8836 Assurance in trusted OS Flashcards
What are ways to actually demonstrate the security of an operating system?
Testing, Formal verification, and informal validation.
What was M-o-o-t designed to combat?
Moot keeps the government at bay by carrying separation to the extreme. I was designed in response to U.K. Regulation of Investigatory Powers Act(RIPA).
What is the largest single source of Operating system vulnerabilities?
I/O processing is the largest single source of Operating systems vulnerabilities.
How does an ambiguity in access policy lead to weekness?
On one hand we want to seperate users and protect their individual resources. On the other hand users depend on shared libraries and utilities. The distinction between isolation and seperation is not always clear .
What are the levels of evaluation in the Orange book and what do they mean?
D. Minimal protection
C1. Discrentionary Security Protection
C2. Controlled Access Protection
B1. Labeled Secruity Protection
B2. Structured Protection
B3. Security Domains
A1. Verified design
According to Lawton what are the additional benefits of open source?
Cost: Source code is available to the public.
Quailty: the code can be analyzed.
Support: as the public finds they can propose and fix.
Extensibility: public can extend code for additional functionality.
What is Validation when it comes to security assurance?
Requirements checking: Cross check each requirement against the source code or runtime.
Design and code reviews: Rigourous, review of design and code components.
System testing: Build tests to check the system, Data expected from reading reqs can be checked.
Formal verification
Testing the results to verify the correctness of the functionality and the system.
Penetration testing
Security experts try to crack the system being tested using tool kits to exploit weak spots. Does not garuntee the system is fault free. Should be done in real world conditions on a running system.
What are the primary differences between the German green book and the TSEC “Orange” book?
The Germans added Error recovery, continuity of service, and data communication security. The Germans had a grid of verification Functionality1-10 and Q0-7 producing 80 possible security evaluations.
What is ITSEC?
Preserved the German functionality classes but allowed for the more stringent claims language of the British.
How does ITSEC compare to the US TCSEC?
ITSEC has, new functionality requirements surpasses TCSEC, Allows low assurance or High assurance products, Allows evaulations of any kind of product. Subject to market forces.
Disadvantages: complicates choice, requires users to decide level needed, some functionality requires high assurance but doesn’t garuntee it, gov doesn’t have direct control.
What happend to the combined federal criteria?
The US joined forces with Europe and Canada and published the Common Criteria.
In the Orange book how are threats characterized?
Penetration, malicious code, and subversion.
According to the Orange book what is penetration?
Using user permissions to obtain additional access to resources or data.
