Chapter 9 - Security Architecture And Design

Front 1

What are the 8 security models?

Back 1

1. Biba
2. Bell LaPadula
3. Access Matrix
4. Take-Grant
5. Clark-Wilson
6. Multi-Level
7. Mandatory Access Control
8. Discretionary Access Control

Front 2

What are the 3 information systems evaluation models?

Back 2

1. Common Criteria
2. TCSEC
3. ITSEC

Front 3

What is a model?

Back 3

A model is a simplified representation used to explain a real world system.

Front 4

What does DAC stand for?

Back 4

Discretionary access control.

Front 5

What does RBAC stand for?

Back 5

Role-based access control.

Front 6

What does NRU stand for?

Back 6

No Read Up

Front 7

What does NWD stand for?

Back 7

No Write Down

Front 8

What is the Bell LaPadula Security Model?

Back 8

• State machine model that addresses the confidentiality of information.
• NRU, NWD

Front 9

What is the Biba security model?

Back 9

The first formal INTEGRITY model, by preventing modifications to data by unauthorized persons.

NRD, NWU

Front 10

What is the Clark-Wilson Security Model?

Back 10

Integrity model with two principals: users and programs (called TPs) that operate on two types of data: UDIs and CDIs.

Front 11

What does UDI stand for?

Back 11

Unconstrained data items

Front 12

What does CDI stand for?

Back 12

Constrained data items

Front 13

What does TP stand for?

Back 13

Transformation procedures.

(Another word for programs)

Front 14

What does IVP stand for?

Back 14

Integrity Verification Procedure.

Front 15

What is an IVP?

Back 15

A type of TP that is used to transform UDIs into CDIs.

Front 16

What 2 sets of rules does the Clark-Wilson Security Model use?

Back 16

1. Certification (C)
2. Enforcement (E)

Front 17

What is C1?

Back 17

An IVP must ensure that CDIs are valid.

Front 18

What is C2?

Back 18

From a give CDI, a TP must transform the CDI from one valid state to another valid state.

Front 19

What is C3?

Back 19

Allowed relations (or "triples" that consist of a user, a TP, and one or more CDIs) must enforce separation of duties.

Front 20

What is C4?

Back 20

TPs must create a transaction log that contains all transaction details.

Front 21

What is C5?

Back 21

TPs that accept a UDI as input may perform only valid transactions on the UDI (to convert it to a CDI) or reject the UDI.

Front 22

What is E1?

Back 22

The system must permit only the TPs certified to operate on a CDI to actually do so.

Front 23

What is E2?

Back 23

The system must maintain the associations between users, TPs, and CDIs. The system must prevent operations outside of registered associations.

Front 24

What is E3?

Back 24

Every user must be authenticated before they may run a TP.

Front 25

What is E4?

Back 25

Only a TP's certifier may modify its associations.

Front 26

What is the Access Matrix Security Model?

Back 26

Two dimensional matrix that defines which subjects are permitted to access which objects.

Front 27

What is the Multi-Level Security Model?

Back 27

• Used by a system that has several levels of security and is used by persons of varying security levels.
• System will control access to objects according to their level and the level of the persons accessing them.

Front 28

What is the MAC Security Model?

Back 28

• System controls access to resources
• When a subject requests access to an object, the system examines the user's identity and access rights, and compares to access permissions of the object
• System then permits or denies access

Front 29

What is the DAC Security Model?

Back 29

The owner of an object controls who and what may access it. Access is at the owner's DISCRETION.

Front 30

What is the Role-based Access Control (RBAC) Security Model?

Back 30

• Access permissions are granted to "roles" instead of "persons".
• Provides consistent access
• Makes changes much easier, because they involve changes to roles instead of to individuals.

Front 31

What is the Non-interference Security Model?

Back 31

• Specifies that low inputs and outputs will not be altered by high inputs and outputs.
• In other words, activities at a higher security level cannot be detected (and will not interfere with) at lower security levels.
• Prevents leakage of information from higher security levels to lower security levels.

Front 32

What is the Information Flow Security Model?

Back 32

• Based upon flow of information rather than on access controls.
• Data objects are assigned to a class or a level of security
• Flow of objects are controlled by security policy that specifies where objects of various levels are permitted to flow.

Front 33

What are the 6 evaluation models?

Back 33

1. Common Criteria
2. TCSEC
3. TNI
4. ITSEC
5. SEI-CMMI
6. SSE-SMM

Front 34

What is the formal name for Common Criteria?

Back 34

Common Criteria for Information Technology Security Evaluation

Front 35

What ISO # is Common Criteria?

Back 35

ISO 15408

Front 36

What is EAL1?

Back 36

Functionally Tested.

Front 37

What is EAL2?

Back 37

Structurally tested.

Front 38

What is EAL3?

Back 38

Methodically Tested and Checked.

Front 39

What does EAL stand for?

Back 39

Evaluation Assurance Level.

Front 40

What is EAL4?

Back 40

Methodically Designed, Tested and Reviewed.

Front 41

What is EAL5?

Back 41

Semiformally Designed and Tested.

Front 42

What is EAL6?

Back 42

Semiformally Verified Design and Tested.

Front 43

What is EAL7?

Back 43

Formally Verified Design and Tested.