Flashcards in Domain 3 - Security Engineering Deck (177):
What is the simultaneous execution of more than one
application on a computer and is managed by the operating system.
This permits multiple concurrent tasks to be performed within a single process.
The use of more than one processor to increase computing power.
Similar to multitasking but takes place on mainframe systems and requires specific programming.
Processors that are capable of operating at only one security level at a time,
Single state processors
Processors that can simultaneously operate at multiple security levels.
What are the four security modes approved by the federal government for processing classified information.
Dedicated systems - require that all users have appropriate clearance, access permissions, and need to know for all information stored on the system.
System high mode - removes the need-to-know requirement.
Compartmented mode - removes the need-to-know requirement and the access permission requirement. Multilevel mode - removes all three requirements.
The two layered operating modes used by most modern processors.
User mode and Privileged mode
User applications operate in a limited instruction set environment
The operating system performs controlled operations
Nonvolatile memory that can't be written to by the end user or PC
Read only memory (ROM)
Similar to a ROM chip in functionality, but with one exception; special functionality
that allows an end user to burn in the chip’s contents later. However once it is burned in no further changes are possible
Programmable Read-Only Memory (PROM)
Memory chips that may be erased through the use of ultraviolet light and then can have new data written to
Erasable Programmable Read-Only Memory (EPROM)
Memory chips may be erased with electrical current and then have new data written to them.
Electronically Erasable Programmable Read-Only Memory (EEPROM)
Memory chips that are volatile and lose their contents when the computer is powered off.
Random Access Memory (RAM)
A limited amount of memory that is included in the CPU that provide it with directly accessible memory locations that the brain of the CPU, the arithmeticlogical unit (ALU), uses when performing calculations or processing instructions.
At the computer level, it contains the basic instructions needed to start a computer. It is also used to provide operating instructions in peripheral devices such as printers.
This ensures that individual processes can access only
their own data.
This creates different realms of security within a process and limits
communication between them.
This creates “black-box” interfaces for programmers to use without requiring knowledge of an algorithm’s or device’s inner workings.
This prevents data from being discovered or accessed by a subject by positioning it in a location that is not seen by the subject.
Enforces process isolation with physical controls.
The role of a _____ ______ is to inform and guide the design, development, implementation, testing, and maintenance of some particular system.
The popular term referring to a concept of computing where processing and storage are performed elsewhere over a network connection rather than locally. It is often thought of as Internet-based computing.
Typically designed around a limited set of specific functions in relation to the larger product of which it’s a component.
Applications, OSs, hardware sets, or networks that are confi gured for a specifi c need, capability, or function, and then set to remain unaltered.
Ensures that only a minimum number of processes are authorized to run in supervisory mode.
Principle of lease privilege
Any method that is used to pass information but that is not normally used for information.
This occurs when the programmer fails to check the size of input data prior to writing the data into a specific memory location.
Checking data before it is saved to a database
An engineering discipline concerned with the design and construction of computing systems at a logical level.
From a security standpoint, _____ _____ organize code and components in an operating system (as well as applications, utilities, or other code that runs under the operating system’s control) into concentric rings. The deeper inside the circle you go, the higher the privilege level associated with the code that occupies a specific ring.
This is not a memory addressing scheme perse but rather a way of referring to data that is supplied to the CPU as part of an instruction.
In this memory addressing scheme, the CPU is provided with an actual address of the memory location to access.
In this scheme the memory address supplied to the CPU as part of the instruction doesn’t contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address
This contains the operating system–independent primitive instructions that a computer needs to start up and load the operating system from disk.
Database attack where attacker collects details at lower level to determine information at a higher level.
Combining several pieces of nonsensitive information to gain access to information that should be classified at a higher level. Requires some level of deduction.
Facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures are all examples of what?
Administrative Physical security controls
Access controls, intrusion detection, alarms, CCTV, monitoring, HVAC, power supplies, and fire detection and suppression are all examples of what?
Technical physical security controls
Fencing, lighting, locks, construction materials, mantraps, dogs, and guards are all examples of what?
Physical controls for physical security
What are the key elements in making a site selection?
Visibility, composition of the surrounding area, area accessibility, and the effects of natural disasters.
What is the key element in designing a facility for construction?
Understanding the level of security needed by your
organization and planning for it before construction begins.
Name the three categories of security controls implemented to manage physical security
administrative, technical, and physical
Using someone else’s security ID to gain entry to a facility
Following someone through a secured gate or doorway without being identified or authorized personally.
Ideal temperature for a computer room
60 to 75 degrees Fahrenheit
Ideal Humidity for a computer room
between 40 and 60 percent
A systematic effort to identify relationships between mission-critical applications, processes, and operations and all the necessary supporting elements.
Critical path analysis
The tendency for various technologies, solutions, utilities, and systems to evolve and merge over time.
This clearly defines the response time a vendor will provide in the event of an equipment failure emergency.
service-level agreement (SLA)
The expected typical functional lifetime of the device given a specific operating environment.
mean time to failure (MTTF)
The average length of time required to perform a repair on the device.
mean time to repair (MTTR)
A box, mobile room, or entire building designed with an
external metal skin, often a wire mesh that fully surrounds an area on all sides (in other words, front, back, left, right, top, and bottom).
A momentary loss of power
A complete loss of power
Momentary low voltage
Prolonged low voltage
Momentary high voltage
Prolonged high voltage
An initial surge of power usually associated with connecting to a power source, whether primary or alternate/secondary
A steady interfering power disturbance or fluctuation
A short duration of line noise disturbance
Nonfluctuating pure power
The wire in an electrical circuit that is grounded
Class A fire extinguishers can be used on what? And what is the suppression material used?
Common combustibles; Water, soda acid (a dry powder
or liquid chemical)
Class B fire extinguishers can be used on what? And what is the suppression material used?
Liquids; CO2 , halon (or EPA approved halon substitue), soda acid
Class C fire extinguishers can be used on what? And what is the suppression material used?
Electrical; CO2 , halon (or EPA approved halon substitue)
Class D fire extinguishers can be used on what? And what is the suppression material used?
Metal; Dry powder
This suppression system is always full of water. Water
discharges immediately when suppression is triggered.
Wet Pipe System
This suppression system contains compressed air. Once suppression is triggered, the air escapes, opening a water valve that in turn causes the pipes to fill and discharge water into the environment.
dry pipe system
This suppression system is another form of dry pipe system that uses larger pipes and therefore delivers a significantly larger volume of water. They are inappropriate for environments that contain electronics and computers.
This suppression system is a combination dry pipe/wet pipe system. The system exists as a dry pipe until the initial stages of a fire (smoke, heat, and so on) are detected, and then the pipes are filled with water. The water is released only after the sprinkler head activation triggers are melted by sufficient heat. If the fire is quenched before sprinklers are triggered, pipes can be manually emptied and reset. This also allows manual intervention to stop the release of water before sprinkler triggering occurs.
The art of creating and implementing secret codes and ciphers.
The study of methods to defeat codes and ciphers.
Specific implementations of a code or cipher in hardware and Software.
What are the main goals of cryptography?
confidentiality, integrity, authentication, and nonrepudiation
Cryptosystems that use a shared secret key available to all users of the cryptosystem.
Symmetric Key Systems
Cryptosystems that use individual combinations of public and private keys for each user of the system.
Cryptographic systems of symbols that represent words or phrases and are sometimes secret but don’t always provide confidentiality.
These use a variety of techniques to alter and/or rearrange the characters or bits of a message to achieve confidentiality. They are always meant to hide the true meaning of a message.
Ciphers that use an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message.
Ciphers that use the encryption algorithm to replace each character or bit of the plaintext message with a different character.
In this cipher, the encryption key is as long as the message itself and is often chosen from a common book.
Running Key Ciphers
These ciphers operate on “chunks,” or blocks, of a message and apply the encryption algorithm to an entire message block at the same time.
These ciphers operate on one character or bit of a message (or data stream) at a time.
An extremely powerful type of substitution cipher. It uses a different substitution alphabet for each letter of the plaintext message.
This occurs when the relationship between the plain text and the key is so complicated that an attacker can’t merely continue altering the plain text and analyzing the resulting ciphertext to determine the key.
This occurs when a change in the plain text results in multiple changes spread throughout the ciphertext.
Mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values.
Boolean representation of AND operation
Boolean representation of OR operation
Boolean representation of NOT operation
Boolean representation of Exclusive OR operation. Most commonly used in cryptographic applications.
© (Looks similar to this symbol)
Returns a true value when only one of the input values is true. If both values are false or both values are true, the output is false.
XOR (Exclusive OR)
A random number that acts as a placeholder variable in mathematical functions. When the function is executed, it is replaced with a random number generated at the moment of processing for one-time use. It must be a unique number each time it is used.
A random bit string that is the same length as the block size and is XORed with the message. They are used to create unique ciphertext every time the same message is encrypted using the same key.
Initialization Vector (IV)
Prove your knowledge of a fact to a third party without revealing the fact itself to that third party. This is often done with passwords and other secret authenticators.
The information or privilege required to perform an operation is divided among multiple users. This ensures that no single person has sufficient privileges to compromise the security of the environment.
A way to measure the strength of a cryptography system by measuring the effort in terms of cost and/or time to decrypt messages. The security and protection offered by a cryptosystem is directly proportional to this value.
Work Function or work Factor
DES Operational Modes
• Electronic Codebook (ECB) – Least secure
• Cipher Block Chaining (CBC)
• Cipher Feedback (CFB) -
• Output Feedback (OFB) –
Uses three iterations of DES with 2 or 3 different keys to increase the effective key strength to 112 or 168.
3DES (Triple DES)
The US government standard for the secure exchange of sensitive but unclassifi ed data. It uses the Rijndael algorithm.
This system relies on pairs of keys assigned to each user of the cryptosystem. Every user maintains both a public key and a private key.
Public Key Cryptosystems
The most famous public key cryptosystem; it was developed by Rivest, Shamir, and Adleman in 1977. It depends on the difficulty of factoring the product of prime numbers.
An extension of the Diffie-Hellman key exchange algorithm that depends on modular arithmetic.
Algorithm depends on the elliptic curve discrete logarithm problem and provides more security than other algorithms when both are used with keys of the same length. Often used when hardware resources are low.
They take a potentially long message and generate a unique output value derived from the content of the message. This value is commonly referred to as the message digest.
This and its successors are government standard hash functions developed by the National Institute of Standards and Technology (NIST) and are specified in an official government publication.
Hashing algorithm that takes an input of virtually any length and produces a 160-bit message digest. The SHA-1 algorithm processes a message in 512-bit blocks. Therefore, if the message length is not a multiple of 512, the SHA algorithm pads the message with additional data until the length reaches the next highest multiple of 512.
Latest version of government standard hash functions. It supports variable length, ranging up to 512 bits.
A hash algorithm was developed by Ronald Rivest in 1989. It was later proved that it is not a one-way function. Therefore it should no longer be used.
Enhanced version of MD2 hashing algorithm. It processes 512-bit blocks of the message in three rounds of computation. The final output is a 128-bit message digest.
Latest version of MD2 algorithm. It uses four distinct rounds of computation to produce a digest of the same length as the MD2 and MD4 algorithms.
These are added to passwords before hashing them to reduce the effectiveness of rainbow table attacks.
These have two distinct goals: assure the recipient that the message truly came from the claimed sender and assure the recipient that the message was not altered while in transit between the sender and recipient.
First use a hashing function to generate a message digest. Then encrypt the digest with your private key. To verify the digital signature on a message, decrypt the signature with the sender’s public key and then compare the message digest to one you generate yourself. If they match, the message is authentic.
Digital Signatures Implementation
uses the SHA-1 and SHA-2 message digest functions along with the one of three encryption algorithms: the Digital Signature Algorithm (DSA); the Rivest, Shamir, Adleman (RSA) algorithm; or the Elliptic Curve DSA (ECDSA) algorithm.
Digital Signature Standard (DSS)
Certificate Authorities (CAs) generate digital certificates containing the public keys of system users. Users then distribute these certificates to people with whom they want to communicate. Certificate recipients verify a certificate using the CA’s public key.
Public Key Infrastructure (PKI)
These are the glue that binds the public key infrastructure together. These neutral organizations offer notarization services for digital certificates.
Certificate authorities (CAs)
These are maintained by the various certificate authorities and contain the serial numbers of certificates that have been issued by a CA and have been revoked along with the date and time the revocation went into effect.
Certificate revocation lists (CRLs)
This protocol eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.
Online Certificate Status Protocol (OCSP)
A protocol that has emerged as a de facto standard for encrypted email. It relies on the use of X.509 certificates for exchanging cryptographic keys. The public keys contained in these certificates are used for digital signatures and for the exchange of symmetric keys used for longer communications sessions.
Secure email system developed by Phil Zimmerman.
Pretty Good Privacy (PGP)
Based on SSL technology. It provides secure communications on the Internet.
Developed by Netscape to provide client/server encryption for web traffic. It relies on the exchange of server digital certificates to negotiate encryption/decryption parameters between the browser and the web server. Its goal is to create secure communications channels that remain open for an entire web browsing session.
A security architecture framework that supports secure communication over IP. It establishes a secure channel in either transport mode or tunnel mode. It can be used to establish direct communication between computers or to set up a VPN between networks. It uses two protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP).
Provides assurances of message integrity and nonrepudiation. It also provides authentication and access control and prevents replay attacks. Part of IPSec
Provides confidentiality and integrity of packet contents. It provides encryption and limited authentication and prevents replay attacks. Part of IPSec
Encapsulating Security Payload
In IPSec only packet contents are encrypted for peer-to-peer communication
In IPSec the entire packet, including header information, is encrypted for gateway-to-gateway communications
an attack that attempts every possible valid combination for a key or password. They involve using massive amounts of processing power to methodically guess the key used to secure cryptographic communications.
The attacker has a copy of the encrypted message along with the plaintext message used to generate the ciphertext (the copy). This knowledge greatly assists the attacker in breaking weaker codes.
Known Plaintext attacks
the attacker has the ability to encrypt plaintext messages of their choosing and can then analyze the ciphertext output of the encryption algorithm.
Chosen plaintext attacks
the attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion of the message to discover the key.
Chosen ciphertext attacks
Used to defeat encryption algorithms that use two rounds of encryption.
a malicious individual sits between two communicating parties and intercepts all communications (including the setup of the cryptographic session).
also known as a collision attack or reverse hash matching seeks to find flaws in the one-to-one nature of hashing functions. In this attack, the malicious individual seeks to substitute in a digitally signed communication a different message that produces the same message digest, thereby maintaining the validity of the original digital signature.
attack is used against cryptographic algorithms that don’t incorporate temporal protections. In this attack, the malicious individual intercepts an encrypted message between two parties (often a request for authentication) and then later “replays” the captured message to open a new session. This attack can be defeated by incorporating a time stamp and expiration period into each message.
These allow content owners to enforce restrictions on the use of their content by others. They commonly protect entertainment content, such as music, movies, and e-books but are occasionally found in the enterprise, protecting sensitive information stored in documents.
Digital rights management (DRM)
A system that is always secure no matter what state it is in. It ensures that all instances of subjects accessing objects are secure.
State Machine model
This model is focused on the flow of information. Designed to prevent unauthorized, insecure, or restricted information flow. Bell-LaPadula and Biba are both examples of this model.
Information Flow model
prevent the actions of subject A at a high level of security classification from affecting the system state at a lower level.
employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object.
a table of subjects and objects that indicates the actions or functions that each subject can perform on each object.
Access Control Matrix
subjects have a clearance level that allows them to access only those objects with the corresponding classification levels. Developed by the Department of Defense. It is focused on maintaining the confidentiality of objects. “No read up”. Concerned with confidentiality.
prevents subjects with lower security levels from writing to objects at higher security levels. “No Write Up”. Concerned with Integrity
Bell-LaPadula Simple Security Property
states that a subject may not read information at a higher sensitivity level (no read up).
Bell-LaPadula * Star Security Property
states that a subject may not write information to an object at a lower sensitivity level (no write down).
Bell-LaPadula Discretionary Security Property
states that the system uses an access matrix to enforce discretionary access control.
Biba Simple Security Property
states that a subject cannot read an object at a lower integrity level (no read-down).
Biba * star Security Property
states that a subject cannot modify an object at a higher integrity level (no write-up).
an integrity model that relies on auditing to ensure that unauthorized subjects cannot access objects and that authorized users access objects properly. It allows modifications through only a small set of programs.
also known as Chinese Wall. it creates a class of data that defines which security domains are potentially in conflict and prevents any subject with access to one domain that belongs to a specific conflict class from accessing any other domain that belongs to the same conflict class.
Brewer and Nash Model
the technical evaluation of each part of a computer system to assess its concordance with security standards.
is the process of formal acceptance of a certified configuration from a designated authority.
systems that are designed using industry standards and are usually easy to integrate with other open systems.
systems that are generally proprietary hardware and/or software. Their specifications are not normally published, and they are usually harder to integrate with other systems.
restricts a process to reading from and writing to certain memory locations. Also known as sandboxing.
the limits of memory a process cannot exceed when reading or writing. Also the area within which a process is confined or contained.
the mode a process runs in when it is confined through the use of memory bounds.
the user or process that makes a request to access a resource.
the resource a user or process wants to access.
use access rules to limit the access by a subject to an object. Also allows subjects to access only authorized objects. Primary goal is to ensure the confidentiality and integrity of data by disallowing unauthorized access by authorized or unauthorized subjects.
Static attributes of the subject and the object are considered to determine the permissibility of an access. Each subject possesses attributes that define its clearance, or authority, to access resources. Each object possesses attributes that define its classification.
Mandatory Access Controls
Allows the creator/owner of an object to grant access as he or she sees fit.
Provides access to resources based on profiles connected to a user’s role in an organization.
Role Based Access Control
Predefined rules state which subjects can access which objects. Often used in firewalls.
Rule-Based access control
Also known as the Rainbow Series.
Europe’s version of the Rainbow Series.
defines various levels of testing and confirmation of systems’ security capabilities, and the number of the level indicates what kind of testing and confirmation has been performed. Designed as a product evaluation model.
the combination of hardware, software, and controls that form a trusted base that enforces the security policy.
Trusted Computing Base (TCB)
is the imaginary boundary that separates the TCB from the rest of the system. TCB components communicate with non-TCB components using trusted paths.
is the logical part of the TCB that confirms whether a subject has the right to use a resource prior to granting access.
is the collection of the TCB components that implement the functionality of the reference monitor.
A cryptoprocessor chip on a motherboard that stores the encryption key that is used to encrypt the hard drive. This helps prevent hard drives being stolen from PC and the data accessed.
Trusted Platform Module (TPM)