Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

16 Cards in this Set

  • Front
  • Back
Chapter 3 Security Models and

Name four methods for isolating CPU processes.

1) Encapsulation of objects
2) Time multiplexing of shared
3) Naming distinctions
4) Virtual memory mapping

What are protection rings and what do they do?

Protection rings separate processes based on levels of trust. The OS Kernel is the most trusted, followed by the OS, then File System Drivers and OS Utilities, then finally, End-user Application processes.
Trusted Computing Base (TCB)

The combination of all security mechanisms within a computer:

1) I/O operations
2) Process activation
3) Domain switching
4) Memory protection
5) Hardware management

Bell-LaPadula Model

Concerned with protecting confidentiality, not integrity of data. Lattice-based. No read-up or write-down. Used primarily with military-based operating systems.

Biba Model

Model that addresses INTEGRITY of data.
- Integrity Star Property- A subject cannot write up.
- Simple Integrity Property- A subject cannot read down.

It addresses only the first of the three Integrity goals.

Clark-Wilson Model

Another INTEGRITY model, it is latice-based, and dictates that subjects must access data through an APPLICATION, separation of duties must be enforced, and auditing is required. Unlike Biba which addresses only one Integrity Goal, Clark-Wilson addresses all three. Used in commercial industry mainly.

Brewer and Nash Model

Also called the Chinese Wall model, protects against actions that would pose a conflict of interests.

Define TCSEC

TCSEC = Trusted Computer System Evaluation Criteria. It was developed from Bell-LaPadula, so it focuses on confidentiality instead of integrity. Also called the ORANGE BOOK. It has four ratings: A = Verified protection, B = Mandatory protection, C = Discretionary protection, D = Minimal security.

Define the Red Book
Guidance intended to include networking components, since the Orange Book (TCSEC) was interested in stand-alone systems.
Define ITSEC.
Infromation Technology Security Evaluation Criteria is a European standard as opposed to the TCSEC, which was American. TCSEC was very rigid, so the ISO developed ITSEC, which is more flexible. Both are being phased out in favor of the Common Criteria.
How are appliations and IT resources classified in the Common Criteria?
The Common Criteria uses 7 EALs or evaluation assurance levels, 1 being lowest, 7 highest. Several criterion went into developing the Common Criteria, including TCSEC, ITSEC, CTCPEC, and the Federal Criteria.
Which of the following best describes the security kernel and reference monitor relationship?
A. The SK holds the access rules, and the RM enforces them.
B. The RM holds the access ruels, and the SK enforces them.
C. The RM is a core piece of the OS, and the SK is an abstract machine.
D. The SK is trusted and within the TCB, and the RM is untrusted.
B. The RM is an abstract machine that holds the access permissions and ensures that the security policy of that system is supported and enforced. The SK enforces the RM's rules and must be invoked for each access request.
Which of the following is the total combination of protection mechanisms within a computer system?
B. Security perimeter
C. Security kernel
D. Security policy
A. The trusted computing base (TCB) encompasses every component that enforces the stated security policy, including software, hardware, and firmware.
Which of the following does not describe the Bib Model?
A. Integrity odel that addresses the first goal of integrity.
B. Has a "no write up" rule.
C. Uses a lattice of integrity levels.
D. Has a "no read up" rule.
D. The Biba model is an integrity model that addresses the first goal of integrity (Do not allow unauthorized users to make modifications). It has a "no write up" rule and a "no read down" rule and makes access decisions based on the integrity levels of the subjects and objects.
Which of the following accurately characterize the Bell-LaPadula model?
A. Uses "no write up" and "no read down" rules
B. Uses "no read up" and "no write down" rules
C. Integrity model enforcing the separation of duties
D. Mathematical theory used to address dynamically changing permissions.
B. The Bell-LaPadula model deals with confidentiality and dictates the subjects cannot write data down to objects of lower security levels and cannot read data that has a higher classification.
In the Orange Book, which of the following ratings is the first to require security labels?
A. B3
B. B2
C. C2
D. D
B. In TCSEC ratings, the B classification deals with mandatory access control models, thus requiring security labels.