Security Architectures Flashcards

1
Q

Threat Modeling

A

As the process of describing probable adverse effects on our assets caused by specific threats sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When we do threat modeling….what do we consider

A
  • Important to only consider dangers
  • Potential impact of those threats
  • Specify threat sources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Attack Trees

A

Is a graph showing how individual actions by attackers can be chained together to achieve their goals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Attack tree lend themselves to a methodology known as reduction analysis….there are 2 aspects:

A
  1. Reduce the number of attacks
  2. Reduce the threat posed by the attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

STRIDE
Developed by Microsoft in 1999

A

Is a threat modeling framework that evaluates a system’s design using flow diagrams, systems entities, and events related to a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The Lockheed Martin Cyber Kill Chain

A
  • It is used to anticipate the intent and actions of an enemy and then develop a plan to get inside their decision loop and defeat them.
  • The term kill chain evolved to describe the process of identifying a target, determining the best way to engage it, amassing the required forces against it, engaging it, and destroying it.
  • It identifies the steps that threat actors generally must complete to achieve their objectives.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

7 Stages of the Lockheed Martin Cyber Kill Chain

A
  1. Reconnaissance
  2. Weaponization
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command and Control
  7. Action on Objective
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

STRIDE
Mnemonic

A

S - Spoofing
T - Tampering
R - Repudiation
I - information Disclosure
D - Denial of Service
E - Elevation of Privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cyber Kill Chain is a high level framework

A

It is one of the most commonly used one for modeling threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

MIRATE Corporation developed a framework of…

A

Adversarial Tactics, Techniques & Common Knowledge called ATT&CK as a comprehensive tactics and techniques used by threat actors
- 14 Tactics contains a number of techniques—> sub-techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why Bother with threat modeling

A

Threat modeling allows us to simplify some of the activities of our adversaries so we can drill into the parts that really matter to us as defenders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Basic Security questions 3 questions:

A
  • Why might someone want to target our organization (Motive)
  • How could they go about accomplishing their objectives (Means)
  • When and where would they attack us (Opportunity)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Defence in Depth

A
  • Which is the coordinated use of multiple security controls in a layered approach.
  • Multilayered defence systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Zero Trust

A
  • The Zero Trust model is one in which every entity is considered hostile until proven otherwise.
  • Built inside out.
  • this is not 100% practical as it may impact productivity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Trust But Verify

A

Basically mean that, even when an entity and its behaviours are trusted, we should double-check both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Shared Responsibility

A

Refers situation in which a service provider is responsible for certain security controls, while the customer is responsible for others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Separation of Duties

A

SoD, in which important functions are divided among multiple individuals to ensure that no one person has the ability to intentionally or accidentally cause serious losses to the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Least Privilege

A
  • Least Privilege, states that people are granted exactly the access and authority that they require to do their jobs, and nothing more.
  • Need-to-know principle is similar to the least privilege principle
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Authorization Creep

A

As Employees work at an organization over time and move from one department to another, they often are assigned more and more access rights and permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Keep it Simple

A

The more complex a system is, the more difficult it is to understand and protect it. Simplicity is the key.

21
Q

Secure Defaults

A
  • Means that every system starts off in a state where security trumps use friendliness and functionality.
  • the goal of secure defaults is to start everything in a place of extreme security and then intentionally loosen things until users can get their jobs done, but no further.
22
Q

Fail Securely

A

In the even of an error, information systems ought to be designed to behave in a predictable and non compromising manner.

23
Q

Privacy by design

A
  • The best way to ensure privacy of user data is to incorporate data protection as an integral part of the design of an information system, not as an afterthought or later-stage feature
  • 7 foundational principle
24
Q

Security Model

A

A Security model is a more formal way to capture secure principles. Where a principle is a rule of thumb that can be adapted to different situations, the security models we describe here are very specific and verifiable.

25
Q

Bell-LaPadula Model developed in 1970s

A

-Enforces the confidentiality aspects of access control.
- Prevent secret information from being accessed in an unauthorized manner.
- First mathematical model of multilevel security policy used to define the concept of secure modes of access and outlined rules of access.
- a system that employs this model is called multilevel security system

26
Q

3 main rules are used and enforced in Bell-LaPadula model:

A
  • Simple Security rule: Subject given security level cannot read data readies at a higher security level.
  • *- Property (star property) rule: Subject given in a security level cannot write information to a lower security level
  • Strong star property rule: A subject who has read and write capabilities can only perform both of those functions at the same security level. Nothing higher, nothing lower
27
Q

Biba Model

A
  • The Biba model is a security model that addresses the integrity of data within a system. It is not concerned with security levels and confidentiality.
28
Q

3 Main rules of Biba Model

A

-*-integrity axiom: A subject cannot write data to an object at a higher integrity level.
- Simple Integrity Axiom: A subject cannot read data from a lower integrity level
- Invocation property: A subject cannot request service (invoke) at a higher integrity

29
Q

Examples of Informational flow models

A
  • Bell-LaPadula
  • Biba
30
Q

Clark-Wilson Model
(Integrity of Information)
Uses the following 5 elements

A
  • Users: Active agents
  • Transformation procedures (TPs): Programmed abstract operations, such as read, write, and Modify
  • Constrained data items (CDIs): can be manipulated by TPs
  • Unconstrained data items (UDI): can be manipulated by users via primitive read and write operations
  • Integrity verification procedures (IVPs): Check the consistency of CDI with external reality
31
Q

Clark-Wilson Model
Focuses on well-formed transactions and SoD. Why called ‘access triple’:

A
  1. One subset of highly protected Constrained Data Items
  2. Subset Unconstrained data items does not require high level of protection
  3. Users cannot modify Critical data
32
Q

Noninterference Model

A
  • Multilevel security properties can be expressed in many ways, one being noninterference.
  • Action that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level.
  • not about flow of data but rather with what subject knows about the state of the system.
33
Q

Covert Channels

A

A covert channel is a way for an entity to receive information in an unauthorized manner.

34
Q

Covert Channels are of 2 Types

A
  1. Storage: processes are able to communicate through some type of storage space on the system
  2. Timing: one process relays information to another by modulating its use of system resources.
35
Q

Brewer and Nash Model (aka Chinese Wall Model)
Main goal: Potect from conflict of interest and dynamically changing access controls

A

States that:
- A subject can write to an object
- If and only if,
- the subject cannot read another object that is in a different dataset.

36
Q

Graham-Denning Model

A

Addresses some of these issues and defines a set of basic rights in terms of commands that a specific subject can execute on an object

37
Q

Graham-Denning Model
8 Primitive Protection Rights

A
  • How to securely create an object
  • How to securely create a subject
  • How to securely delete an object
  • How to securely delete a subject
  • How to securely provide the read access right
  • How to securely provide the grant access right
  • How to securely provide the delete access right
  • How to securely provide the transfer access right
38
Q

Harrison-Russo-Ullman Model

A

Deals with access rights of subjects and the integrity of those rights.

39
Q

Trusted Platform Module (TPM)

A
  • Is a hardware component installed on the motherboard of modern computers that is dedicated to carrying out security functions involving the storage of cryptographic key and digital certificates, symmetric and asymmetric encryption, and hashing.
  • TPM was devised by the Trusted Computing Group (TCG)
40
Q

Use cases of Trusted Platform Module (TPM

A
  • encrypting the content of the hard drive
  • Sealing a system’s state to a particular hardware and software configuration. Hash value generated store in its memory. A sealed system will be activated only after the TPM verifies the integrity of system’s configuration by comparing it with the original “sealing” value.
41
Q

Trusted Platform Module (TPM) internal memory is divided into 2 different segments:

A
  • Persistent (static) memory
    1. Endorsement Key (EK): A public/ private key pair that is installed in the TPM at the time of manufacture and cannot be modified.
    2. Storage Root Key (SRK): The master wrapping key used to secure the keys stored in the TPM
  • Versatile (dynamic) memory
    1. Platform Configuration Registers (PCRs): Used to store cryptographic hashes of data used for TPM’s sealing functionality
    2. Attestation Identity Keys (AIKs): Used for the attestation of TPM chip itself to service providers
    3. Storage keys: Used to encrypt the storage media of the computer system
42
Q

Hardware Security Module (HSM)
(The U.S. Federal Information Processing Standard (FIPS) 140-2 is the widely recognized standard for evaluating the security of an HSM)

A

HSM is a removable expansion card or external device that can generate, store, and manage Cryptographic keys

43
Q

Self-Encryption Drive (SED)

A
  • Full-disk encryption (FDE) refers to approaches used to encrypt the entirety of data at rest on a disk drive
  • SED is a hardware-based approach to FDE in which a cryptographic module is integrated with the storage media into one package
44
Q

Why need Bus Encryption?
(While the self-encrypting drive protects the data as it rests on the drive, it decrypts the data prior to transferring in to memory use) Possible 3 attacks:

A
  1. On the external bus connecting the drive to the motherboard,
  2. In Memory
  3. On the bus between motherboard and CPU
45
Q

Bus Encryption means:
(User in ATM machines)

A

Data and instructions are encrypted prior to being put on the internal bus, which means they are also encrypted everywhere else except when data is being processed.
- this require Cryptoprocessor.

46
Q

3 ways to Secure Processing:

A
  1. Create a specifically protected part of the computer in which only trusted applications can run with little or no interaction with each other or those outside the trusted environment
  2. Build extensions into the processors that enable them to create miniature protected environment for each application
  3. Write application temporarily lock processor and/or other resources to ensure nobody interferes with them until they’re down with a specific task
47
Q

Trusted Execution Environment (TEE)
(Used in apple products are Secure Enclaves)

A

Is a software environment in which special applications and resources have undergone rigorous checks to ensure they are trustworthy and remain protected
- TEE exists with untrusted rich execution environments (REE) on the same platform

48
Q

Process Security Extensions

A

Are instructions that provide these security features in the CPU and can be used to support a TEE.

49
Q

Atomic Execution

A
  • Atomic Execution is an approach to controlling the manner in which certain sections of a program run so that they cannot be interpreted between the start and end of a section
  • Atomic execution protects against a class of attacks called time-of-check to time-of-use (TOC/TOU).