Chapter 3: Security Architecture & Engineering Flashcards
(44 cards)
Security model that helps specify & analyze integrity policies for computing systems.It focuses on preventing data corruption by faults or malicious intent.
Clark-Wilson Model
State transition system of com-
puter security policy. Describes a set of access control rules to ensure data integrity. Data and subjects are grouped into ordered levels of integrity.
Biba Model
State machine model used for enforcing access control in government and military applications. No clear distinction between protection & security.
Bell-LaPadula Model
AKA Chinese wall model, a security model that aims to prevent conflicts of interest by limiting access to sensitive information.
Brewer-Nash Model
What are the four stages of fire, for detection purposes?
Incipient, smoke, flame, heat
What is Haval ?
A hash algorithm
What are the three approved encryption algorithms for the Digital Signature Standard under FIPS 186-4?
DSA, RSA, ECDSA
(Digital Signature Alg.; Rivest, Shamir, Adleman; Elliptic Curve DSA)
State the Simple Integrity Property under the Biba Model.
An individual may not read a file classified at a lower security level than the individual’s security clearance.
What is SCADA ?
Supervisory Control and Data Acquisition
What is TPM ?
Trusted Platform Module. Hardware security technique. Stores an encryption key on a chip on the system motherboard.
What is TCB ?
Trusted Computing Base. The collection of all protection mechanisms related to security.
What is ESP in IPsec?
Encapsulating Security Payload. Provides confidentiality, authentication, and integrity.
What is AH in IPsec?
Authentication Header: Provides authentication and integrity.
What is IKE in IPsec?
Internet Key Exchange: Provides key management and Security Association (SA) management.
What are the first two Common Criteria Evaluation Assurance Levels (EAL) ?
EAL1: Functionally tested, with a minimal focus on security.
EAL2: Structurally tested, with basic security considerations.
What are the Common Criteria Evaluation Assurance Levels (EAL) 3 & 4?
EAL3: Methodically tested and checked, with moderate security assurance.
EAL4: Methodically designed, tested, and reviewed, with heightened security measures.
What are the Common Criteria Evaluation Assurance Levels (EAL) 5 through 7?
EAL5: Semi-formally designed & tested, w/med-to-high assurance.
EAL6: Semi-formally verified design & tested, w/med-to-high assurance.
EAL7: Formally verified design and tested, with high assurance.
What are the 7 principles of Privacy by Design ?
- Proactive, not reactive
- Privacy as the default setting
- Privacy embedded into design
- Full functionality - positive sum
- End-to-end security
- Visibility & transparency
- Respect for user privacy
What is Kerckhoff’s principle ?
A cryptographic system should be secure even if everything about the system, except the key, is public knowledge.
Explain Multistate .
Multistate systems are certified to handle data from different security classifications simultaneously.
Explain System High Mode .
For System High Mode, users must have security clearance & access approval for all info processed by the system, & need to know for at least some info.
What are the four System Security Modes ?
Dedicated, System High, Multilevel, and Partitioned (AKA Compartmented) are the four System Security Modes.
Differentiate Certification & Verification .
Certification validates security controls. Verification goes beyond to include testing and attestation by a trusted 3rd party.
What is TCSEC ?
Trusted Computer System Evaluation Criteria, AKA the EAL levels.
