History of Computer Security Flashcards

1
Q

what are the common themes of computer security?

A
  • memory protection
  • authentication and authorization
  • threat detection and modelling
  • countermeasures
  • Linux commands
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What was the main development in the 40s?

A

the first electronic computers, built from vacuum tubes or relays

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what were the security issues of the 40s?

A

secrecy was paramount, there were a small group of trusted operators whose values aligned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 3 biggest developments of the 50s?

A
  • General purpose machines,
  • Von Neumann machines,
  • Commercial computing,
  • IBM 700 series
  • Batch processing,
  • Early traces of OS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What changed about security with the introduction of Von Neumann machines?

A

Rogue programs can now overwrite data and code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What were 3 security issues that were relevant in the 50s?

A
  • no user authentication
  • operators had to be trusted
  • diminished sense of secrecy and value alignment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What operating systems were released in the 60s?

A

Multics (designed with security in mind)

Unix (then: UNICS), a stripped down version of Multics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What 2 reports were published in the 60s?

A

The Ware Report and the Rand Report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What categories of threats did the Ware report identify?

A
  • files
  • enables by lack of or weak access control
  • leading to subversion of the monitor
  • unauthorized use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the Origin of Trusted Computing Base idea?

A

Critical security functions (in particular the software handling the “interrupts” that transfer control from user programs to the monitor) should be embedded
in relatively small amounts of code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What did the ware report cause?

A

The start of the Rand report task force

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What requirements did the Rand report identify?

A

Central processor must provide some or all of the following mechanisms:

  • user/process/memory isolation
  • supervisory software protection
  • hardware controlled supervisor states
  • assurance against unanticipated conditions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What was the 70s the age of?

A

The Mainframe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What happened in the 70s for security for military and classified applications?

A
  • the Anderson report
  • Multi-Level Security (MLS)
  • Bell LaPadula model
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What happened in the 70s for security for non-classified but sensitive applications?

A
  • public research on cryptography
  • privacy legislation
  • statistical database security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What was the Anderson report?

A

a panel installed by the USAF to investigate solutions

17
Q

what were the 3 types of security violations defined by the Anderson report?

A

confidentiality, integrity, availability

18
Q

what are the 2 main technical contributions of the Anderson report?

A

formal security models and access control

19
Q

Define Access Control Mechanism

A

Hardware, software, and procedural checks that validate a user’s rights

20
Q

Define Reference Monitor

A

The notion that all references by any program to nay program, data, or device are validated against a list of authorized types of reference based on user and/or program function.

21
Q

Define Reference Validation Mechanism

A

the combination of hardware and software that implements the reference monitor concept. Also referred to as security kernel.

22
Q

What are the requirements for reference validation mechanisms?

A
  1. tamper proof - impossible to tamper with the mechanism
  2. completeness - mechanism must always be invoked
  3. verifiability - mechanism must be small enough to be subject to analysis and tests, the completeness of which can be assured.
23
Q

What are the 8 Saltzer and Schroeder Principles?

A
  1. Economy of mechanism
  2. fail - safe defaults
  3. complete mediation
  4. open design
  5. least privilege
  6. least common mechanism
  7. separation of privilege
  8. ease of use
24
Q

What were the 80s the age of?

A

The PC

25
Q

What was the first computer virus?

A

Brain (1986)

26
Q

What 6 vulnerability axes did Bishop propose?

A
  • nature
  • time of introduction
  • exploitation domain
  • effect domain
  • minimum number
  • source
27
Q

What were the security issues of the 90s?

A
  • crypto wars
  • popularization of buffer overflow attacks
  • java as a network-centred language
  • trusted computing, DRM
28
Q

What were the security issues of the 2000s?

A
  • e-commerce has evolved without PKIs
  • problems shifting from OS to applications
  • security controls moving to application layer
  • security of end systems managed by the user
29
Q

What are assets?

A

hardware, software, data, people, processes, reputation, etc. value is subjective and based on the owners perspective.

30
Q

What is the attack surface?

A

A conceptualization of how you can be attacked. “all entry points available to the attacker”