Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
28 Cards in this Set
- Front
- Back
Confinement/ sandboxing |
Allows a process to read from Android to only certain memory locations and resources |
|
Bounds |
Limits set on the memory addresses and resources a process can access |
|
Isolation |
The process that is confined through boundary enforcement and used to protect the operating environment, the kernel, and other independent apps. Prevent applications from accessing in-use memory or resources. |
|
Clearance |
A subjects' attributes define its _______ |
|
Classification |
An objects' attributes define its ______ |
|
RBAC |
An access control method which states which subjects have clearance to access objects with a specific classification |
|
Trusted system |
A system in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure Computing environment |
|
Assurance |
The degree of confidence in satisfaction of security needs |
|
Security token, capabilities list, security label |
Three methods used to describe the security attributes for an object |
|
Security token |
Separate object that is associated with the resource and describes it security attributes; access prior to requesting access to the actual object |
|
Capabilities list |
Maintains a row of security attributes for each controlled object |
|
Security label |
Generally a permanent part of the object to which it's attached. Once attached, cannot be altered; permanence provides another state guard but neither tokens Northeast provide. |
|
Trusted Computing base |
A combination of Hardware, software, and patrols that work together to form a trusted base to enforce your security policy |
|
Security perimeter |
The imaginary boundary that separates the PCB from the rest of the system and ensures that note in Secure Communications occur between the PCB and other elements |
|
Trusted paths |
In a trusted Computing base, secure Communications are managed through _______. |
|
Reference monitor |
The part of the PCB that validates access to every resource prior to granting access request |
|
Security Kernel |
The collection of components in the TCB that work together to implement reference monitor functions |
|
State Machine model |
A common Access Control security model that describes a system that is always secure no matter what state it is in. |
|
Information flow model |
A common Access Control security model, based on the state machine model, which prevents unauthorized information flows, whether within the same classification level or between classification. |
|
Non-interference model |
A common access security model that is not concerned with information flows but rather concerned with how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security state. |
|
Take - Grant model |
The common Access Control security model focused on confidentiality of objects and employs a directed graph to dictate how rights can be passed from one subject to another or from subject to object. |
|
Access Control Matrix |
A common Access Control security model which has a table of subjects and objects that indicate the actions or functions that each subject can perform on each object. |
|
Capabilities list |
In an access control Matrix each subject row of the Matrix is called a_________. |
|
An Access Control list (ACL) |
In an access control Matrix each object column is called ______. |
|
Bell-Lapadula model |
Which Access Control security model has subjects that have clearance levels; allows them to access only those objects with corresponding classifications; are focused on confidentiality of objects; are derived from dod's multi-level security policies; does not address Integrity or availability; prevents leaking or transfer of classified information to less secure clearance Levels by blocking lower classified subjects from accessing higher-level objects; and based on both state machine concept and information flow models. |
|
Simple security property |
A basic property of the State machine that has no read up but allows read down |
|
*star security property |
A basic property of the state machine that has no right down but allows for right up. |
|
Discretionary security property |
The basic property of the Bell-Lapadula state machine that uses an access matrix for discretionary Access Control enforcement. |