Integrity: hardware and firmware tested to verify proper operation
- Covert Channel Analysis: detect unintended communication paths not protected by a systems normal security mechanisms
- Trusted Facility: assignment of an admin for security functions of system
- Trusted Recovery: Ensures that security isn’t compromised in the event of a system crash/failure
- Security testing: Specifies required testing
- Design specification and verification: requires mathematical and automated proof that design conforms with security policy
- Configuration Management: recording of changes made to TCB during design, development, maintenance
- Trusted Distribution: Protects system during transport from vendor to customer
What are the 3 requirements of Accountability in relation to TCSEC?
- Identification and Authentication
- Trusted Path
- Audit
What is the Trusted Path in TCSEC?
A direct communications path between the user and TCB that doesn’t require interaction with untrusted applications or OS layers.
What are the 4 TCSEC requirements for Documentation?
- Security Features User Guide
- Trusted Facility manual
- Test documentation
- Design documentation
The Orange Book defines four major hierarchical classes of security protection and numbered sub-classes. (higher number means higher security) What are they?
D: Minimal Protection
C: Discretionary Protection (C1 and C2)
B: Mandatory Protection (B1, B2, and B3)
A: Verified Protection (A1)
What is Class D: Minimal Protection used for?
Systems that fail evaluation
What is the difference between Class 1 (Discretionary Protection) and Class 2 (Controlled Access Protection)?
In C1 a system doesn’t have to distinguish between individual users and types of access whereas C2 does
B1 (Labelled Security Protection) has which requirement?
Sensitivity labels for all subjects and storage objects
B2 (Structured protection) has which 2 requirements?
Sensitivity labels for all subjects and objects and trusted path requirements
B3 (Security domains) has which requirement?
Access Control Lists and System must protect against covert channels
Which Class, C1 or C2 requires “Object Re-use” features?
C2 (Controlled Access Protection)
What are the 2 requirements of A1 (Verified Design)
- Formal Top level specification required
- configuration management procedures must be enforced throughout entire system life cycle.
What are the two requirements beyond the A1 class of protection for systems?
- Self-protection and reference monitors implemented in TCB
- TCB verified to source code level
Which of the following are MAC systems? D: Minimal Protection C: Discretionary Protection (C1 and C2) B: Mandatory Protection (B1, B2, and B3) A: Verified Protection (A1)
B: Mandatory Protection (B1, B2, and B3)
A: Verified Protection (A1)
Which of the following are DAC systems? D: Minimal Protection C: Discretionary Protection (C1 and C2) B: Mandatory Protection (B1, B2, and B3) A: Verified Protection (A1)
C: Discretionary Protection (C1 and C2)
What are the 4 limitations of the Orange Book?
- Addresses only confidentiality issues
- Isn’t applicable to most commercial systems
- emphasises protection from unauthorised access, however most violations involve insiders
- Doesn’t address networking issues
Which 2 elements of CIA does Trusted Network Interpretation address?
Confidentiality and Integrity
What is the Trusted network Interpretation otherwise known as?
The Red Book
What are the two parts of TNI?
- Part 1: A guideline for extending the system protection standards in TCSEC to cover networks.
- Part 2: Additional security features such as Communication Integrity, protection from Denial of Service and Transmission Security
Which of the elements of CIA does ITSEC address?
All 3
ITSEC evaluates an entire system (defined as Target of Evaluation (TOE)) rather than a single computing platform. True or False?
True
ITSEC evaluates functionality and assurance separately. How many functionality classes and evaluation levels are there?
10 functionality classes and 7 evaluation levels
How ITSEC classes and levels compare to TCSEC
NA & E0 equivalent to D
F-C1 & E1 equivalent to C1
F-C2 & E2 equivalent to C2
F-B1 & E3 equivalent to B1
F-B2 & E4 equivalent to B2
F-B3 & E5 equivalent to B3
F-B3 & E6 equivalent to A1
F-IN & NA equivalent to TOEs with high integrity requirements
F-AV & NA equivalent to TOEs with high availability requirements
F-DI & NA equivalent to TOEs with high integrity requirements during data communications
F-DC & NA equivalent to TOEs with high confidentiality requirements during data communications
F-DX & NA equivalent to Networks with high confidentiality and integrity requirements
What is the purpose of the Common Criteria?
To standardise and improve existing European and North American evaluation criteria
Which evaluation criteria is adopted as an international standard is ISO 15408?
Common criteria
How many Evaluation Assurance levels are there in common criteria?
8
Common criteria evaluation assurance levels along with TCSEC and ITSEC equivalents
EAL0 = NA = NA - Inadequate assurance EAL1 = NA = NA - Functionally tested EAL2 = C1 = E1 - Structurally tested EAL3 = C2 = E2 - Methodically tested and checked EAL4 = B1 = E3 - Methodically designed, tested, reviewed EAL5 = B2 = E4 - Semi formally designed and tested EAL6 = B3 = E5 - Semi formally verified designed/tested EAL7 = A1 = E6 - Formally verified design and tested
What is a Designated Approving Authority (DAA)?
An authority that grants accreditation of a system.
When should system certification and accreditation be verified?
When changes are made to the system and every 3 years
What are the two systems accreditation bodies for US military and government bodies respectively?
- the Defence Information Technology Security Certification and Accreditation Process (DITSCAP)
- the National Information Assurance Certification and Accreditation Process (NIACAP)
What are the 4 phases of DITSCAP?
- Definition - Security requirements are determined by defining the organisation and system’s mission, environment and architecture
- Verification - Ensures a system undergoing development remains compliant with the “System Security Authorisation Agreement” (SSAA)
- Validation - Confirms compliance with the SSAA
- Post-accreditation - Represents ongoing activities required to maintain ongoing compliance and address new and evolving threats.
NIACAP consists of the same 4 phases as DITSCAP, however what are the 3 additional phases?
Site accreditation - All applications and systems at a specific location are evaluated.
Type accreditation - A specific application or system for multiple locations is evaluated.
System accreditation - A specific application or system at a specific location is evaluated
What is the Director of Central Intelligence Directive (DCID) 6/3?
the process used to protect sensitive information that stored on CIA computers.
What is the Zachman Framework?
allows for the communication and collaboration of all entities in the development of the architecture. provides logical structure for integrating the various perspectives such as the plan, design and build aspects.
What is the Sherwood Applied Business Security Architecture Framework (SABSA)?
follows same outline as Zachman. hollistic lifecycle for developing security architecture that starts with assessing business requirements and then creating a “chain of traceability”
What is “The Open Group Architecture Framework (TOGAF)?
open framework for architecture design
What is ITIL?
- collection of best practices for IT governance
- defines structure and skill requirements
- sets operational procedures and practices
What is the Lipner Model?
combines elements of BellLaPadula and Biba with the idea of job functions or roles in a novel way to protect confidentiality and integrity.
What is the Brewer Nash Chinese Wall Model?
focuses on preventing conflict of interest when a given subject has access to objects with sensitive information associated with two competing parties.
What is the Graham Denning Model?
concerned with how subjects and objects are created, assigned rights and how ownership of objects is managed.
What is the Harrison-Ruzzo-Ullman model?
similar to Graham Denning and is composed of generic rights and a finite set of commands. also concerned with situations where a subject should be restricted from gaining particular privileges.
Which ISO standards are considered the stanard for security practices?
27001 and 27002
What is 27001 focused on?
standardisation and certification of an organisations ISMS. (security governance)
What does 27002 provide?
code of practice for information security management. lists security control objectives and rcomends range of security controls. is more of a guideline
What is COBIT?
- framework for IT management
What is Middleware?
connectivity software
