Lecture 10: 11th October 2019 Flashcards
Security Models
What are Security Policies?
A set of rules and practices governing how a system
will manage and protect files with especial regard to sensitive data or code. Some companies will write a Security Policy document that defines the security (and safety) of the system. This can be considered as a legal
document if the company has an intrusion.
What are Reference Monitors?
The Reference Monitor is the mechanism or abstract concept as to how the access control policies are applied to a computer system.
What are Security Models?
A Security Model is the high-level description of the rules which security policies should implement. It is usually an overarching guide including the flow of information between subjects and resources, explicitly describing what entities are covered by the model. Some models may even include data structures or cryptographic specifications.
A model should outline possible threats, data access rules and who is a valid user. Some models enforce confidentiality, others integrity and others access.
What is the Military Model?
The most basic security model, in which there is a hierarchy or linear ordering of degrees of sensitivities
What are subjects?
People or processes who wish to access resources (objects)
What are relationships?
The rules defining what specific access subjects of given levels have to objects of levels (both grouped into classifications). Subjects can write to any level but only read at their level or lower.
What are partially ordered sets?
A set of elements in which at least some of the elements can be compared to each other with a binary relation.
What are partially ordered sets aka?
posets
What are reflexive comparisons?
Elements comparing themselves to themselves
What are transitive comparisons?
Where you chain relations; e.g. if a < b and b < c then a < c
What are anti-symmetric comparisons?
No 2 unique elements may precede each other: be related in both directions
if R(a, b) is true and a ≠ b, then R(b, a) must not hold if R(a, b) is true and R(b, a) is also true, then a = b
if a ≤ b and b ≤ a then a = b
How can lattices be formed from posets?
Build up nodes of classification levels; e.g. top secret, secret, etc applied to science (weapons development) and military (weapons deployment). Arrange in a tree-like graph from most to least access. Most will be top secret for science and military, then top-secret one and secret other, etc. Comparisons arise from comparing science and/or military clearance levels of users.
How does the PM, their top military general, and top scientific advisor illustrate partial order-based systems?
PM has top secret science and military clearance. General has top secret military but lower science clearance, and scientist has top secret science clearance but no military clearance.
What is domination?
Domination is a subject having higher access levels and indicating the direction of information flow. Those with higher access levels, closer to the root, dominate others.
Given two objects at different levels, what is the minimum security level a subject must be at to read both objects?
The higher of the security levels of the 2 objects
Given two subjects at different levels, what is the maximum security level an object can be at and be read by both?
The lower of the security levels of the 2 subjects
What is the Hierarchical Model?
Another name for the military model. The military model is the most basic security model, in which there is a hierarchy or linear ordering of degrees of sensitivities
What is the System Low?
the level dominated by all others, i.e. the lowest access level that is a leaf node
What is the System High?
the level that dominates all others, i.e. the highest access level that is the root node