Flashcards in Chapter 11: Principles of Security Models, Design, and Capabilities Deck (54):
In information security, what is the purpose of a model?
It provides a way to formalize security policies.
What is the Trusted Computing Base, or TCB?
From the "Orange Book", a combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy.
It's the only portion of a computer system that can be trusted to adhere to and enforce the security policy.
What is the security perimeter of a system?
An imaginary boundary that separates the TCB from the rest of the system.
What is a trusted path?
A secure channel created from the TCB to the rest of the system.
What is a reference monitor or kernel?
The part of the TCB that validates access to every resource prior to granting access requests.
What is the State Machine Model?
It describes a system that is always secure no matter what state it is in.
What is the Information Flow Model?
A model that focuses on the flow of information. Based on a state machine model. Designed to prevent unauthorized, insecure, or restricted information flow, often between different levels of security.
What is a Noninterference Model?
Loosely based on the Information Flow Model. Basically concerned with insuring that actions at a higher security level don't affect anything at lower security model to avoid allowing objects or users at a lower security state from making inferences about the higher security state.
What is the Take-Grant model?
A model that employs a directed graph to distate how rights can be passed from one subject to another or from a subject to an object.
What is an Access Control Matrix?
A table of subjects and objects that indicate the actions or functions that each subject can perform on each object. Each column is an ACL. Each row is a capabilities list.
What is involved in constructing an ACL?
Implementing an environment that can create and manage lists of subjects and objects
Crafting a function that can return the type associated with an object
What is the Bell-LaPadula model?
A multilevel model that's usually limited to unclassified, sensitive but unclassified, confidential, secret, and top-secret. A subject with any level of clearance can access resources at or below its clearance level, but at the higher levels, need to know applies.
What is the Simple Security Property?
A subject may not read information at a higher sensitivity level (no read up)
What is the * (star) Security Property?
A subject may not write information to an object a alower sensitivity level (no write down). AKA the confinement property.
What is the Discretionary Security Property
The system uses an access matrix to enforce discretionary access control.
Of the CIA triad, what does Bell-LaPadula address?
Only confidentiality. It does nothing for Integrity or Availability.
What three issues does the Biba model address?
Prevent modification of objects by unauthorized subjects
Prevent unauthorized modifications of objects by authorized subjects
Protect internal and external object consistency.
Biba provides integrity where Bell-LaPadula does not.
What is the Clark-Wilson Model?
Defines each data item and allows modifications only through a small set of programs. Subjects don't have direct access to objects. Objects can only be accessed by programs. If you aren't supposed to access the object, you aren't given access to the program.
What is the Brewer and Nash Model?
AKA Chinese Wall.
What is a subject?
A user or process that makes a request to access a resource.
What is an object?
The resource a user or process accesses.
What is a closed system?
One designed to work well with a narrow range of other systems, genrally all from the same manufacturere.
What is an open system?
Designed using agreed-upon industry standards. EAsier to integrate with systems from different manufacturers that support the same standards.
What techniques exist for ensuring Confidentiality, Integrity, and Availability?
Confinement, bounds, isolation
What is confinement?
Restricting a process to read and write to only certain memory locations and regions.
What are bounds?
Assigning each process on the system an authority level which tells the OS how to set bounds for the processess. The bounds consist of limits set on memory adresses and resources the process can access.
What is isolation?
Enforcing access bounds to cause confinement.
What is a security control?
Something that uses access rules to limit the access of a subject to an object.
What is a trusted system?
One in which all protection mechanisms work together to protect sensitive data for many types of users while maintaining a stable and secure computing environment.
What is assurance?
The degree of confidence in satisfaction of security needs.
What are the two steps in formal system evaluation?
The system is tested and a technical evaluation is performed to make sure the system's security capabilties meet criteria laid out for its intended use.
The system is subejcted to a formal comparision of its deisgn and security criteria and its actual capabilities and performance.
What are the four major TCSEC categories?
Cat A: Verified protection (highest level)
Cat B: Mandatory Protection
Cat C: Discretionary Protection
Cat D: Minimal protection.
What are the discretionary protection categories?
C1: Discretionary Security Protection. Controls access by user IDs and/or groups. Weak protection
C2: Controlled access protection: Users must be individually identified. Media cleansing is enforced. Requires strict login procedures so that invalid or unauthorized users are refused.
What are the mandatory protection categoreis?
B1: Labelled security. Each subject and object has a security label. Sufficient for classified data.
B2: Structured protection: Like B1, but B2 systems must ensure that no covert channels exist. Operator and administrator functions are separated. Process isolation.
B3: Security domains: Sufficient for very sensitive or secret data.
What is the Red Book?
Interprets TCSEC in network setting. Rates confidentiality and integrity, addresses communications integrity, DoS protection, compromise protection and prevention, limited to networks labeled as "centralized networks with a single accreditation authority", uses only four rating levels: none, C1, C2, B2.
What is the Green Book?
DoD Password Management Guidelines.
What are the objectives of the Common Criteria guidelines?
1. Add buyer confidence in security of evaluated, rated IT products
2. Eliminate duplicate evaluations
3. Keep making security evaluations more cost effective and efficient
4. Make sure evaluations of IT products adhere to high and consistent standards
5. Promote evaluation and increase availability of evaluated, rated IT products
6. Evaluate the functionality of the TOE
What are protection profiles?
A profile that specifies for a product the security requirements and protections desired by a customer.
What is a security target?
The claims of security from the vendor that are built into a TOE.
What is a TOE?
Target of Evaluation
What is a package in the Common Criteria?
An intermediate grouping of security requirement components that can be added or removed from a TOE.
What are the three topical areas of the Common Criteria?
1. Introduction and General Model
2. Security Functional Requirements
3. Security Assurance
What is Part 1 of the Common Criteria guidelines?
Describes the general concepts and underlying model used to evaluate IT security and what's involved in specifying targets of evaluation.
What is Part 2 of the Common Criteria guidelines?
Security Functional Requirements. Describes various functional requirements in terms of security audits, communications security, cryptographic support for security, user data protetion, identification and authentication, security management, TOE security functions, resource utilization, system access, and trusted paths.
What is Part 3 of the Common Criteria guidelines?
Security Assurance. Assurance requirements for TOEs in the areas of configuration management, delivery and operation, development, guideance documents, and life cycle support plus assurance testss and vulnerability assessments.
What are EALs?
Evaluation Assurance Levels in the Common Criteria. There are 7.
List the EALs.
EAL1: Functionally tested
EAL2: Structurally tested
EAL3: Methodically tested and checked
EAL4: Mehodically designed, tested, and reviewed
EAL5: Semi-formally designed and tested
EAL6: Semi-formally verified, designed, and tested
EAL7: Formally verified, designed, and tested.
What is PCI-DSS?
A collection of requirements for improving the security of electronic payments, defined by the PCI Security Standards Council (primarily banks and credit card companies).
Defines requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures.
What is certification?
The comprehensive evaluation of the technical and nontechnical security features of an IT system and other safeguards made in support of the accreditation process to establish the extent to which a particular design and implementation meeds a set of specified security standards.
This is the first phase in a total evaluation process.
What is accreditation?
The formal declaration by the designated approving authority that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
What is DITSCAP?
The Defense Information Technology Security Certification and Accreditation Process.
What is NIACAP
National Information Assurance Certification and Accreditation Process
What phases are DITSCAP and NIACAP divided into?
Definition, verification, validation, post-accreditation.