Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
37 Cards in this Set
- Front
- Back
|
• If an application fails for any reason, it should go directly to a secure state.
|
• A database management system (DBMS) is the software that controls the
access restrictions, data integrity, redundancy, and the different types of manipulation available for a database. |
|
|
• In relational database terminology, a database row is called a tuple.
|
• A database primary key is how a specific row is located from other parts of the
database. |
|
|
• A view is an access control mechanism used in databases to ensure that only
authorized subjects can access sensitive information. |
• A relational database uses two-dimensional tables with rows (tuples) and
columns (attributes). |
|
|
• A hierarchical database uses a tree-like structure to define relationships
between data elements, using a parent/child relationship. |
• Most databases have a data definition language (DDL), a data manipulation
language (DML), a query language (QL), and a report generator. |
|
|
• A data dictionary is a central repository that describes the data elements
within a database and their relationships. A data dictionary contains data about a database, which is called metadata. |
• Database integrity is provided by concurrency mechanisms. One concurrency
control is locking, which prevents users from accessing and modifying data being used by someone else. |
|
|
• Entity integrity makes sure that a row, or tuple, is uniquely identified by a
primary key, and referential integrity ensures that every foreign key refers to an existing primary key. |
• A rollback cancels changes and returns the database to its previous state. This
takes place if there is a problem during a transaction. |
|
|
• A commit statement terminates a transaction and saves all changes to the
database. |
• A checkpoint is used if there is a system failure or problem during a
transaction. The user is then returned to the state of the last checkpoint. |
|
|
• Aggregation can happen if a user does not have access to a group of elements,
but has access to some of the individual elements within the group. Aggregation happens if the user combines the information of these individual elements and figures out the information of the group of data elements, which is at a higher sensitivity level. |
• Inference is the capability to derive information that is not explicitly available.
|
|
|
• Common attempts to prevent inference attacks are partitioning the database,
cell suppression, and adding noise to the database. |
• Polyinstantiation is the process of allowing a table to have multiple rows with
the same primary key. The different instances can be distinguished by their security levels or classifications. |
|
|
• Polymorphism is when different objects are given the same input and react
differently. |
• The two largest security problems associated with database security are
inference and aggregation. |
|
|
• Data warehousing combines data from multiple databases and data sources.
|
• Data mining is the process of massaging data held within a data warehouse to
provide more useful information to users. |
|
|
• Data-mining tools produce metadata, which can contain previously unseen
relationships and patterns. |
• Security should be addressed in each phase of system development. It should
not be addressed only at the end of development, because of the added cost, time, and effort and the lack of functionality. |
|
|
• Systems and applications can use different development models that utilize
different life cycles, but all models contain project initiation, functional design analysis and planning, system design specifications, software development, installation, operations and maintenance, and disposal in some form or fashion. |
• Risk management and assessments should start at the beginning of a project
and continue throughout the lifetime of the product. |
|
|
• If proper design for a product is not put into place in the beginning, more
effort will have to take place in the implementation, testing, and maintenance phases. |
• Separation of duties should be practiced in roles, environments, and
functionality pertaining to the development of a product. |
|
|
• A programmer should not have direct access to code in production. This is an
example of separation of duties. |
• Certification deals with testing and assessing the security mechanism in a
system, while accreditation pertains to management formally accepting the system and its associated risk. |
|
|
• Change control needs to be put in place at the beginning of a project and
must be enforced through each phase. |
• Changes must be authorized, tested, and recorded. The changes must not affect
the security level of the system or its capability to enforce the security policy. |
|
|
• Iterative development is a software development method that follows a cyclic
approach to software development. |
• Waterfall development is a software development method that is a classical
method using discrete phases of development that require formal reviews and documentation before moving into the next phase of the project. |
|
|
• Spiral development is a software development method that is a method that
builds upon the waterfall method with an emphasis on risk analysis, prototypes, and simulations at different phases of the development cycle. This method periodically revisits previous stages to update and verify design requirements. |
• Security testing is a comprehensive analysis technique that tests programs
under artificially created attack scenarios. |
|
|
• High-level programming languages are translated into machine languages for
the system and its processor to understand. |
• Source code is translated into machine code, or object code, by compilers,
assemblers, and interpreters. |
|
|
What may the life tenant do if changed conditions have made the property relatively worthless
(Ameliorative Waste) |
He may alter the property without incurring liability for waste.
KEY: CHANGE CONDITIONS have made the property RELATIVELY WORTHLESS. |
|
|
• Objects communicate with each other through messages.
|
• A method is functionality that an object can carry out.
|
|
|
• Data and operations internal to objects are hidden from other objects, which
is referred to as data hiding. Each object encapsulates its data and processes. |
• Objects can communicate properly because they use standard interfaces.
|
|
|
• Object-oriented design represents a real-world problem and modularizes the
problem into cooperating objects that work together to solve the problem. |
• If an object does not require much interaction with other modules, it has low
coupling. |
|
|
• The best programming design enables objects to be as independent and
modular as possible; therefore, the higher the cohesion and the lower the coupling, the better. |
• An object request broker (ORB) manages communications between objects
and enables them to interact in a heterogeneous and distributed environment. |
|
|
• Common Object Request Broker Architecture (CORBA) provides a standardized way for objects within different applications, platforms, and
environments to communicate. It accomplishes this by providing standards for interfaces between objects. |
• Component Object Model (COM) provides an architecture for components to
interact on a local system. Distributed COM (DCOM) uses the same interfaces as COM, but enables components to interact over a distributed, or networked, environment. |
|
|
• Open Database Connectivity (ODBC) enables several different applications to
communicate with several different types of databases by calling the required driver and passing data through that driver. |
• Object linking and embedding (OLE) enables a program to call another
program (linking) and permits a piece of data to be inserted inside another program or document (embedding). |
|
|
• Dynamic Data Exchange (DDE) enables applications to work in a client/server
model by providing the interprocess communication (IPC) mechanism |
• Distributed Computing Environment (DCE) provides much of the same
functionality as DCOM, which enables different objects to communicate in a networked environment. |
|
|
.• DCE uses universal unique identifiers (UUIDs) to keep track of different
subjects, objects, and resources. |
• An expert system uses a knowledge base full of facts, rules of thumb, and
expert advice. It also has an inference machine that matches facts against patterns and determines which rules are to be applied. |
|
|
• Expert systems are used to mimic human reasoning and replace human experts.
|
• Expert systems use inference engine processing, automatic logical processing,
and general methods of searching for problem solutions. |
|
|
• Artificial neural networks (ANNs) attempt to mimic a brain by using units
that react like neurons. |
• ANNs can learn from experiences and can match patterns that regular
programs and systems cannot. |
|
|
• Java security employs a sandbox so the applet is restricted from accessing the
user’s hard drive or system resources. Programmers have figured out how to write applets that escape the sandbox. |
• ActiveX uses a security scheme that includes digital signatures. The browser
security settings determine how ActiveX controls are dealt with. |
|
|
• SOAP allows programs created with different programming languages and
running on different operating systems to interact without compatibility issues. |
• A virus is an application that requires a host application for replication.
|
|
|
• Macro viruses are common because the languages used to develop macros are
easy to use and they infect Office products, which are everywhere. |
• A boot sector virus overwrites data in the boot sector and can contain the rest
of the virus in a sector it marks as “bad.” |
|
|
• A stealth virus hides its tracks and its actions.
|
• A polymorphic virus tries to escape detection by making copies of itself and
modifying the code and attributes of those copies. |
|
|
• Multipart viruses can have one part of the virus in the boot sector and another
part of the virus on the hard drive. |
• A self-garbling virus tries to escape detection by changing, or garbling, its
own code. |
|
|
• A worm does not require a host application to replicate.
|
• A logic bomb executes a program when a predefined event takes place, or a
date and time are met. |
|
|
• A Trojan horse is a program that performs useful functionality and malicious
functionally without the user knowing it. |
• Smurf and Fraggle are two examples of DoS attacks that take advantage of
protocol flaws and use amplifying networks. |
