security within the computer Flashcards
(10 cards)
What is the role of the operating system in security?
The OS ensures that each process only performs permitted actions, enforcing isolation and policy rules depending on the system’s security model (e.g., Bell–LaPadula in military systems).
What are the main principles of the Bell–LaPadula model?
- No read up (simple security property). 2. No write down (*-property). It enforces mandatory access control to maintain data confidentiality.
What are the limitations of applying Bell–LaPadula?
Applications like email require major changes to accommodate different classification levels per message. Also, issues arise with shared resources like clipboards.
What is the Biba model and how does it contrast with Bell–LaPadula?
The Biba model focuses on integrity rather than confidentiality. It enforces ‘no write up’ and ‘no read down’ to ensure outputs don’t gain trust from untrusted inputs.
What is the basic idea of access control lists (ACLs) in Unix?
ACLs define file permissions per user and group using rwx flags. They are efficient at runtime but make it difficult to query user-wide access rights.
What is the role of ‘setuid’ in Unix-based systems?
Setuid allows a program to run with the permissions of its owner (e.g., the accounting program), enabling controlled privilege escalation for specific tasks.
What is a capability in capability-based architectures?
A capability is an unforgeable token that grants access to an object (e.g., memory, files). Systems like the Cambridge CAP computer used strong separation of data and capabilities.
What is a file descriptor (FD) and how is it a weak capability?
An FD is a kernel-maintained index allowing controlled access to open files. It’s weak because it’s process-wide and stateful, limiting fine-grained security control.
Where are capabilities used today?
They are found in classified systems, mobile operating systems (as permissions), and secure microkernels like seL4, which is formally verified and used in automotive and embedded systems.
Why are browsers a special security concern?
Browsers handle many roles including password storage and script execution. Their complex codebases and evolving threats make them both critical and vulnerable components of system security.
