Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
Security perimeter |
A |
|
|
Reference monitor |
B |
|
|
Security kernel |
C |
|
|
ROM |
Read only memory |
|
|
PROM |
Programmable Read only memory You can program it after it is created. But after it is programmed it cannot be changed. |
|
|
EPROM |
Erasable programable readonly memory. You can remove a small sticker and expose it to UV light to delete data. Also called flashing |
|
|
EEPROM |
Electronic erasable programable read only memory. It is possible to modify the data electronically. |
|
|
Bell-LaPadula |
About protecting confidentiality. 3rules. Simple - No read up - cannot read higher classifications Star property - no write down. Not write s.t. People with lower acces get data. Strong star property - no read/write up/down = stay were you are. |
|
|
Biba |
About protecting integrity - No read down because it is not trusted. Star property - No write up because you don’t have the knowledge. Invocation property - no read/write up. (Down data dirty) |
|
|
Clark-Wilsson |
Don’t allow untrusted user to directly access your trusted resources (or they break them). Instead force them to access them through a trusted interface. |
|
|
DAC |
Discretionary access control - authorization based on permissions of the user. No knowledge of object sensitivity. Data owners can grant access. Identity based access control |
|
|
MAC |
Mandatory access control. Authorization based on user permissions and object labels. Data owners cannot grant access. |
|
|
RBAC |
Role based access control. Assign roles to user which then gives then determines the access. |
|
|
SOA |
Service orienten architecture. Vision how apps should be developed and integrated (loosely coupled, abstraction, reusable, stateless etc) |
|
|
XSS cross site script |
Cross site scripting - takes advantages of a users trust of a website |
|
|
CSRF |
Cross site request forgery - takes advantages of a websites trust of a user (ex. steal information to impersonate the user) |
|
|
Polyinstatiation |
Users with different access gets different kind of information to avoid giving clues of sensitive data. |
|
|
RFID |
Radio frequency id - the chips on cards etc. |
|
|
NFC |
Near field communication |
|
|
LBS |
Location based services - ex my location on my phone. |
