Security Architecture Flashcards Preview

CISSP > Security Architecture > Flashcards

Flashcards in Security Architecture Deck (69):
1

The rings are (theoretically) used as follows:

• Ring 0—Kernel
• Ring 1—Other OS components that do not fit into ring 0
• Ring 2—Device drivers
• Ring 3—User applications

2

Complex Instruction Set Computer (CISC)

Uses a large set of complex machine language instructions, which reduces the program size, x86 CPUs.

access calls to main memory are fewer as compared to RISC.

CISC is more powerful than RISC

3

Reduced Instruction Set Computer (RISC)

RISC uses a reduced set of simpler instructions.

the commands be shorter and simpler, requiring more individual instructions to perform a complex task

4

Time multiplexing

shares (multiplexes) system resources between
multiple processes, each with a dedicated slice of time.

5

security kernel has three main requirements

• Isolation: It must provide isolation for the processes carrying out the reference monitor concept, and the processes must be tamperproof.

• Completeness: it must be invoked for every access attempt, impossible to circumvent, and must be implemented in a complete and foolproof way.

• Verifiability: It must be small enough to be tested and verified in a complete and comprehensive manner.

6

Type 1 hypervisor (bare metal)

is part of an OS that runs directly on host hardware.
VMWare ESX

7

Type 2 hypervisor

runs as an application on a normal OS, such as Windows . VMWare Workstation is Type7.

8

Service-Oriented Architecture (SOA)

environments "allow for a suite of interoperable services" to be used within multiple, separate systems from several business domains.

"Services are expected to be platform independent" - not dependent upon a particular programming language.

using standard means available within their programming language of choice.

9

Polyinstantiation

means the database will create two entries with the same primary key: one labeled secret and one labeled top secret.

10

Inference

is the ability to deduce (infer) sensitive or restricted information from observing available information.

An example of a “database inference control is polyinstantiation”.

11

Aggregation

is a mathematical process: a user combines information from separate resources to derive restricted information.

Aggregation is similar to inference, but there is a key difference, as no deduction is required. Aggregation asks every question and receives every answer, and the user assembles restricted information.

Note: to prevent aggregation and inference, we use cell suppression to hide specific cell that contain information.

12

Data mining

searches large amounts of data to determine patterns that would otherwise get lost in the noise.

Disadvantage: risk of a violation or privacy and integrity risk.

13

Zachman Framework for Enterprise Architecture

provides six frameworks for providing information security, asking what, how, where, who, when, and why and mapping those frameworks across rules, including planner, owner, designer, builder, programmer, and user.

These frameworks and roles are mapped to a matrix.

14

SABSA

a holistic life cycle for developing security architecture that begins with assessing business requirements and subsequently creating a “chain of traceability” through the phases of strategy, concept, design, implementation, and metrics.

15

Weakness of Bill-LaPadula

 No mention of integrity and availability.
 It doesn’t address need-to-know and no mechanism for a one-to-one mapping of subjects and objects
 No policies for changing access data control.
 Contains covert channels and Static in nature.

16

Clark–Wilson uses two primary concepts to ensure that security policy is enforced:

Well-formed transactions and

Certification, enforcement, and separation of duties.

17

access control triple are

Subject
Transformation procedure (program) - well-formed transaction
Constrained data item (object) - data that requires integrity.

18

In Clark–Wilson, the assurance is based

based upon integrity verification procedures (IVPs) that ensure that data are kept in a valid state.

19

In Clark–Wilson, an audit record is made and entered into the access control system to provide

both detective and recovery controls in case integrity is lost.

20

Within Clark–Wilson, certification monitors

certification monitors integrity

enforcement preserves integrity.

21

Clark–Wilson requires that users

are authorized to access and modify data.

It also requires that data is modified in only authorized ways.

22

Lipner

combines elements of Bell–LaPadula and Biba together with the idea of job functions or roles to protect both confidentiality and integrity.

Two ways to of implementing integrity:
Lipner’s first method, using only Bell–LaPadula model
Lipner’s second method combines Biba’s integrity model with Bell–LaPadula.

23

take–grant protection model

a directed graph uses states and state transitions in designing the protection system.

Created to show that it is possible to secure a computer system even when the number of subjects and objects is large.

Rules include take, grant, create, and remove are depicted as a protection graph which governs allowable actions.

24

Graham-Denning Model

concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed.

It has three parts: objects, subjects, and rules.

25

Harrison–Ruzzo–Ullman (HRU) model

maps subjects, objects, and access rights to an access matrix. It is considered a variation to the Graham–Denning Model.

It differs from Graham–Denning because it considers subjects to be also objects.

26

Dedicated mode

 One classification label only.
 All users can access all data.
 Clearance for all information.
 Need to know for ALL data.

27

system high mode

 The system contains objects of mixed labels (e.g., confidential, top secret,…).
 All subjects must possess a clearance equal to the system’s highest object.
 All users can access some data, based on need to know for SOME data.

28

compartmented mode

 All subjects accessing the system have the necessary clearance.
 All users can access some data, based on their need to know and approval.
 Need to know for SOME data.
 Use of information labels.
 Objects are placed into “compartments” and require a formal (system-enforced) need to know to access. It use technical controls to enforce need to know

29

Multilevel mode

stores objects of differing sensitivity labels and allows system access by subjects with differing clearances.

The reference monitor mediates access between subjects and objects

The highest risk of all modes.

30

C1

Discretionary Security Protection

31

C2

Controlled Access Protection

32

B1

Labeled Security Protection

33

B2

Structured Protection

34

B3

Security domains

35

A1

Verified design

36

The equivalent ITSEC/TCSEC ratings are

Lowest E0
Highest E6

• E0: D
• F-C1,E1: C1
• F-C2,E2: C2
• F-B1,E3: B1
• F-B2,E4: B2
• F-B3,E5: B3
• F-B3,E6: A1

37

Target of evaluation (ToE)

the system or product that is being evaluated.

38

Security target (ST)—

the documentation describing the ToE, including the security requirements and operational environment.

39

Protection profile (PP)

An implementation-independent specification for future product., which contains a set of functional and assurance requirements for a specific category of products or systems, such as firewalls or intrusion detection systems.

40

Levels of evaluation

• EAL1. Functionally tested
• EAL2. Structurally tested
• EAL3. Methodically tested and checked
• EAL4. Methodically designed, tested, and reviewed
• EAL5. Semi-formally designed, and tested
• EAL6. Semi-formally verified, designed, and tested
• EAL7. Formally verified, designed, and tested

41

What is used to control the flow of information in the Clark-Wilson model?

the access triple rule
user, transformation procedure, and constrained data item.

42

Which component manages the authorized access associations between users and resources?

security kernel

43

Which entities control the flow of information in the lattice-based access control (LBAC) model?

n upper bound and a lower bound of authorized access for subjects.

44

Which two factors ensure that information is compartmentalized in the information flow model?

classification and need to know

45

What determines the security level that is needed to view an object?

classification

46

Which system evaluation methods analyze the functionality and assurance of products?

Common Criteria (CC) and Information Technology Security Evaluation Criteria (ITSEC)

47

Which security model ensures that the activities performed at a higher security level do not affect the activities at a lower security level?

the noninterference model

By implementing this model, the organization can be assured that covert channel communication does not occur

48

Which Rainbow Series book covers security issues for networks and network components?

the Red Book

49

Which access control model uses states and state transitions in designing the protection system?

the Take-Grant model

50

What are the four phases of NIACAP?

National Information Assurance Certification and Accreditation Process

definition, verification, validation, and post accreditation

51

Simple Object Access Protocol (SOAP)

is a protocol specification for exchanging structured information in the implementation of web services and networked environments.

52

Threat modeling vs. Vulnerability analysis

Threat modeling identifies potential threats and attack vectors.

Vulnerability analysis identifies weaknesses and lack of countermeasures.

53

What techniques can be used to enforce process isolation?

virtual memory,

object encapsulation treats a process as a “black box,”

Time multiplexing shares (multiplexes) system resources between multiple processes, each with a dedicated slice of time as an example.

54

EPROM

can be erased by ultraviolet light

55

EEPROM

ay be “flashed,” or erased and written to multiple times electronically. EEPROM is a modern type of ROM.

56

To prevent aggregation and inference, we use

cell suppression to hide specific cell that contain information.

57

Database inference control is

polyinstantiation.

58

Database aggregation controls may include

restricting normal users to a limited amount of queries.

59

hotfix

repairs to a computer during its normal operation so that the computer can continue to operate until a permanent repair can be made.

60

Patches

temporary fixes to a program.

Once more data is known about an issue, a service pack or hotfix may be issued to fix the problem on a larger scale.

61

A multilevel lattice model

A multilevel lattice model describes strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers they are in.

62

What is the purpose of ring protection?

used to control interactions between different execution domains with different levels of privilege, via API.

63

What is pipelining?

combines multiple steps into one combined process, allowing simultaneous fetch, decode, execute, and write steps for different instructions.

64

What is pipeline stage?

each stage in is called a pipeline

65

What is pipeline depth?

is the number of simultaneous pipeline stages that may be completed at once.

A CPU without pipelining would have to wait an entire cycle before performing another computation.

66

To ensure that integrity is attained, three following integrity goals:

 1) Data is protected from modification by unauthorized users;
 2) Data is protected from unauthorized modification by authorized users by implementing separation of duties, which divides an operation into different parts and requires different users to perform each part.
 3) Data is internally and externally consistent.

67

To prevent aggregation and inference, we use

cell suppression to hide specific cell that contain information.

68

Database inference control is

polyinstantiation

69

Database aggregation controls may include

restricting normal users to a limited amount of queries.