Flashcards in Lecture 10: 11th October 2019 Deck (49)
What are Security Policies?
A set of rules and practices governing how a system
will manage and protect files with especial regard to sensitive data or code. Some companies will write a Security Policy document that defines the security (and safety) of the system. This can be considered as a legal
document if the company has an intrusion.
What are Reference Monitors?
The Reference Monitor is the mechanism or abstract concept as to how the access control policies are applied to a computer system.
What are Security Models?
A Security Model is the high-level description of the rules which security policies should implement. It is usually an overarching guide including the flow of information between subjects and resources, explicitly describing what entities are covered by the model. Some models may even include data structures or cryptographic specifications.
A model should outline possible threats, data access rules and who is a valid user. Some models enforce confidentiality, others integrity and others access.
What is the Military Model?
The most basic security model, in which there is a hierarchy or linear ordering of degrees of sensitivities
What are subjects?
People or processes who wish to access resources (objects)
What are relationships?
The rules defining what specific access subjects of given levels have to objects of levels (both grouped into classifications). Subjects can write to any level but only read at their level or lower.
What are partially ordered sets?
A set of elements in which at least some of the elements can be compared to each other with a binary relation.
What are partially ordered sets aka?
What are reflexive comparisons?
Elements comparing themselves to themselves
What are transitive comparisons?
Where you chain relations; e.g. if a < b and b < c then a < c
What are anti-symmetric comparisons?
No 2 unique elements may precede each other: be related in both directions
if R(a, b) is true and a ≠ b, then R(b, a) must not hold
if R(a, b) is true and R(b, a) is also true, then a = b
if a ≤ b and b ≤ a then a = b
How can lattices be formed from posets?
Build up nodes of classification levels; e.g. top secret, secret, etc applied to science (weapons development) and military (weapons deployment). Arrange in a tree-like graph from most to least access. Most will be top secret for science and military, then top-secret one and secret other, etc. Comparisons arise from comparing science and/or military clearance levels of users.
How does the PM, their top military general, and top scientific advisor illustrate partial order-based systems?
PM has top secret science and military clearance. General has top secret military but lower science clearance, and scientist has top secret science clearance but no military clearance.
What is domination?
Domination is a subject having higher access levels and indicating the direction of information flow. Those with higher access levels, closer to the root, dominate others.
Given two objects at different levels, what is the minimum security level a subject must be at to read both objects?
The higher of the security levels of the 2 objects
Given two subjects at different levels, what is the maximum security level an object can be at and be read by both?
The lower of the security levels of the 2 subjects
What is the Hierarchical Model?
Another name for the military model. The military model is the most basic security model, in which there is a hierarchy or linear ordering of degrees of sensitivities
What is the System Low?
the level dominated by all others, i.e. the lowest access level that is a leaf node
What is the System High?
the level that dominates all others, i.e. the highest access level that is the root node
When does one user's privileges dominate another's?
When they can perform access operations on every object the other user can
What does it mean when two users have the same privileges?
They are at the same access level
What is the hierarchical model aka?
the military model
How can classifications work in conjunction with codewords?
To implement intra-access level compartmentalisation, combine access levels with codewords; this might be by military operational codenames, for instance. Compartments can, however, cross over different security levels.
What is ss-property?
The simple security policy states that no process can read data at a higher access level. This is known as no read up: NRU.
What is NRU?
no read up: no subject can read data at a higher access level.
What is *-property?
no subject can write data to a lower level, i.e. no write
What is NWD?
no write down: no process can write data to a lower level.
When may a subject read an object?
If the security class of the subject is greater than or equal to that of the object
When may a subject s with read access to an object, o, write to another object, p?
If the security class of the object p is greater than or equal to that of o (apparently but I think it makes sense to just compare s to both directly).