Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
36 Cards in this Set
- Front
- Back
The _____ ______ model is a simple and intuitive model that assigns rights to subjects and objects. This model is also based upon the state machine model. This model identifies the access modes (read, write, etc) for each object that a subject can access. For each subject, there is one row in the matrix that defines the access modes for each object.
|
The Access Matrix model
|
|
The _______ ______ model is a variation of the access control model, in that it is based upon information flow and not access controls. This model makes it easier to look for cover channels and is often implemented in a lattice format.
|
Information Flow
|
|
______ ________ developed the lattice access control model. The mathematical structure of the lattice allows it to easily represent the different security levels. Every pair of elements has a greatest lower bound and a lowest upper bound. Every resource is also associated with one or more classes within the matrix. The classes stemmed from the military designations. A subject that is in the same or higher class can use objects that are in a particular class.
|
Dorothy Denning
|
|
-A plan and set of principles that describe the security services that a system is required to provide to meet the needs of its users, the system elements required to implement the services, and the performance levels required in the elements to deal with the threat environment.
|
Security architecture
|
|
-A schematic description of a set of entities and relationships by which a specified set of security services are provided by or within a system.
|
Security model
|
|
- The totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy. The totality of protection mechanisms within a computer system -including hardware, firmware, and software - the combination of that is responsible for enforcing a security policy.
|
Trusted computing base (TCB)
|
|
the Clark-Wilson model addresses all three integrity goals –
|
·Preventing unauthorized users from making modifications ·Maintaining internal and external consistency ·Preventing authorized users from making improper modifications.
|
|
The _____ _____ model relies upon the well-formed transaction. This is a transaction that has been structured and constrained enough as to be able to preserve the internal and external consistency requirements. It also requires that there be a separation of duty to address the third integrity goal and external consistency.
|
Clark-Wilson
|
|
(color book and number) A Guide to Understanding Discretionary Access Control in Trusted Systems [Version 1, 9/30/87]
|
NCSC-TG-003 [Neon Orange Book]
|
|
A Guide to Understanding Audit in Trusted Systems [Version 2 6/01/88]
|
NCSC-TG-001 [Tan Book]
|
|
Trusted Product Evaluation - A Guide for Vendors [Version 1 3/1/88]
|
NCSC-TG-002 [Bright Blue Book]
|
|
Glossary of Computer Security Terms [Version 1, 10/21/88]
|
NCSC-TG-004 [Aqua Book]
|
|
Trusted Network Interpretation [Version 1 7/31/87]
|
NCSC-TG-005 [Red Book]
|
|
A Guide to Understanding Configuration management in Trusted Systems [Version 1, 3/28/88]
|
NCSC-TG-006 [Orange Book]
|
|
A Guide to Understanding Trusted Facility Management [6/89]
|
NCSC-TG-015 [Brown Book]
|
|
TCSEC classifications of systems
is no security (weakest) is Mandatory is verified (strongest) is Discretionary |
D is no security (weakest)
C is Discretionary B is Mandatory A is verified (strongest) |
|
________ is an abstract machine which mediates all accesses to objects by subjects. This ensures that the subjects have the necessary access rights and protects the objects from unauthorized access.
|
Reference monitor
|
|
The ________ is the security problem most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the object.
|
Disclosure of residual data
|
|
A ________ will help define business functions that support the core area of the business for XPZ corporation. Through these definition, relationships and dependence on data can be identified and addressed.
|
logical architecture
|
|
__________ builds the components that will provide the services per the logical architecture.
|
Technical Architecture
|
|
A ________ is associated with moving data from its current state to the final state (in the situation part of application).
|
conversion plan
|
|
__________ is typically tied with relational database design which is not required in this situation as the application is being selected.
|
Data Model
|
|
_______ is a situation when the system does not have the resource free for other requests. A Denial-of-service attacks are known to exploit this limitation to cause deadlock for system peripherals such as memory, database or file access.
|
Deadlock
|
|
Database
DBMS? DDL? DML? |
Database
DBMS Database Management System DDL Data Definition Language DML Data Manipulation Language |
|
CPU terms
Scalar Processor SuperScalar Processor Pipelining |
CPU terms
Scalar Processor - One instructions at a time. SuperScalar Processor - Concurrent instructions at a time. Pipelining - combines steps of different processes |
|
Lattice Model
Information must flow into your _______ in order for you to access it. Security labels that consist of ______ and ______. |
Lattice Model
Information must flow into your category in order for you to access it. Security labels that consist of security levels and categories. |
|
Bell-LaPadula
Normal Star Stong Star |
Bell-LaPadula
Normal - No read up Star - No write down Stong Star - only same level |
|
BIBA & Clar Wilson have i's, they are concerned with _________.
|
BIBA & Clar Wilson have i's, they are concerned with Integrity.
|
|
BiBA
Opposite of BLP simple integrity star strong integrity star |
BiBA
Opposite of BLP simple integrity star - No read down strong integrity star - No write up |
|
Graham-Denning Model
Based off of what model? Concerned with what three parts? |
Clark-Wilson
Objects, subjects, and rights. |
|
Harrison-Ruzzo-Ullman based off what model?
What is the difference in this model? |
Graham-Denning model
Instead of 8 controls, adds more for greater granularity. |
|
Chinese wall model by _____ and _____, is only concerned with _____ of ______.
|
Chinese wall model by brewer and nash, is only concerned with conflict of interest.
|
|
______ book (color)
Deals with Security Has 4 classes A B C D |
Orange book (color)
Deals with Security Has 4 classes TCSEC A - Verified protected B - Mandatory protected C - discretionary protected D - Minimal Security |
|
ITSEC Functionality
This is the ______ standard E1 through E5 mirrors the _____ book ________ is E0 through E6 |
ITSEC Functionality
This is the European standard F1 through F5 mirrors the Orange book Assurance is E0 through E6 |
|
ISO Standard, 2nd attempt.
EAL 1: EAL 2: EAL 3: EAL 4: EAL 5: EAL 6: EAL 7: |
ISO Standard, 2nd attempt.
EAL 1: Functionally tested EAL 2: Structurally tested EAL 3: Methodically tested and checked EAL 4: Methodically designed, tested, and checked EAL 5: Semi-Formally designed and tested EAL 6: Semi-formally verified, designed, and tested. EAL 7: Formally verified, designed, and tested |
|
ISO 17799
____ based and _____ approach |
ISO 17799
risk based and holistic approach |