Week 4 Flashcards
What is the flow of data assets to an unauthorized external party?
jpresue
Data Leakage
Data at rest is commonly
Stored in external storage devices
Method of storing data encryption keys to a certified third party
key escrow
CPTED means
Crime Prevention Through Environmental Design
Fundamental organization of a system embodied in its components, their relationships to each other and to the environment, and the principles guiding its design and evolution.
Architecture
Collection of document types to convey an architecture in a formal manner
Architecture Description
Individual, team, or organization with interests in or concerns relative to a system
Stakeholder
Representation of a whole system from the perspective of a related set of concerns
View
Specification of the conventions for constructing and using a view
Viewpoint
Computer Architecture encompasses what?
Operating system
Memory chips
Logic circuits
Storage devices
Input and output devices
Networking component
Data, memory and control buses
Five responsibilities of memory manager
Relocation, Protection, Sharing, Logical Organization, Physical Organization
To make sure a process only interacts with its memory segment, what does the CPU use?
Base Register, Limit Register
Reserved Hard drive space used to extend RAM capabilities
Swap Space
Referred to as “The Big Mess” because of lack of structure
Monolithic Operating System
Sample of MOnolithic Operating System
MS DOS
Separates system functionality into hierarchical layes
Layered Operating System Architecture
THE stands for
TechnischeHogeschoolEindhoven multiprogramming system
How many layers does THE has?
5
2 types of security models
Lattice-based model, Rule-based model
Layer Based security model?
Lattice-based
Specific rules dictate how security operates
Rule-Based
state machine model that enforces the confidentiality aspects of access control that was developed in the 1970s
Bell-LaPadula
System that employs the Bell-LaPadula model
multilevel security system
Main rules used and enforced in Bell-LaPadula model
Simple Security, Star Property, Strong Star Property
State machine model that is developed after bell-lapadula
Biba Model
3 main rules of Biba Model
Integrity Axiom, Simple Integrity Axion, Invocation Property
Model that separates data into Subsets
Clark-Wilson Model
Also Called the Chinese Wall model; was created to provide access controls that can change dynamically depending upon a user’s previous actions
Brewer & Nash Model
Addresses and defines a set of basic rights in terms of commands that a specific subject can execute on an object
Graham-Denning
Operating System level computer security model, which deals with the integrity of access rights
Harrison, Ruzzo, Ullman Model
When was the first version of Common Criteria released?
1993
Common Criteria is also called
ISO 15408
Comprehensive technical evaluation of the security components and their compliance for the purpose of accreditation
Certification
Provides proof of the origin, authenticity and integrity of data
non-repudiation
mathematical function that converts any digital data into an output string with a fixed number of characters
Hash Function
Happens when two different inputs have the same output when passed through a hash algorithm
Collision
Encryption algorithm that utilizes the SAME KEY for encryption and decryption
Symmetric Encryption
Algorithm that utilizes public and private key
Asymmetric Encryption
number of bits in a key used by a cryptographic algorithm
Key Space
