Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
61 Cards in this Set
- Front
- Back
Temporary storage available to the computer, usually in the form of RAM.
|
Real storage
|
|
Non-volatile memory sources such as CDROMS, hard disks, and USB drives.
|
Secondary storage
|
|
Space on secondary storage used to increase the apparent primary storage.
|
Virtual memory
|
|
Storage that must be accessed in order from beginning to end.
|
Sequential
|
|
Volatile memory that can be static or dynamic.
|
Random access memory (RAM)
|
|
ROM devices that may be erased and rewritten through the use of an ultraviolet light.
|
Erasable programmable read only memory (EPROM)
|
|
ROM devices that may be erased and rewritten through the use of electricity.
|
Electrically erasable programmable read only memory (EEPROM)
|
|
Four operating states of the CPU.
|
Ready, supervisory, problem, wait
|
|
An executing program with its own memory space.
|
Process
|
|
Streams of execution.
|
Threads
|
|
Systems that can process multiple threads simultaneously.
|
Multithreading
|
|
Systems that can process multiple processes simultaneously.
|
Multitasking
|
|
Systems that can use more than one processor simultaneously.
|
Multiprocessing
|
|
The ring that the kernel operates in.
|
Ring 0
|
|
The ring that OS components other than the kernel operate in.
|
Ring 1
|
|
The ring that input/output software operates in.
|
Ring 2
|
|
The ring that user level applications operate in.
|
Ring 3
|
|
Security mode where each subject must have clearance for all information on the system and a need to know for all information.
|
Dedicated
|
|
Security mode where each subject must have clearance for all information on the system and a valid need to know some of the information.
|
System high
|
|
Security mode where each subject must have clearance for most restricted information on the system and a valid need to know.
|
Compartmented
|
|
Security mode where some subjects do not have clearance for all information and each subject has need to know for all the information that they will access.
|
Multilevel
|
|
The combination of protection mechanisms within a system.
|
Trusted computing base (TCB)
|
|
Methods used to protect resources assigned to one protection domain from processes in another protection domain.
|
Data hiding or layering
|
|
Four access control models.
|
State machine, access matrix, take-grant, bell-lapadula
|
|
Access control model that allows the operating system to transition only between a series of well defined states.
|
State machine model
|
|
Access control model that uses a combination of read, write, and execute permissions assigned to various users.
|
Access matrix model
|
|
Access control model that uses directed graphs to illustrate security permissions that one object can take from another and those that the object can grant to another object.
|
Take-grant model
|
|
Access control model that is a lattice model designed to strictly enforce the military's MAC model. No read up, no write down.
|
Bell-lapadula
|
|
Two integrity models.
|
Biba, clark-wilson
|
|
A lattice-based modelthat is similar to the Bell-lapadula model. No write up, no read down.
|
Biba
|
|
Integrity model that enforces separation of duties to maintain data integrity.
|
Clark-wilson
|
|
Rainbow series book that includes the DoD trusted computer systems evaluation criteria (TCSEC).
|
Orange book
|
|
Rainbow series book that included the trusted network interpretation of TCSEC.
|
Red book
|
|
Seven criteria for evaluating systems as specified in the TCSEC.
|
Security policy, identification, labels, documentation, accountability, lifecycle assurance, continuous protection.
|
|
Seven TCSEC designations.
|
D, C1, C2, B1, B2, B3, A1
|
|
TCSEC designation indicating minimal protection.
|
D
|
|
TCSEC designation indicating discretionary protection and requiring DAC, identification and authentication, assurance of system architecture and integrity, lifecycle assurance of security testing, and documentation.
|
C1
|
|
TCSEC designation indicating controlled access protection systems that must meet all of the C1 criteria plus object reuse policy and audit.
|
C2
|
|
TCSEC designation indicating labeled security protection systems that must meet all of the criteria for C2 plus, label integrity policy, policies on exportation of labeled information to single level devices, multilevel devices, and human readable output, MAC, and lifecycle assurance of design specification and verification.
|
B1
|
|
TCSEC designation indicating structured protection systems that must meet all of the criteria for B1 systems plus policies that address subject sensitivity labels and device labels, trusted path for identification and authentication, additions to operational assurance of covert channel analysis and trusted facility management, and the addition of configuration management to lifecycle assurance.
|
B2
|
|
TCSEC designation indicating security domains systems that must meet all of the criteria for B2 systems plus trusted recovery operation assurance and use of a trusted computing base small enough that it can be subjected to rigorous testing.
|
B3
|
|
TCSEC designation indicating verified design systems that must be developed using a formal design specification and verification techniques that follow a five step model.
|
A1
|
|
Profiles which specify security requirements for a product.
|
Protection profiles
|
|
Design claims made by vendors to provide a structured system for the evaluation of information technology products.
|
Security targets
|
|
EAL level for functionally tested
|
EAL1
|
|
EAL level for structurally tested.
|
EAL2
|
|
EAL level for methodically tested and checked.
|
EAL3
|
|
EAL level for methodically designed tested and reviewed.
|
EAL4
|
|
EAL level for semi-formally designed and tested.
|
EAL5
|
|
EAL level for semi-formally verified design and tested.
|
EAL6
|
|
EAL level for formally verified design and tested.
|
EAL7
|
|
A comprehensive evaluation of the technical and non-technical security features of an IT system to establish the extent that the design and implementation meet a set of specified security requirements.
|
Certification
|
|
A formal declaration that an IY system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
|
Accreditation
|
|
Unintended communications paths that allow the surreptitious transfer of information outside of normal security controls and mechanisms.
|
Covert channel
|
|
Covert channels that relay information by modulating consumption of system resources.
|
Timing channels
|
|
Covert channels that relay information between processes by writing data to a storage system.
|
Storage channels.
|
|
Attacks that siphon off small bits of data to gain through aggregation.
|
Salami attacks
|
|
Attacks that exploit differences between the time a process verifies the access permissions of a security object and the time that the permissions are used.
|
Time of check/time of use (TOC/TOU)
|
|
Attacks that attempt to execute malicious code through the exploitation of buffers that do not have proper bounds checking.
|
Buffer overflow
|
|
A processor that can execute multiple instructions at the same time.
|
Superscalar.
|
|
A processor that can execute only one instruction at a time.
|
Scalar
|