• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

64 Cards in this Set

  • Front
  • Back
Specify how to control access to system resources
Security architecture
Trusted Computing Base
Hardware, firemware, and software component of a computer system that is responsible for ensuring the security policy is implement and the system is secure.
Trusted Computing Base
HW - processor
Firmware - OS protection
SW - Driver
Security perimeter
Imaginary line around the TCB that separates the trusted (interior) and untrusted (applications and other elements on the exterior) parts of a computer system
Computer Architecture Security and Design
1. Hardware design intiitiates system protection
2. Firemware or software development is implemented (controls elementary hardware)
3. Software protection is deigned
If the ? is not adequately designed, developed, and implemented, the RM will be unable to control access.
Process of building security into the various components is called
layered protection
Hardware architecture components
1. CPU
2. Primary Storage
3. Secondary Storage
4. Virtual memory
5. I/O devices
6. Computer bus
7. Drivers
Software Architecture
1. OS
2. Application
OS divides time among the programs - single processor
computing technique that enables a program to split itself into 2 or more concurrently running tasks
*parallel execution of multiple treads
Multithreading example
word doc - entering text and spellcheck
multiple processors, controlling all of te processors in such a way that the systems optimum performance is reached
software used on a hardware device to control their elementary functions

Distributed system architecture
# of computers are networked together and share application processes and data
Security model categories
Lattice model
Non-interface model
Information flow model
BLP Model
Biba Model
Harrison-Ruzzo-Ullman Model
Lattice model
used to implement mandatory access control (MACs) where data is classified or labeled and users are cleared for access
Non-interface model
created barriers so information can not leak between them
(page for info on Whitepages)
Information flow model
Controls the direction of data flow among the various security levels.

Useful for detecting covert channels (unauthorized data flows or communication paths)
BLP Model
Confidentiality - prohibits classified data from moving to a lower level.

No read up
No write down
Biba Model

No read down
No write up
extends Biba - transactions and separation of duties
creating and deleting objects, as well as the reading, grating, deleting, and transferring of access rights
Harrison-Ruzzo-Ullman Model
changing access rights and deleting subjects or objects
conflict of interest in a computer system
Trusted Computer Base (TCB) Vulnerabilities
Backdoor and Trapdoors
TOC/TOU - time of check/time of use
Race Condition
Buffer overflows
Uses a weakness in the TCB where acesses is granted at one point in time and used much later.
TOC/TOU - time of check/time of use
TCB weakness - Occurs when 2 processes need to access & modify info at the same time
Race Condition
Blue screen of death - firmware errors and driver errors, and operating system inefficiencies and errors
Protects the TCB
TCB Compromise
When a system fails, data recovery methods can be made a 2 levels
1. Trusted recovery
2. Untrusted recovery
Protection mechanism used in data recovery that ensures the security of a computer system that crashes or fails by recovering the security relevant elements in a trusted state.
Trusted recovery
1.Reboot in single user mode - with security protections enabled.
2. Recovering system files active at the crash point

Example of
Trusted recovery
Untrusted recovery
process that does not result in secure and trusted environments
Trusted recovery methods
1. Manual
2. Automatic
3. Recovery without errors (manual/automatic)
4. Recovery with limited errors
Security Mode types - Dedicated
Signed NDA - A
Proper Clearance - A
Formal access approval - A
Need to know - A
Security Mode types - System High
Signed NDA - A
Proper Clearance - A
Formal access approval - A
Need to know - S
Security Mode types - Compartmented
Signed NDA - A
Proper Clearance - A
Formal access approval - S
Need to know - S
Security Mode types - Multilevel
Signed NDA - A
Proper Clearance - S
Formal access approval - S
Need to know - Sb
System Assurance
1. system architecture provides anticipated security levels
2. appropriate safeguards remain n place
Trusted Computer System Evaluation Criteria - TCSEC
First attempt by the government at evaluation systems to ensure they fulfill the policy objectives
Evaluation criteria published in a book set called -

And the TSEC specs were in the
Rainbow series

*Orange Book
Trusted network Interpretation (TNI)
extended the TCSEC to include the secure participation in computer networks
*Red Book
Trusted Data Interpretation (TDI)
Extendeds to evaluation criteria for databases implementations
Database is evaluated as a standalone system.
*Purple book
TCSEC Objectives
1. Policy
2. Accountability
3. Assurance
3, Documentation
TCSEC - Policy
Mandatory security policy - implementing MAC
Discretionary security policy - implementing DAC
TCSEC - Accountability
Identification - requires unique identification
Authentication - requires authentication process
Auditing - logging of access attempts and activities
TCSEC - Assurance
Architecture, system integrity, security testing, design specs and verification,

Continual protection assurance - continual verification of the TCB
TCSEC - Documentation
Security features user's guide
Trusted facility manual
Test and design documentation
TCSEC Division and classes
A - Verified protection (design verification)
B - Mandatory protection (B3, B2, B1)
C - Discretionary protection (C2 & C1)
D - Minimal security (NA)
B - Mandatory protection - B3 - Labled security
B3 - Defines the security administrator, trusted recovery, monitoring and automatic notification
B - Mandatory protection- B2 - Structured protection -
B2 - Device lables and subject sensitivity labes, trusted path, SoD, covert channel analysis
B - Mandatory protection - B1- Labled security
B1 - Labls and MAC, process isolation, design specs and verification
C - Discretionary protection C2 - Discretionary protection
Audit trail protection, Object reuses control
C - Discretionary protection C1 - Controlled access
Discretionary resource protection
Info System Security Standards
2. Common Criteria
3. ISO 27002
Developed in Europe- Targets of Evaluation - functionality and assurance

Fn & En #s
Common Criteria
Developed in Europe, US, Canada - replace TCSEC and ITSEC

Protection profiles - Common used now

EAL7 is highest level
Software engineering institute - rate the quality of software. Looks at the process - how mature
ISO 27002
British standard *current international standard

details & controls
Risk evaluation
Acceptance of the risk
C&A - Certification & Accreditation
All systems used by the US gov must have
C&A phases
1. Establish level of security
2. Defining specific env. for use
3. Evaluating INDIVIDUAL system security
3. Evaluating NETWORK system security
5. Evaluating PHYSICAL system security
6. Compare evaluations to requirements
7. A[[roving the system
8. Evaluating and approve operation if changes occur