Chapter 8: Principles of Security Models, Design, and Capabilities Flashcards
Subject vs Object
Subject makes request to access a resource (the object)
Transitive Trust
Concept that if A trusts B, and B trusts C, then A inherits trust of C through the transitive property
Serious security concern, may enable bypassing of restrictions or limitations
Employee using a web proxy to access a blocked site is an example
Closed System
Designed to work well with a NARROW range of other systems, generally all proprietary from same manufacturer. Potentially more secure
Open System
Designed using agreed upon industry standards to easily integrate with systems from other manufacturers using the same standards or that use compatible APIs (more attractive target)
API
Application Programming Interface
Defined set of instructions allowed between computing elements such as applications, services, networking, firmware and hardware.
Defines the types of requests that can be made, how they can be made, what form the data takes, authentication and encryption requirements
Fail Securely
Programmer codes in mechanisms to anticipate and defend against errors in order to avoid termination of execution
Fail Soft
Allowing a program to continue to operate after a component fails
Zero Trust
Security concept where nothing inside organization is automatically trusted. Each request for activity or access is assumed to be from an unknown and untrusted source until otherwise verified
Privacy by Design (PbD)
Guideline to integrate privacy protections into products during early design phase rather than tacking it on at the end of development
Confinement
Allows a process to read from and write to only certain memory locations and resources
Trusted Computing Base (TCB)
Design principle that is the combination of hardware, software, and controls that work together to form a trusted base to enforce security policy. Should be as small as possible so a detailed analysis can reasonably ensure the system meets design specifications and requirements
Separated from rest of information system by security perimeter
For TCB to communicate with the rest of the system, must create secure channels with strict standards
Trusted Shell
Allows subject to perform command line operations without risk to the TCB or subject
Reference Monitor
Access control enforcer for the TCB
Security Kernel
Collection of components in the TCB that work together to implement reference monitor functions. Mediates all resource access requests.
State Machine Model
Describes a system that is always secure no matter what state is is in. All state transitions must be evaluated
Information Flow Model
Focuses on controlling the flow of information- both direction of flow and type of flow. Only allows authorized information flows