| Terms |
Definitions |
|
simple
|
read
|
|
Back Door
|
Circumvent/bypass access control.
Rootkits, trojan, trapdoor/maintenance hook. {slide 79}
|
|
Orange Book A
|
Verification Protection
|
|
ITSEC
|
Europe. Evaluates functionality and assurance separately.
|
|
certification
|
comprehensive technical evaluation of the security components and their compliance for the purpose of accreditation
|
|
special registers
|
(dedicated registers),hold information such as the program counter, stack pointer, and program status word (PSW)
|
|
access triple
|
user, transformation procedure, constrained data item
Users cannot modify critical data (CDI) directly. Instead, the subject (user) must be authenticated to a piece of software, and the software procedures and (TPs) will carry out the operations on behalf of the user
|
|
alu
|
performs mathematical functions and logical operations on data. can be thought of as the brain of the cpu and the cpu as the brain of the computer
|
|
Ring 2
|
I/O drivers and utilities
|
|
Red Book
|
Trust Network Interpretation (TNI). Addition to orange book (TCSEC) for network systems
|
|
classifications
|
security label defining an object's permissions
|
|
register
|
temporary storage location that points to memory location for next instructions to be processed and keeps status information for the cpu - ensures that a process only interacts with its assigned memory segment
|
|
processes
|
applications work as individual units called ____. these are a set of instructions and the assigned resources that are actually running. A program is not considered a _____ until it it is loaded into memory.
|
|
non-interference model
|
multi-level (prevents high to low)security concept implemented to ensure actions take place at a higher security level do not affect, or interfere, with actions that take place at a lower level
different security domains are isolated - prevents existence of covert chanels
|
|
The biggest difference between System High Security Mode and Dedicated Security Mode is:
|
Need-to-know
|
|
EPL
|
List of products that have been evaluated for ISO/IEC 15408 (CC)
|
|
Trojan
|
Software that looks like one thing, but has malicious intent. {slide 79}
|
|
TCSEC
|
Developed by NCSC for DOD. Stand-alone mode. Orange Book. Based on Bell-LaPadula model. (confidentiality but not integrity or availability)
|
|
enterprise security architecture
|
architecture defines the information security strategy that consists of layers of policy, standards, solutions, and procedures and the way they are linked across an enterprise strategically, tactically, and operationally
|
|
virtual memory
|
secondary storage space combine with ram. swap space is the reserved hdd space used to extend ram capabilities.
|
|
general registers
|
hold variables and temporary results as the alu works through its execution steps
|
|
Zachman Framework
|
provides 6 frameworks for enterprise architecture in regards to information security. asks: what, how, where, who, when, and why and maps them across rules for the planner, owner, designer, builder, programmer, and user
the mappings are then displayed in a matrix
|
|
multi-level security mode
|
stores objects of differing sensitivity labels, and allows system access by subjects with differing clearances. The reference monitor mediates access between subjects and objects
permits two or more classification levels of information to be processed at the same time when not all of the users have the clearance or formal approval to access all the information being processed by the system
|
|
security kernel
|
hardware, software, and firmware that enforces access control (the reference monitor's rules)
|
|
Polyinstantiation permits a database to have two records that are identical except
|
for Their classifications
|
|
Ring 1
|
Remaining parts of the operating system
|
|
Which increases the performance in a computer by overlapping the steps of different instructions?
|
Pipelining
|
|
Covert Timing Channel
|
A process relays information to another process by modulating its use of system resources {pp 345-346 - Slide 77}
|
|
Brewer Nash
|
also called the Chinese wall, created to provide access controls that can change dynamically depending upon a user's previous actions. The main goal is to protect against conflicts of interest by user's access attempts
Very common in situations when companies work together. CoIs must be identified so that once a consultant gains access to a CoI they cannot read or write to an opposing CoI
|
|
compartmented security mode
|
all subjects accesssing the system have the necessary clearance but do not have the appropriate formal access approval nor the need to know for all the information found on the system.
objects are placed into compartments and require formal (system-enforced) need to know access
|
|
d
|
evaluate but fail to meet the criteria requiremente
|
|
time multiplexing
|
allows processes to use the same resources. means that there are several data sources and the individual data pieces are piped into one communication
|
|
take grant model
|
contains rules which govern the interactions between subjects and objects, and permissions subjects can grant to other subjects
rules include: take, grant, create, remove; displayed on a graph to demonstrate the access rights betwen subjects and objects
|
|
stack
|
a data structure in memory that the process can read from and write to in lifo fashion
|
|
* property rule
|
bell lapadula, sibject cannot write information to a lower security level (no write down)
|
|
A mechanism that ensures the authorized access relationships between subjects and objects is known as:
|
The reference monitor.
|
|
B2 - Structured Protection requires
|
More stringent authentication mechanisms and well-defined interfaces among layers.
|
|
Which uses Protection Profiles and Security Targets?
|
International Standard 15408
|
|
Which addresses a portion of the primary memory by specifying the actual address of the memory location?
|
Direct Addressing
|
|
Elements of ISO/IEC 15408 (CC)
|
Protection Profile (description of need)
Target of Evaluation (proposed product)
Security Target (vendor explanation of funcion and assurance needed to meet the profile)
Evaluation Ratings from EAL1 - EAL7.
|
|
protection profiles
|
the common criteria uses these it its evaluation profile to describe the environmental assumptions, the objectives, and the functional and assurance level expectations
|
|
well formed transaction
|
a series of operations that are carried out to transfer the data from one consistent state to another.
|
|
stack pointer
|
where the cpu is in terms of processing the information that is lined up
|
|
trusted network interpretation
|
TNI, Red Book, TCSEC book for evaluation of networks and network components
|
|
orange book
|
founded on Bell LaPadula Model, the US DoD developed the Trusted Computer System Evaluation Criteria (color of the cover was orange)
addresses confidentiality but not integrity
|
|
What access control technique is also known as multilevel security?
|
Mandatory access control
|
|
Reduced Instruction Set Computers (RISC) involve
|
Simpler instructions that require fewer clock cycles to execute.
|
|
Examples of Layered Operating Systems
|
THE (Technische Hogeschool Eindhoven), VAX/VMS, Multics and Unix . "THE and Multics are no longer in use
|
|
What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access?
|
Bell-LaPadula Model
|
|
When a computer uses more than one CPU in parallel to execute instructions is known as?
|
Multiprocessing
|
|
An abstract machine which must mediate all access to subjects to objects, be protected from modification, be verifiable as correct, and is always invoked
|
The reference monitor
|
|
A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
|
Overt channel
|
|
B3 - Rating
|
They type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
|
|
When the RAM and secondary storage are combined the result is
|
Virtual Memory
|
|
orange book's main topics
|
security policy: the policy must be explicit and enforced
identification: subjects must be uniquely identified
labels: access control labels must be associated properly with objects
documentation: must be provided (incl. test, design, specs, user guide, etc)
continuous protection: security mechanisms of the system as a whole must continue predictable and acceptable performance
|
|
ITSEC ratings
|
e0 - inadequate (compares to d), e6 - formal model of security policy, fb3 e6 = a1
|
|
evaluation assurance level
|
eal 1 - functionally tested
eal 2 - structurally tested
eal 3 and 4 - "methodically"
eal 5 and 6 - "semi formal"
eal 7 - formally verified (mathematically proven)
|
|
B2 rating is for?
|
The type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
|
|
Orange Book - B3
|
B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
|
|
The reference monitor must mediate
|
all access, be protected from modification, be verifiable as correct, and must always be invoked.
|
|
A Thread
|
A thread is a portion of a process. When the thread is generated, it shares the same domain(resources) as its process.
|
|
Accountability - Orange Book
|
Audit data must be captured and protected to enforce accountability
|
|
Real storage is another word for
|
Primary storage and distinguishes physical memory from virtual memory.
|
|
how a register controls a processes interaction with memory
|
base (beginning memory address assigned) and limit (ending memory address assigned) registers
|
|
The Thread (memory Management) contains
|
An Address of where the instruction and dara reside that need to be processed.
|
|
Succesfully Evaluated products are placed on?
|
The Evaluated Products List (EPL) with their corresponding rating
|
|
TCSEC provides a means to evaluate
|
The trustworthiness of an information system
|
|
Division B - Mandatory Protection Architecture is based on
|
The Bell-LaPadula Security model, and evidence of reference monitor enforcement must be available.
|
|
Buffer overflows occurs when
|
A program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.
|
|
Classifications of TCSEC
|
A, B3, B2, B1, C2, C1, D in this order. Greater security functionality isn't necessarily indicated by the grading. Grading represents assurance or confidence in the product.
|
|
In both the Bell-LaPadula and Biba Models if the word "Simple is used
|
The rule is talking about "Reading"
|
|
The Simple Security rule is refered to as
|
the "No read Up" rule
|
|
Reference Monitor is responsible for
|
Access control to the objects by the subjects it compares the security labels of a subject and an object
|
|
The security kernel is the mechanism
|
That enforces the rules of the reference monitor concept.
|
|
The reference monitor is an access control concept
|
Referring to an abstract machine that mediates all accesses to objects by subjects based on information in an access control database.
|
|
What is necessary for a subject to have read access to an object in a Multi-Level Security Policy?
|
The subject's sensitivity label must dominate the object's sensitivity label.
|
|
When a vendor submits a product for evaluation, it submits it to the
|
The National Computer Security Center (NCSC)
|
|
In B2 Subjects and devices requre labels and
|
The system must NOT allow covert channels. No Trapdoors exists.
|
|
The Simple Security Property states that
|
A subject at a given clearance may not read an object at a higher classification
|
|
The Biba Model - Simple Integrity Axiom
|
A subject cannot read data from a lower Integrity level " No Read Down"
|
|
Which Orange Book evaluation level is described as "Controlled Access Protection"?
|
C2 - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when subjects request access to objects.
|
|
In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in
|
B2 the Security Policy is clearly defined and documented, and the system design and implementation are subject to more thorough review and testing procedures.
|
