Week 1

Question 1

What are the most widely used mechanisms for authentication?

Answer 1

Something you know:

Password or pin

Something that you have:

Smart card or one-time password generator

Something that you are:

Facial scan/ photograph

Context location:

Your current location

Question 2

What are good systems for a password?

Answer 2

Good passwords are: long and random

Good systems:

• Allow for passwords of arbitrary length
• Store passwords hashed and salted

Question 3

What is Biometric?

Answer 3

Uses of characteristics of your body:

• Fingerprint
• Retina scan

To authenticate the identity

Question 4

What are Hardware Tokens?

Answer 4

Chip cards

One-time password generators

Your unicard

Question 5

What is an Access Control Model?

Answer 5

Focus on authorization:

*Specification of who is allowed to do what (permissions)

*How to update/ change permissions

A simple access control model AC is a relation:

AC = Subject x Object x Request

Question 6

Why can Access Control Models be complex?

Answer 6

Might depend on the system state

Subjects and permissions change over time

Access righs might require the fulfillment of obligations

Implementation bugs

Access control needs to be enforced

Question 7

What is an example for a simple permission check with Access Control Models?

Answer 7

(Achim, ExamECM2426,set) ∈ AC

Question 8

What are the various forms of Access Control?

Answer 8

Physical protection:

eg. gates, turnstiles

Network Traffic:

eg. Firewalls

Hardware

eg. Memory management

Operating System

eg. File system

Application Level

eg. Google login, databases

Question 9

What is a Security Policy?

Answer 9

Defines what is allowed (and/ or forbidden)

Similiar to a set of laws

Defined in terms of rules and/ or requirements

Question 10

What is a Security Model?

Answer 10

A formal representation of a class of systems

Highlights security features on a chosen level of abstraction

Provides a vocabulary to develop specific policies

Question 11

What is the Access Control Matrix Model?

Answer 11

The access control matrix model is a way to manage who can do what in a system. Imagine it like a grid or a table

Based on ideas of privileges of subjects on objects

Subjects: Users, processes, agents, groups

Objects: Data, memory banks, other processes, files…

Privileges: Right to read, write, modify

Question 12

What is a protection state in an Access Control Matrix Model?

Answer 12

A Protection state relative to a set of privileges P, is a triple (S,O,M) with:

A set of current subjects S

A set of current objects O

A access control matrix M

Question 13

What is an example of a Protection State?

Answer 13

File 1 File2 File3

Alice read,write

Bob read read

Charlie append write execute

Alice, Bob, Charlie are subjects

File1, File2, File3 are objects

Matrix entries are set of privileges (rights)

Question 14

What are the 3 Fundamental Comcepts of Security?

Answer 14

Confidentiality - Protecting information from disclosure to unauthorized parties

Integrity - Protecting information from being modified by unauthorized parties

Availability - Ensuring information is available (accessible) to authorized parties

Question 15

What is Identification?

Answer 15

Associating an identity with a subject

Question 16

What is Authentication?

Answer 16

Verifying validity of something (usuall the identity claimed by a system entity)

Question 17

What is Authorization?

Answer 17

Granting (or denying) the right of permission of a system entity to access an object

Question 18

What is Access Control?

Answer 18

Controlling access of system entities (on behalf of the subjects) to objects based on an access control policy (“security policy”)