Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
51 Cards in this Set
- Front
- Back
Describe a level C1 System
|
Separation of users and data
Discretionary Access Control (DAC) |
|
Describe a level C2 System
|
* More finely grained DAC
* Individual accountability through login procedures * Audit trails * Resource isolation |
|
Describe a level B1 System
|
B1 — Labeled Security Protection
* Informal statement of the security policy model * Data sensitivity labels * Mandatory Access Control (MAC) over select subjects and objects * Label exportation capabilities * All discovered flaws must be removed or otherwise mitigated |
|
Describe a level B2 System
|
B2 — Structured Protection
* Security policy model clearly defined and formally documented * DAC and MAC enforcement extended to all subjects and objects * Covert storage channels are analyzed for occurrence and bandwidth * Carefully structured into protection-critical and non-protection-critical elements * Design and implementation enable more comprehensive testing and review * Authentication mechanisms are strengthened * Trusted facility management is provided with administrator and operator segregation * Strict configuration management controls are imposed |
|
Describe a level B3 System
|
B3 — Security Domains
* Satisfies reference monitor requirements * Structured to exclude code not essential to security policy enforcement * Significant system engineering directed toward minimizing complexity * A security administrator is supported * Audit security-relevant events * Automated imminent intrusion detection, notification, and response * Trusted system recovery procedures * Covert timing channels are analyzed for occurrence and bandwidth * An example of such a system is the XTS-300, a precursor to the XTS-400 |
|
Describe a level A1 System
|
A1 — Verified Design
* Functionally identical to B3 * Formal design and verification techniques including a formal top-level specification * Formal management and distribution procedures * An example of such a system is SCOMP, a precursor to the XTS-400 |
|
What it is ITSEC E0
|
Inadequate Assurance
|
|
What is ITSEC E1
|
Requires a security target and informal architecture,
|
|
What is ITSEC E2?
|
test documentation must be created, formal security architecure, penetration testing, audit trail is required for start up and finish
|
|
What is ITSEC E3?
|
Requires source code and hardware drawings,
|
|
What is ITSEC E4?
|
Formal Model of security,
|
|
What is ITSEC E5?
|
Independent configuration management
|
|
What is ITSEC E6?
|
All tools subject to configuration management
|
|
What is mulitprocessing?
|
A processor that executes two or more programs at the same time on multiple processors
|
|
What is multi-programming?
|
executes two or more programs simultaneously on a single processor
|
|
What is multi-tasking?
|
Executes two or more sub-programs simultaneously on a single processor
|
|
What is a Trusted Computing Base?
|
The Total combination of protection mechanisms within a computer system which includes hardware, software and firmware that are trusted to enforce the security policy
|
|
What is a security perimeter?
|
the boundary that separates the TCB from the rest of the system
|
|
What is a trusted computer system?
|
One that employs the necessary hardware software assurance measure to enable its use in the processing multiple levels of classification
|
|
What is a reference monitor?
|
a system componenent that enforces access controls on an object
|
|
What is the reference monitor concept?
|
an abstract machine that mediates all access of subjet to objects
|
|
What is a TOC/TOU attack?
|
an attack that exploits the difference in the time that security controls were applied and the time an authorized service was used.
|
|
What is a fault-tolerant system/
|
When a computer or network detects a fault but continues to operate
|
|
What is a failsafe system?
|
Program execution is terminated and the system is protected from being compromised when a hardware or software failure is detected
|
|
What is a fail soft system?
|
select non-critical processing is terminated when a hardware or software failure is detected
|
|
In ITSEC a F-C1, E1 system is equivalent to a what in TCSEC?
|
C1
|
|
In ITSEC a F-C2, E2 system is equivalent to a what in TCSEC?
|
C2
|
|
In ITSEC a F-B1, E3 system is equivalent to a what in TCSEC?
|
B1
|
|
In ITSEC what is a F, E3 system equivalent to in TCSEC
|
B1
|
|
In ITSEC what is a F, E4 system equivalent to in TCSEC
|
B2
|
|
In ITSEC what is a F, E5 system equivalent to in TCSEC
|
B3
|
|
In ITSEC what is a F, E6 system equivalent to in TCSEC
|
A1
|
|
What are the columns in a Access Matrix?
|
ACLs
|
|
In an access control matrix what are the rows (tuples)?
|
capabilities list
|
|
In Bell-LaPadula model what is the Simple security property?
|
No read up
|
|
In Bell-LaPadula what is the * property?
|
No write down
|
|
In Bell LaPadula model what is the Strong* property?
|
No reading or writing is permitted at higher or lower confidentiality level
|
|
In the Biba model what is the Simple Integrity Axiom?
|
No read-down
|
|
In Biba model what is the * Integrity Axiom?
|
No write up
|
|
What three things does Clark-Wilson model define?
|
Constrained Data Item, Transformation Procedures, Unconstrained Data Items
|
|
In Operations security what constitutes a triple
|
threat, vulnerability, asset
|
|
What operational assurance requirements are specified in the Orange book?
|
system architecture, system integrity, cover channel analyss, trusted facility management, trusted recovery,
|
|
What life cycle assurance requirements are specified in the Orange book?
|
security testing, design and specification testing, configuration management, trusted distribution
|
|
What is a covert timing channel?
|
a covert channel in which one process signals information to another by modulating its own use of system resources
|
|
What is the minimum TCSEC level that requires protection against covert storage channels?
|
B2
|
|
At what TCSEC level is it required to protect against covert timing channels?
|
b3
|
|
AT what level is it required to support a separate operation and administrator function?
|
B2
|
|
At what level is it required to clearly identify the functions of the security administrator to perform security related function?
|
B3
|
|
What assurance levels require trusted recovery?
|
B3 & A1
|
|
What assurance level requires that configuration management be enforced during development and maintenance of the system?
|
B2&B3
|
|
What assurance level requires that configuration management be enforced during the entire life cycle?
|
A1
|