Shared Flashcard Set


Foundations of IA
CIST4360 at University of Nebraska at Omaha
Computer Science
Undergraduate 4

Additional Computer Science Flashcards




What are the three main components of information assurance?
Pfleeger's Features of a Trusted Operating System
•User Identification and Authentication - Determining conclusively a users right to use a specific avatar.

•Audit - A process by which events on the system can be recreated and accountability held to one individual.

•Audit Log Reduction - Only the important information is saved.

•Intrusion Detection - Detects patterns that are abnormal in system access.

•Trusted Path - A method to ensure communication between two points.

•Mandatory Access Control - Control beyond the control of individual users.

•Discretionary Access Control - Some of the objects access control will be left up to the user.

•Object Reuse Protection - Cleans up spaces before they are reused.

•Complete Mediation - Always Invoked
Six Fundamental Requirements of a Trusted OS (Orange Book)
•Security Policy – Must be will-defined, determines whether a given subject can be permitted to gain access to a specific object

•Marking – aka Labels, ties sensitivity level to the document

•Identification – Must be identified, access to info is mediated based on their identity and what info they deal with.

•Accountability –Audit info must be kept and protected so actions can be traced.

•Assurance – the computer system must contain hardware/software that independently assure the system provided the above 3

•Continuous Protection – the trusted mechanisms that enforce all the requirements must continue against tampering and unauthorized changes
Methods of Seperation in a Trusted OS
•Physical – use different physical objects, think of military MLS

•Temporal – processes of differing security levels can only run during their level's given time slot

•Logical – separation by the computer, it appears to a user that no other processes are running, other than their own

•Cryptographic – conceal data and computations, so that it is unintelligible to outside processes
Saltzer and Schroeder's Principles of Secure System Design
•Open Design - Design should not be secret.

•Psychological Acceptability - Ease of use.

•Fail-Safe Defaults - Permission based access so that it fails to no access.

•Least Common Mechanism - The fewest common mechanisms possible to finish the task.

•Separation of Privilege - Duel Access Privileges Needed.

•Least Privilege - Use the least set of privileges necessary.

•Economy of Mechanism - Simple and as small as possible.

•Complete Mediation - All accesses must be checked.
Development Process to Designing a Trusted System
•Policy - Expected system behavior for given objects and subjects.

•Model - Formalization of the policy, ie. Bell-LaPadula (WURD — Write Up Read Down) model.

•Design - A specific way of implementing the model.

•Implementation - Physical components that make up the system.

•Life Cycle Management – A system must be maintained over time
Techniques to prove assurance
•Evaluation – independent experts review requirements, design, implementation, and assurance evidence

•Open Source – peer review by the users of the software can uncover bugs and other problems

•Validation – you built the right product, it does what it's supposed to do

•Formal Verification – you built the product right, it meets the design specs

•Penetration Testing – purposely trying to break the system

•Testing – actual product evaluation, does it behave the way it was designed?
3 Levels in the Orange Book Threat Model
•Penetration - Insider upgrading access.

•Malicious Code - Outside user hijacking code to do their work for them

•Subversion - Aka sabotage, like changing the master copy of software before it arrives.
Schneier's Internet Vulnerabilities
•Action at a Distance - No need to put yourself at risk, attack systems around the world the same as next door

•Technique Propagation - No need for complex knowledge scripts can launch attacks, script kiddies share tools

•Automation - Computers can be used to launch brute force attacks like a DoS that utilize a computers ability to do repetitive tasks, compromise thousands of machines with the same effort needed to compromise one.
Ways to not show assurance
•Challenges - "Well, person X here couldn't break in."

•Lack Discovered Flaws - "We haven't found any flaws yet."

•Security Through Obscurity - "No you can't see it. Just trust us."

•Emphatic Assertion - "We have the best product! Why? Because it's the BEST!"
Taxonomy of Information Assurance
•Policy - Expected behavior by the system towards objects and subjects.

•Boundary - Where are the limits of the system.

•Membership - What objects are contained within these boundaries.

•Damage Detection and Recovery - Detecting and reacting to a failure in a controlled manner.

•Fusion and Separation - Adding and deleting objects from the domain.

•Assurance - The means by which you prove that the system is good enough.

•Secure Systems Management –
3 Components of a Reference Monitor
•Always Invoked – always on

•Tamperproof – it can not be compromised

•Reference validation mechanism must be small – subject to analysis and tests, completeness of which can be assured
Database Security Problems
•Integrity – is the correctness and accuracy of the data in the database

•Secrecy – the hard problem, preventing a person from getting the information about the data, this is done through aggregation or inference
Two threats to database secrecy
•Inference – derive sensitive data from non-sensitive data

•Aggregation – derive sensitive information using, information obtained outside the database
Pfleeger's countermeasures to prevent inference in databases
•Limited Response Suppression – don't display elements below a certain percentage,

•Combining Results – woks by combining results of rows in pairs

•Random sample – use a portion of the database, then multiply by total divided by sample size, same sample set should be used each time

•Random Data Perturbation – use a small value that is randomly positive or negative, and add it to the results are they are returned

•Query analysis – the database analyzes each request, and decides whether or not to return the result to the user
Primitive security services of a general operating system
•Memory protection
•File protection
•General object protection
•Access authentication
Bell-LaPadula Model
•Simple Security Property – A subject s may have read access to an object o only if C(o) <= C(p). ( C = security class or level )

•*-Property – A subject s who has read access to an object o may have write access to an object p only if C(o) <= C (p) ( C = security class or level ) This property is to protect against Trojans using covert channels to communicate sensitive information downward.
Biba Model
•Simple Integrity Property – Subject s can modify ( have write access to ) object o only if I(s) >= I(o) ( I = Integrity level )

•If a subject s has read access to object o with integrity level I(o), s can have write access to object p only if I(o) >= I(p) ( don't let low integrity information write to high integrity information )
Foundational Computer Security Requirements
•Policy – Set of rules, who can access what

•Accountability – document every action, something should never happen that isn't known about

•Assurance - "the basis for the belief that the system will operate as expected
"Hard Problems" for information security
•threat is unconstrained – that is threat can not be quantified, so a system can not be 'threatproof'

•global property - "have to secure the whole thing" – the entire system must be secure, a fence is useless if it only goes around one side of an airport
Characteristics of a good cipher
•The amount of work needed for encryption/decryption should be appropriate for the secrecy of the message

•Set of keys should be free from complexity

•Implementation should be simple

•Propagation of errors should be limited

•Size of CT should be no larger than size of PT
Attack Methods for a Cipher
• Ciphertext only
• Known Plaintext
• Known Algorithm
• Chosen Plaintext
Hard Problems for Cryptography
•Key management – preventing the bad guys from getting your keys

•Implementation – There are plenty of good algorithms, but very few good implementations.
Properties of Good Crypto
•confusion – the interceptor shouldn't be able to predict how changing one character in the plaintext will affect the ciphertext

•diffusion – a change in one character in the plain text will affect many characters in the ciphertext
Mathematical Basis for Shared Secret Crypto
• Factoring of Large Primes - RSA

• Discrete Log - Diffie-Hellman
Types of Biometric Errors
•Type I – False positive - When a biometric system fails to identify an enrollee or fails to verify the legitimate claimed identity of an enrollee.

•Type II – false negative - When a biometric system incorrectly identifies an individual or incorrectly verifies an impostor against a claimed identity.
Ware report leakage points
•Physical Surroundings – physical security of equipment

•Hardware – malfunctioning hardware, ex read-write protection failing

•Software – vulnerabilities in software, especially the operating system

•Communication links - these are links between hardware, aka the cords or wireless communication of devices

•Organizational - that is the compromise by individuals of the company or by the procedures used by the company ( operational security is part of this )
Supporting users have an ad free experience!