Security Models Flashcards

1
Q

Clark-Wilson Security Model

A

Authentication/Accessability (A in Clark for Authentication) - Seperation of Duties MUST be enforced. KEY words to look for: Transformation, Unconstrained, Integrity Verification, Prevent unauthorized changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Bell-LaPadula Model

A

Confidentiality - access matrix such as No Read Up, No Write down policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Biba Model

A

Integrity (I in Biba for integrity)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a Lattice Model

A

mathmatical structure that defines greatest lower-bound and lowest upper-bound values for a pair of elements like subject and object. Assocaited with MAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Capabilities List

A

Maintains a row of security attributes for each controlled object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Meaning of * (star) integrity in the Biba Model?

A

No Write Up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Meaning of Strong * (star) in the Bell-LaPadula

A

You can read and write up, restricted to info at their own level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Meaning of * (star) in Bell-LaPadula Model

A

can write up, but not read. Example: employees are required to provide input on a joint document that leadership sees. Leadership sees results of combined employee contributions but employees cannot see the combined document.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Lipner Model

A

Confidentiality AND integrity: assigns roles and each role assigned to specific domain. Cannot modify outside their domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Brewer-Nash (Chinese Wall) Model

A

Prevent conflict of interest by not allowing users to access confidential info of client organization and competitors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Graham-Denning Model

A

Subjects and objects are created, assigned rights and privileges. Prevent subjects from gaining access to objects - “Invocation”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Harrison-Ruzzo-Ullman Model

A

Similar to Graham-Denning; Dealing with Invocation - prevention of subjects from gaining access to objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly