Sybex Chp 8 Flashcards
This access control model ensures that all instances of subjects accessing objects are secure.
State Machine Model
Take-Grant Model
Graham-Denning
Sutherland
Clark-Wilson
Bell LaPadula
Biba
Noninterference Model
Information Flow Model
Goguen-Meseguer
Access Control Matrix
State Machine Model
This access control model is designed to prevent unauthorized, insecure, or restricted information flow.
State Machine Model
Take-Grant Model
Graham-Denning
Sutherland
Clark-Wilson
Bell LaPadula
Biba
Noninterference Model
Information Flow Model
Goguen-Meseguer
Access Control Matrix
Information Flow Model
This access control model prevents the actions of one subject from affecting the system state or actions of another subject.
State Machine Model
Take-Grant Model
Graham-Denning
Sutherland
Clark-Wilson
Bell LaPadula
Biba
Noninterference Model
Information Flow Model
Goguen-Meseguer
Access Control Matrix
Noninterference Model
This access control model dictates how rights can be passed from one subject to another or from one subject to an object.
State Machine Model
Take-Grant Model
Graham-Denning
Sutherland
Clark-Wilson
Bell LaPadula
Biba
Noninterference Model
Information Flow Model
Goguen-Meseguer
Access Control Matrix
Take-Grant Model
This access control model indicates the actions or functions that each subject can perform on each object.
State Machine Model
Take-Grant Model
Graham-Denning
Sutherland
Clark-Wilson
Bell LaPadula
Biba
Noninterference Model
Information Flow Model
Goguen-Meseguer
Access Control Matrix
Access Control Matrix
In this access control model the subjects have a clearance level that allows them to access only those onjects with the corresponding classification levels. This enforces confidentiality.
State Machine Model
Take-Grant Model
Graham-Denning
Sutherland
Clark-Wilson
Bell LaPadula
Biba
Noninterference Model
Information Flow Model
Goguen-Meseguer
Access Control Matrix
Bell LaPadula
In this access control model prevents subjects with lower security levels from writing to objects with higher security levels.
State Machine Model
Take-Grant Model
Graham-Denning
Sutherland
Clark-Wilson
Bell LaPadula
Biba
Noninterference Model
Information Flow Model
Goguen-Meseguer
Access Control Matrix
Biba
This access control model relies on auditing to ensure that unauthorized subjects cannot access objects and that authorized users access objects properly.
State Machine Model
Take-Grant Model
Graham-Denning
Sutherland
Clark-Wilson
Bell LaPadula
Biba
Noninterference Model
Information Flow Model
Goguen-Meseguer
Access Control Matrix
Clark-Wilson
These two access control models enforce integrity while these two access control models focus on integrity.
State Machine Model
Take-Grant Model
Graham-Denning
Sutherland
Clark-Wilson
Bell LaPadula
Biba
Noninterference Model
Information Flow Model
Goguen-Meseguer
Access Control Matrix
Enforce: Biba, Clark-Wilson Focus: Goguen-Meseguer, Sutherland
This access control model focus on secure creation and deletion of both subjects and objects.
State Machine Model
Take-Grant Model
Graham-Denning
Sutherland
Clark-Wilson
Bell LaPadula
Biba
Noninterference Model
Information Flow Model
Goguen-Meseguer
Access Control Matrix
Graham-Denning
Allows a process to read and write to only certain memory locations and resources
Bounds
Confinement
Isolation
Confinement
Consist of limits set on memory addresses and resources a process can access.
Isolation
Confinement
Bounds
Bounds
It is the responsibility of the __________ to enforce logical bounds and disallow access to other processes.
Operating System
When a process is confined through enforcing access bounds.
Bounds
Isolation
Confinement
Isolation
This ensures that any behavior will affect only the memory and resources associated with the process.
Bounds
Confinement
Isolation
Isolation
True / False Physically bound memory can be very expensive but it’s more secure than logical bounds.
True
An assessment of the reliability and usability of security features in a real-world situation.
Assurance
This maintains a row of security attributes for each controlled object
Capabilities List
An Access Control Matrix is a table of subjects and objects and indicates the actions that each subject can perform on each object.
–Each column is an ACL (tied to the object)
——Easier to manage
–Each row is a Capabilities List (tied to the Subject)
——More diffidult to manage
A table of subjects and objects that indicate the actions or functions that each subject can perform on each object.
Access Control Matrix
An Access Control Matrix is a table of subjects and objects and indicates the actions that each subject can perform on each object.
–Each column is an ACL (tied to the object)
——Easier to manage
–Each row is a Capabilities List (tied to the Subject)
——More diffidult to manage
Columns in an Access Control Matrix are known as:
ACL
An Access Control Matrix is a table of subjects and objects and indicates the actions that each subject can perform on each object.
–Each column is an ACL (tied to the object)
——Easier to manage
–Each row is a Capabilities List (tied to the Subject)
——More diffidult to manage
ACLs are tied to the: Subject Object
Object
An Access Control Matrix is a table of subjects and objects and indicates the actions that each subject can perform on each object.
–Each column is an ACL (tied to the object)
——Easier to manage
–Each row is a Capabilities List (tied to the Subject)
——More diffidult to manage
True or False ACLs list the valid actions each subject can perform on an object.
True An Access Control Matrix is a table of subjects and objects and indicates the actions that each subject can perform on each object. –Each column is an ACL (tied to the object) ——Easier to manage –Each row is a Capabilities List (tied to the Subject) ——More diffidult to manage
Capabilities List are tied to the: Subject Object
Subject An Access Control Matrix is a table of subjects and objects and indicates the actions that each subject can perform on each object. –Each column is an ACL (tied to the object) ——Easier to manage –Each row is a Capabilities List (tied to the Subject) ——More diffidult to manage
Rows in an Access Control Matrix are known as:
Capabilities List
This access control model is focused on maintaining the confidentiality of objects
Bell-LaPadula
Downsides of Bell-LaPadula
Does not address:
1) integrity or availability of objects
2) file sharing
3) networking
4) does not address covert channels
Simple Security State
Bell-LaPadula No Read Up
Simple Integrity State
Biba No Read Down
Discretionary Security Property
Bell-LaPadula systems uses an access control matrix to enforce discretionary access control
* Security Property
Bell-LaPadula No Write Down
* Integrity Property
Biba No Write Up
Downsides of Biba
Does not address:
1) confidentiality or availability of objects
2) only focuses on external threats
3) no way to change subject or object classification level
4) does not address covert channels
In Bell-LaPadula and Biba, the __________ property always concerns reading Star Simple
simple
In Bell-LaPadula and Biba, the __________ property always concerns writing Star Simple
star
The property of the Access Control Model concerns itself with a “access control triple” (three part relationship of the subject / program (or transaction) / object. Subjects do not have direct access to objects. Objects can be accessed only through programs.
Clark-Wilson
In the Clark-Wilson access control model, __________ is the data item whose integrity is protected by the security model. Integrity Verification Procedure (IVP) Transformation Procedure (TP) Constrained Data Item (CDI) Unconstrained Data Item (UDI)
Constrained Data Item (CDI)
In the Clark-Wilson access control model, __________ is any data item that is not controlled by the security model. Integrity Verification Procedure (IVP) Transformation Procedure (TP) Constrained Data Item (CDI) Unconstrained Data Item (UDI)
Unconstrained Data Item (UDI)
In the Clark-Wilson access control model, __________ is a procedure that scans data items and confirms their integrity. Integrity Verification Procedure (IVP) Transformation Procedure (TP) Constrained Data Item (CDI) Unconstrained Data Item (UDI)
Integrity Verification Procedure (IVP)
In the Clark-Wilson access control model, __________ is a procedure that is allowed to modify a CDI. This limited access to CDIs forms the backbone of Clark-Wilson. Integrity Verification Procedure (IVP) Transformation Procedure (TP) Constrained Data Item (CDI) Unconstrained Data Item (UDI)
Transformation Procedure (TP)
True or False Clark-Wilson does not enforce separation of duties
False Clark-Wilson enforces separation of duties
In this access control model someone who works at Company C who has access to proprietary data for Company A should not also be allowed access to similar data for Company B if the two companies compete with each other.
Brewer Nash (Chinese Wall)
In this access control model a subject at one classification level will see one set of data and have access to one set of functions while a second subject at another classification level will see a different set of data and have a different set of functions.
Clark-Wilson
True or False Brewer Nash (Chinese Wall) enforces data isolation
True
this access control model focuses on creating an access control matrix
Graham-Denning
What was TCSEC used for?
TCSEC (Trusted Computer System Evaluation Criteria) was created by the DoD to impose security standards for the computer systems it purchased. Focused only on Confidentiality Four categories:
Category D - Minimal Protection
Category C - Discretionary Protection
Category B - Mandatory Protection
Category A - Verified Protection
Does not require reevaluation for OS upgrades, patches, application upgrades, or changes Superseded by Common Criteria (CC)
What was ITSEC used for?
Alternative for TCSEC and used by the Europeans Focused on Confidentiality, Integrity, Availability
Used a TOE (target of evaluation) to rate
–functionality
–assurance
Does not rely on a TCB (Trusted Computer Base)
Does not require reevaluation for OS upgrades, patches, application upgrades, or changes Superseded by Common Criteria (CC)
What is Common Criteria?
International standard that replaces TCSEC and ITSEC Use:
Protection Profiles (same thing as ITSEC TOES)
—-what customer wants Security Targets
—-what vendor says product can do Packages
—-additional features that can be purchased and added on
Problems with Common Criteria ratings?
CC ratings do not equate to a guarantee that systems are completely secure or are devoid of vulnerabilities CC guidelines do not address:
—physical security
—how subjects use the data securely
—issues related to personnel, organizational practices, or procedures
TCSEC level D corresponds to CC level __________
EAL0, EAL1
TCSEC – CC
D ———- EAL0, EAL1
C1 ———- EAL2
C2 ———- EAL3
B1 ———- EAL4
B2 ———- EAL5
B3 ———- EAL6
A1 ———- EAL7
TCSEC level C1 corresponds to CC level __________
EAL2
TCSEC – CC
D ———- EAL0, EAL1
C1 ———- EAL2
C2 ———- EAL3
B1 ———- EAL4
B2 ———- EAL5
B3 ———- EAL6
A1 ———- EAL7
TCSEC level C2 corresponds to CC level __________
EAL3
TCSEC – CC
D ———- EAL0, EAL1
C1 ———- EAL2
C2 ———- EAL3
B1 ———- EAL4
B2 ———- EAL5
B3 ———- EAL6
A1 ———- EAL7
TCSEC level B1 corresponds to CC level __________
EAL4
TCSEC – CC
D ———- EAL0, EAL1
C1 ———- EAL2
C2 ———- EAL3
B1 ———- EAL4
B2 ———- EAL5
B3 ———- EAL6
A1 ———- EAL7
TCSEC level B2 corresponds to CC level __________
EAL5
TCSEC – CC
D ———- EAL0, EAL1
C1 ———- EAL2
C2 ———- EAL3
B1 ———- EAL4
B2 ———- EAL5
B3 ———- EAL6
A1 ———- EAL7
TCSEC level B3 corresponds to CC level __________
EAL6
TCSEC – CC
D ———- EAL0, EAL1
C1 ———- EAL2
C2 ———- EAL3
B1 ———- EAL4
B2 ———- EAL5
B3 ———- EAL6
A1 ———- EAL7
TCSEC level A1 corresponds to CC level __________
EAL7
TCSEC – CC
D ———- EAL0, EAL1
C1 ———- EAL2
C2 ———- EAL3
B1 ———- EAL4
B2 ———- EAL5
B3 ———- EAL6
A1 ———- EAL7
Combination of the hardware, software, and controls that work together to form a trusted base to enforce your security policy.
Trusted Computer Base (TCB)
Imaginary boundary that separates the TCB from the rest of the system
Security Perimeter
The TCB communicates with the rest of the system through __________
Trusted Paths
Part of the TCB that enforces access control or authorization based on the desired security model (discretionary, mandatory, rule-based, etc.) The control enforcer for the TCB Mediates all access between subjects and objects. It enforces the system’s security policy, such as preventing a normal user from writing to a restricted file, such as the system password file. Always enabled and cannot be bypassed. LAWS
Reference Monitor
Collection of components in the TCB that work together to implement reference monitor functions COPS
Security Kernel
What is a confined process?
A process that can only access certain memory locations
What is an access object?
An access object is a resource a user or process wants to access.
