Chapter 9 - Security Concepts Flashcards

1
Q

Confidentiality

A

This concept refers to the protection of systems and data so that only authorised subjects are permitted to access them. Depending on the context, there are several different types of controls to ensure confidentiality. Preventive controls include
userids and passwords, firewalls, intrusion prevention systems, data leakage prevention systems, and encryption. Detective controls include access logs and video surveillance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Integrity

A

This concept refers to the protection of systems and data so that only authorised changes may be made to them. Preservation of integrity means that systems
can be counted on to provide reliable information that will not be questioned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Availability

A

This concept refers to the resilience of systems so that they will be
available when needed, even when considering scenarios such as hardware failure and
disasters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security Models

A

There are two important terms used in discussions of security models.

  • Subjects: These are usually people who use a system. In cases of system-to-system communication, a subject can also be another system, or a process running on another
    system.
  • Objects. These are the systems, data, or other resources that someone wants to access.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

NRU

A

No Read-Up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

NWD

A

No Write-Down

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NRD

A

No Read-Down

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

NWU

A

No Write-Up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

UDI

A

Unconstrained Data Items

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CDI

A

Constrained Data Items

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Access Matrix

A

An access matrix security model consists of a two-dimensional matrix that defines which subjects are permitted to access which objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

MAC

A

Mandatory Access Control (MAC) describes a system (such as an operating system) that controls access to resources. When a subject
requests access to an object, the system examines the subject’s identity and access rights together with the access permissions associated with the object. The system will permit or deny the requested access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

DAC

A

In the discretionary access control model, the owner of an object controls who and what may access it. DAC is so named because permission to access an object is made at its owner’s discretion.
DAC is common in information systems where owners of files, directories, web pages, and
other objects can set access permissions on their own, to control which users or groups of
users may access their objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

RBAC

A

Role-Based Access Control is usually used to simplify the task of managing user rights in a complex system that contains many objects and users.

Instead of managing the access rights of individual users, an RBAC system relies on the existence of roles, which contain collections of allowed accesses. Each subject is then assigned to one of the established roles, and each subject then inherits the rights defined by the role to which the user is assigned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Non-Interference

A

A user with low clearance can-
not gain any knowledge of any activities performed by high-clearance users. The term non-interference means that activities performed by a user with high clearance will not interfere
with any activities performed by a user with low clearance, thus providing information about the activities of the high-level clearance user to the low-level user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Information Flow

A

Information flow models are based upon the flow of information rather than upon access
controls. Objects are assigned to a class or level of security, and the flow of these objects is
controlled by a security policy that specifies where objects of various levels are permitted to
flow.