Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
26 Cards in this Set
- Front
- Back
Authorization
|
is concerned with restriction on the actions of the authenticated users.
|
|
Trusted Computing System Evaluation Criteria (TCSEC): The Orange Book
|
One of a series of related books developed under NSA. Each book had different colored cover and collectively known as rainbow series.
Orange book primarily deals with system evaluation and certification and multilevel security. Today book is of little relevance. Book served to stunt growth of info security by focusing time and resources on impractical aspects of security. Book intended to provide a way to assess the security of existing products and to provide guidance on how to build more secure products. |
|
The Common Criteria
|
Orange Book superseded by this book.
International govt sponsered standard for certifying security products. |
|
Common Criteria certification
|
Yields an Evaluation Assurance Level (EAL) with rating from 1-7.
Higher the number the "better" but higher is not always more secure. Usual minimum required to sell to the government = EAL4 |
|
Lampson's Access Control Matrix
|
Contains all relevant info needed by an operating system to make decisions about which users are allowed to do what with the various system resources.
Has a row for every subject (user of a system) and a column for every object (system resource) |
|
Two fundemental constructs in the field of authorization
|
To obtain acceptable performance, the matrix can be partitioned into more manageable pieces. Two ways to split:
Access control lists (ACLs) and capabilities (C lists) |
|
Access control lists (ACLs)
|
Split matrix into columns and store each column with corresponding object.
Column of ACM would be consulted to see whether operation is allowed. |
|
Capabilities
|
Store matrix by row, where each row is stored with its corresponding subject. Consult row of subject to see if operation is allowed.
|
|
US Dept of Defense employs four levels of classifications and clearances
|
TOP SECRET
SECRET CONFIDENTIAL UNCLASSIFIED |
|
Multilevel Security Models
|
Needed when subjects and objects at different levels use the same system resources.
Purpose is to enforce access control by restricting subjects so they can only access objects for which they have the necessary clearance. |
|
Covert Channels
|
Communication path not intended as such by the systems designers.
Exist in many situations but are particularly prevalent in networks. Virtually impossible to eliminate, so emphasis is on limiting capacity of channels. |
|
3 things required for a covert channel to exist
|
1. Sender and receiver must have access to a shared resource
2. Sender must be able to vary some property of the shared resource that the receiver can observe. 2. Sender and receiver must be able to synchronize their communication |
|
Inference Control
|
To prevent responses to general questions from leaking specific information/minimize leakage.
Strong inference control may be impossible to achieve but employing some is better than none |
|
Techniques used in inference control
|
Query set size control: no response is returned if the size of the set is too small.
N respondent, 1% dominance rule: data not released if k% or more of the result is contributed by N or fewer subjects. Randomization: Small amount of random noise is added to the data. |
|
CAPTCHA
|
"Completely automated public Turing test to tell computers and humans apart"
Humans can pass but a computer can't pass with a probability better than guessing. Can generate and grade tests that itself cannot pass. Inverse Turing test Can be viewed as a form of access control |
|
Turing Test: Alan Turing 1950
|
Human asks questions to a human and a computer. Questioner doesn't know which is which. Goal is to distinguish human from computer based on questions and answers. If questioner can't solve puzzle with probability better than guessing, computer passes Turing Test.
Gold Standard in artificial intelligence and no computer has passed. |
|
Firewalls
|
Examines requests for access to your network and decides whether they pass a reasonableness test. If so they are allowed through if not they are refused.
|
|
Three types of firewalls
|
1. Packet filter: operates at network layer
2. Stateful packet filter: lives at transport layer 3. Application proxy: operates at application layer where it functions as a proxy |
|
Packet filter firewall
|
Examines packets up to the network layer. As a result this type of firewall can only filter packets based on the information that is available at the network layer.
Adv: Efficiency Disadv: No concept of state so each packet is treated independently of all others. Blind to application data. |
|
Stateful Packet Filter
|
Adds state to a packet filter firewall. Firewall keeps track of TCP connections and it can remember UDP connections as well.
Adv: In addition to packet filter features, keeps track of ongoing connection. Disadv: cannot examine application data and is slower than packet filtering firewall. |
|
Application proxy
|
Processes incoming packets all the way up to the application layer. Firewall, acting on your behalf, then able to verify that the packet appears to be legit and the data inside is safe.
Adv: complete view of connections and application data. Able to filter bad data at application layer while also filtering bad packets at transport layer. Disadv: Lack of speed |
|
Intrusion Detection Systems (IDS) and Intrusion response
|
When intrusion prevention fails. Purpose is to detect attacks before, during, and after they occur. Basic approach is to look for unusual activity.
Intrusion response: once an intrusion is detected, we want to respond to it. Not always straightforward. |
|
Two approaches to intrusion detection
|
Signature based IDS and Anomaly based IDS
|
|
Signature based IDS
|
Detect attacks based on specific known signatures or patterns.
Ex: multiple failed logins Adv: Simplicity, efficiency, excellent ability to detect known attacks. Disadv: signature file must be current, and system can only detect known attacks |
|
Anomaly based IDS
|
Attempt to define a baseline of normal behavior and provide a warning whenever system strays too far from this baseline
Challenge: Define normal. Definition must adapt as system usage changes. Difficult statistical thresholding issues involved. |
|
Two basic architectures for IDS
|
Host based IDS: Apply detection methods to activity that occurs on hosts. Have little or no view of network activities.
Network based IDS: Apply detection methods to network traffic. Designed to detect DDoS attacks, port scans, etc. Have little or no direct view of host-based attacks. |