Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
18 Cards in this Set
- Front
- Back
|
state machine
|
This model describes the subjects, objects, and sequences in a system. The focus of this model is to capture the system's state and ensure its security.
|
|
|
Bell-LaPadula
|
Is a formal security model, is the mathematical model of a multilevel security policy. This model uses a lattice of security levels to determine whether a subject can access an object, based on the security clearance of the subject.
The goal of the security model is to prevent unauthorized access to information. |
|
|
simple security rule
|
also known as the no read up rule – states that a subject can't read data from a security level higher than the subject's security level
|
|
|
*-property
|
the no write down rule – states that a subject can't write data to a security level lower than the subject's security level
|
|
|
strong star property
|
rule states that a subject with read/write capabilities can perform read/write functions only at the subject's security level
|
|
|
Harrison-Ruzzo-Ullman
|
This model is similar to the Graham-Denning model and is made up of generic rights and a small set of commands.
Where it is different from the Graham-Denning model is in its concern with situations where subjects have to be prevented from gaining specific privileges. |
|
|
Biba
|
formal security model, uses a lattice of integrity levels. It's used most by commercial organizations for which the integrity of data is more important than data confidentiality.
The goal of this security model is to ensure that data doesn't flow from any integrity level to a higher integrity level. This is to prevent the corruption of data at the higher integrity levels. |
|
|
*-integrity axiom
|
, or no write up rule, specifies that a subject or process can't write data to an object at a higher integrity level
|
|
|
simple integrity axiom
|
, or no read down rule, specifies that a subject or process can't read data from a lower integrity level, and
|
|
|
invocation
|
this property specifies that a subject can't invoke another subject at a higher integrity level
|
|
|
Clark-Wilson
|
is an informal security model that separates data into high protection data called constrained data items, or CDIs, and low protection data called unconstrained data items, or UDIs.
To modify a CDI, the user has to execute a transformation procedure, or TP. To do this, the user requires authentication. No TP or authentication is required for modifying a UDI. |
|
|
Lipner
|
This model ensures both confidentiality and integrity by combining aspects of the Bell-LaPadula and Biba models with job functions.
It does this in one of two ways – using the confidentiality model of Bell-LaPadula, or using the Biba integrity model and Bell-LaPadula. |
|
|
access control matrix
|
security model. It consists of a matrix, with subjects in rows, objects in columns, and the access right of each subject recorded as an entry within the resulting grid.
|
|
|
Brewer & Nash
|
– also known as the Chinese Wall security model – provides access controls that change dynamically according to the user's previous actions, access requests, and authorizations.
The goal of this model is to prevent conflicts of interest from occurring because of a user's access attempts. To achieve this, it allows a subject to write to an object only if the subject can't read another object in another dataset. |
|
|
Graham-Denning
|
In this model, each subject is composed of a process and a domain, which is the set of rights, or constraints, controlling how the subject may access and manipulate objects. Subjects may also be objects at specific times. This model defines the commands that a subject can execute to securely create and delete an object, create and delete a subject, and provide read, grant, delete, and transfer access rights.
This model offers advantages over the Bell-LaPadula and Biba models by defining and modifying security and integrity ratings, and by protecting the transfer of the access rights process. |
|
|
information flow
|
This security model compartmentalizes data based on classification and the need to know. To access an object, a subject's clearance should dominate the object's classification and specify the need to know.
The goal of this model is to prevent the existence of covert channels in a system and so to secure the flow of information. The model also ensures that information always flows from a low security level to a high security level, and from a high integrity level to a low integrity level. A disadvantage is that controlling and securing the flow of information within a system is a complex task. |
|
|
Lattice
|
This security model consists of a set of objects constrained between the least upper bound and greatest lower bound values. The least upper bound is the value that defines the lowest level of object access rights granted to a subject. The greatest lower bound is the value that defines the maximum level of object access rights granted to a subject.
The goal of this model is to protect the confidentiality of an object and to allow access to it only by an authorized subject. |
|
|
Noninterference
|
This security model ensures that actions at higher security levels don't interfere with the actions at lower security levels. This helps ensure that data doesn't pass through covert or timing channels.
This model prevents covert channel and interference attacks. Interference attacks occur when the security level of data changes to a higher security level after a person has accessed data while the data was at the lower security level. A disadvantage of the model is that it's complex and difficult to design. |
