Shared Flashcard Set

Details

Foundations of IA
CIST4360 at University of Nebraska at Omaha
27
Computer Science
Undergraduate 4
12/15/2009

Additional Computer Science Flashcards

 


 

Cards

Term
What are the three main components of information assurance?
Definition
Confidentiality
Integrity
Availability
Term
Pfleeger's Features of a Trusted Operating System
Definition
•User Identification and Authentication - Determining conclusively a users right to use a specific avatar.

•Audit - A process by which events on the system can be recreated and accountability held to one individual.

•Audit Log Reduction - Only the important information is saved.

•Intrusion Detection - Detects patterns that are abnormal in system access.

•Trusted Path - A method to ensure communication between two points.

•Mandatory Access Control - Control beyond the control of individual users.

•Discretionary Access Control - Some of the objects access control will be left up to the user.

•Object Reuse Protection - Cleans up spaces before they are reused.

•Complete Mediation - Always Invoked
Term
Six Fundamental Requirements of a Trusted OS (Orange Book)
Definition
•Security Policy – Must be will-defined, determines whether a given subject can be permitted to gain access to a specific object

•Marking – aka Labels, ties sensitivity level to the document

•Identification – Must be identified, access to info is mediated based on their identity and what info they deal with.

•Accountability –Audit info must be kept and protected so actions can be traced.

•Assurance – the computer system must contain hardware/software that independently assure the system provided the above 3

•Continuous Protection – the trusted mechanisms that enforce all the requirements must continue against tampering and unauthorized changes
Term
Methods of Seperation in a Trusted OS
Definition
•Physical – use different physical objects, think of military MLS

•Temporal – processes of differing security levels can only run during their level's given time slot

•Logical – separation by the computer, it appears to a user that no other processes are running, other than their own

•Cryptographic – conceal data and computations, so that it is unintelligible to outside processes
Term
Saltzer and Schroeder's Principles of Secure System Design
Definition
•Open Design - Design should not be secret.

•Psychological Acceptability - Ease of use.

•Fail-Safe Defaults - Permission based access so that it fails to no access.

•Least Common Mechanism - The fewest common mechanisms possible to finish the task.

•Separation of Privilege - Duel Access Privileges Needed.

•Least Privilege - Use the least set of privileges necessary.

•Economy of Mechanism - Simple and as small as possible.

•Complete Mediation - All accesses must be checked.
Term
Development Process to Designing a Trusted System
Definition
•Policy - Expected system behavior for given objects and subjects.

•Model - Formalization of the policy, ie. Bell-LaPadula (WURD — Write Up Read Down) model.

•Design - A specific way of implementing the model.

•Implementation - Physical components that make up the system.

•Life Cycle Management – A system must be maintained over time
Term
Techniques to prove assurance
Definition
•Evaluation – independent experts review requirements, design, implementation, and assurance evidence

•Open Source – peer review by the users of the software can uncover bugs and other problems

•Validation – you built the right product, it does what it's supposed to do

•Formal Verification – you built the product right, it meets the design specs

•Penetration Testing – purposely trying to break the system

•Testing – actual product evaluation, does it behave the way it was designed?
Term
3 Levels in the Orange Book Threat Model
Definition
•Penetration - Insider upgrading access.

•Malicious Code - Outside user hijacking code to do their work for them

•Subversion - Aka sabotage, like changing the master copy of software before it arrives.
Term
Schneier's Internet Vulnerabilities
Definition
•Action at a Distance - No need to put yourself at risk, attack systems around the world the same as next door

•Technique Propagation - No need for complex knowledge scripts can launch attacks, script kiddies share tools

•Automation - Computers can be used to launch brute force attacks like a DoS that utilize a computers ability to do repetitive tasks, compromise thousands of machines with the same effort needed to compromise one.
Term
Ways to not show assurance
Definition
•Challenges - "Well, person X here couldn't break in."

•Lack Discovered Flaws - "We haven't found any flaws yet."

•Security Through Obscurity - "No you can't see it. Just trust us."

•Emphatic Assertion - "We have the best product! Why? Because it's the BEST!"
Term
Taxonomy of Information Assurance
Definition
•Policy - Expected behavior by the system towards objects and subjects.

•Boundary - Where are the limits of the system.

•Membership - What objects are contained within these boundaries.

•Damage Detection and Recovery - Detecting and reacting to a failure in a controlled manner.

•Fusion and Separation - Adding and deleting objects from the domain.

•Assurance - The means by which you prove that the system is good enough.

•Secure Systems Management –
Term
3 Components of a Reference Monitor
Definition
•Always Invoked – always on

•Tamperproof – it can not be compromised

•Reference validation mechanism must be small – subject to analysis and tests, completeness of which can be assured
Term
Database Security Problems
Definition
•Integrity – is the correctness and accuracy of the data in the database

•Secrecy – the hard problem, preventing a person from getting the information about the data, this is done through aggregation or inference
Term
Two threats to database secrecy
Definition
•Inference – derive sensitive data from non-sensitive data

•Aggregation – derive sensitive information using, information obtained outside the database
Term
Pfleeger's countermeasures to prevent inference in databases
Definition
•Limited Response Suppression – don't display elements below a certain percentage,

•Combining Results – woks by combining results of rows in pairs

•Random sample – use a portion of the database, then multiply by total divided by sample size, same sample set should be used each time

•Random Data Perturbation – use a small value that is randomly positive or negative, and add it to the results are they are returned

•Query analysis – the database analyzes each request, and decides whether or not to return the result to the user
Term
Primitive security services of a general operating system
Definition
•Memory protection
•File protection
•General object protection
•Access authentication
Term
Bell-LaPadula Model
Definition
•Simple Security Property – A subject s may have read access to an object o only if C(o) <= C(p). ( C = security class or level )

•*-Property – A subject s who has read access to an object o may have write access to an object p only if C(o) <= C (p) ( C = security class or level ) This property is to protect against Trojans using covert channels to communicate sensitive information downward.
Term
Biba Model
Definition
•Simple Integrity Property – Subject s can modify ( have write access to ) object o only if I(s) >= I(o) ( I = Integrity level )

•If a subject s has read access to object o with integrity level I(o), s can have write access to object p only if I(o) >= I(p) ( don't let low integrity information write to high integrity information )
Term
Foundational Computer Security Requirements
Definition
•Policy – Set of rules, who can access what

•Accountability – document every action, something should never happen that isn't known about

•Assurance - "the basis for the belief that the system will operate as expected
Term
"Hard Problems" for information security
Definition
•threat is unconstrained – that is threat can not be quantified, so a system can not be 'threatproof'

•global property - "have to secure the whole thing" – the entire system must be secure, a fence is useless if it only goes around one side of an airport
Term
Characteristics of a good cipher
Definition
•The amount of work needed for encryption/decryption should be appropriate for the secrecy of the message

•Set of keys should be free from complexity

•Implementation should be simple

•Propagation of errors should be limited

•Size of CT should be no larger than size of PT
Term
Attack Methods for a Cipher
Definition
• Ciphertext only
• Known Plaintext
• Known Algorithm
• Chosen Plaintext
Term
Hard Problems for Cryptography
Definition
•Key management – preventing the bad guys from getting your keys

•Implementation – There are plenty of good algorithms, but very few good implementations.
Term
Properties of Good Crypto
Definition
•confusion – the interceptor shouldn't be able to predict how changing one character in the plaintext will affect the ciphertext

•diffusion – a change in one character in the plain text will affect many characters in the ciphertext
Term
Mathematical Basis for Shared Secret Crypto
Definition
• Factoring of Large Primes - RSA

• Discrete Log - Diffie-Hellman
Term
Types of Biometric Errors
Definition
•Type I – False positive - When a biometric system fails to identify an enrollee or fails to verify the legitimate claimed identity of an enrollee.

•Type II – false negative - When a biometric system incorrectly identifies an individual or incorrectly verifies an impostor against a claimed identity.
Term
Ware report leakage points
Definition
•Physical Surroundings – physical security of equipment

•Hardware – malfunctioning hardware, ex read-write protection failing

•Software – vulnerabilities in software, especially the operating system

•Communication links - these are links between hardware, aka the cords or wireless communication of devices

•Organizational - that is the compromise by individuals of the company or by the procedures used by the company ( operational security is part of this )
Supporting users have an ad free experience!