Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
94 Cards in this Set
- Front
- Back
Covert Channel Analysis is required for systems evaluated at what TCSEC level?
|
B2 and above
|
|
According to the Orange Book, which security level is the first to require a system to support separate operator and system administrator roles?
|
B2
|
|
Which Orange Book security rating requires that formal techniques are used to prove the equivalence between the TCB specifications and the security policy model?
|
A1
|
|
Which TCSEC level first addresses object reuse?
|
C2
|
|
Which of the following is the lowest TCSEC class wherein the systems must support separate operator and system administrator roles?
|
B2
|
|
one level of information classification; all users have a need to know
|
Dedicated Security Mode
|
|
one level of information classification; not all users have need to know for all information.
|
System high security mode
|
|
multiple levels of information classification but users must all be cleared for the highest level; not all users have need to know for all information
|
Compartmented
|
|
multiple levels of information classification; not all users have need to know for all information; users must have appropriate clearence matching the information they need to know
|
Multilevel
|
|
Compartmented Mode Workstations (CMW) are most similar to what Orange Book evaluation level?
|
B3
|
|
Minimal protection
|
D
|
|
Discretionary protection
|
C
|
|
Discretionary security protection
|
C1
|
|
Controlled access protection
|
C2
|
|
Mandatory protection
|
B
|
|
Labeled security
|
B1
|
|
Structured protection
|
B2
|
|
Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
|
B3
|
|
Verified protection
|
A
|
|
Verified design
|
A1
|
|
architecture, system integrity, covert channel analysis, trusted facility management and trusted recovery.
|
Operational assurance requirements
|
|
In Mandatory Access Control, sensitivity labels contain what information?
|
The items classification and category set
|
|
What is the lowest TCSEC class wherein the system must protect against covert storage channels (but not necessarily covert timing channels)?
|
B2
|
|
What does the Clark-Wilson security model focus on?
|
Integrity
|
|
Which class is defined in the TCSEC (Orange Book) as minimal protection?
|
D
|
|
Simple security rule: A subject cannot read data within an object that resides at a higher security level ("No read up" rule).
*- property rule: A subject cannot write to an object at a lower security level ("No write down" rule). Strong star property rule: For a subject to be able to read and write to an object, the subject’s clearance and the object’s classification must be equal. |
Bell-LaPadula model
|
|
Mandatory protection
|
B
|
|
The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base]." This statement is the formal requirement for:
|
System Integrity
|
|
A formal model of the security policy must be clearly identified and documented, including a mathematical proof that the model is consistent with its axioms and is sufficient to support the security policy
|
Design verification
|
|
Which security model is based on the military classification of data and people with clearances?
|
Bell Lapadula
|
|
Configuration Management controls what?
|
Auditing and controlling any changes to the Trusted Computing Base.
|
|
a government program that prevents the compromising electrical and electromagnetic signals that emanate from computers and related equipment from being intercepted and deciphered.
|
Tempest
|
|
addresses such concepts as nondiscretionary access control, privilege separation, and least privilege.
|
Clark Wilson
|
|
an integrity model of computer security policy that describes a set of rules. In this model, a subject may not depend on any object or other subject that is less trusted than itself.
|
Biba
|
|
security policy model on which the Orange Book requirements are based
|
Bell Lapadula
|
|
Which of the following describes a computer processing architecture in which a language compiler or pre-processor breaks program instructions down into basic operations that can be performed by the processor at the same time?
|
Very-Long Instruction-Word Processor (VLIW)
|
|
What can be described as an imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
|
The Security Perimeter
|
|
Which TCSEC level introduces formal covert channel analysis?
|
A1
|
|
According to the Orange Book, which security level is the first to require trusted recovery?
|
B3
|
|
In what security mode can a system be operating if all users have the clearance to all data processed by the system, but might not have the need-to-know and formal access approval?
|
Compartmented security mode
|
|
All users can access ALL data.
Signed NDA for ALL information on the system. Proper clearance for ALL information on the system. Formal access approval for ALL information on the system. A valid need to know for ALL information on the system. |
Dedicated security Mode
|
|
All users can access SOME data, based on their need to know.
Signed NDA for ALL information on the system. Proper clearance for ALL information on the system. Formal access approval for ALL information on the system. A valid need to know for SOME information on the system. |
System high security mode
|
|
All users can access SOME data, based on their need to know and formal access approval.
Signed NDA for ALL information on the system. Proper clearance for ALL information on the system. Formal access approval for SOME information they will access on the system. A valid need to know for SOME information on the system. |
Compartmented security mode
|
|
All users can access SOME data, based on their need to know, clearance and formal access approval.
Signed NDA for ALL information on the system. Proper clearance for SOME information on the system. Formal access approval for SOME information on the system. A valid need to know for SOME information on the system. |
Multilevel security mode
|
|
The Orange Book requires auditing mechanisms for any systems evaluated at which of the following levels?
|
C2 and above
|
|
What is the main focus of the Bell-LaPadula security model?
|
Confidentiality
|
|
At what Orange Book evaluation levels are design specification and verification required?
|
B1 and above
|
|
What does the * (star) integrity axiom mean in the Biba model?
|
No write up
|
|
functionally tested
|
Common Criteria assurance level Eal 1
|
|
structurally tested
|
Common Criteria assurance level EAL2
|
|
Methodically tested and checked
|
Common Criteria assurance level EAL3
|
|
methodically designed, tested and reviewed
|
Common Criteria assurance level EAL4
|
|
Semiformally designed and tested
|
Common Criteria assurance level EAL5
|
|
Semiformally verified design and tested
|
Common Criteria assurance level EAL6
|
|
Formally verified design and tested
|
Common Criteria assurance level EAL7
|
|
What are the three conditions that must be met by the reference monitor?
|
Isolation, completeness and verifiability
|
|
concerned with integrity and controls access to objects based on a comparison of the security level of the subject to that of the object.
|
Biba model
|
|
Concerned with confidentiality and controls access to objects based on a comparison of the clearence level of the subject to the classification level of the object.
|
Bell-LaPaula model
|
|
Whagt does the simple security (ss) property mean in the Bell-LaPadula model?
|
No read up
|
|
Establishes the minimal national standards for certifying and accrediting national security systems?
|
NIACAP
|
|
A mechanism that enforces the authorized access relationships between subjects and objects is known as:
|
The Reference monitor
|
|
At what Orange Book evaluation levels are configuration management required?
|
B2 and above
|
|
What access control technique is also known as multilevel security?
|
Mandatory access control
|
|
Which of the following uses protection profiles and security targets?
|
International Standard 15408
|
|
The Orange Book does NOT cover:
|
Integrity
|
|
Which Orange book security rating introduces security labels?
|
B1
|
|
Trusted Distribution is required at what Orange Book evaluation level?
|
A1
|
|
What does the simple integrity axiom mean in the Biba model?
|
No read down
|
|
Which TCSEC class specifies discretionary protection?
|
C1
|
|
Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?
|
C
|
|
Biba-Subject cannot send messages (logical request for service) to subjects of higher integrity
|
Invocation property
|
|
Simple
|
Read
|
|
Star
|
Write
|
|
Which model addresses all three integrity goals?
|
Clark and Wilson
|
|
Well formed transaction
|
Clark and Wilson
|
|
Which security model includes Separation of duty?
|
Clarke and Wilson
|
|
Access Triple
|
Clark and Wilson
Subject, program, object |
|
State machine model specifying modes of access
Subject to subject, subject to object, One row per subject, one column per subject and object |
Access Control Matrix
|
|
Controls are put into place to prevent a conflict of interest
|
Brewer and Nash Model-Chinese Wall security policy
|
|
Control changing permissions for access
|
Brewer and Nash
|
|
ACID Test
|
Atomicity-either all changes take effect or none do
Consistency-a transaction is allowed only if it meets owner/system defined integrity constraints Isolation-the results of the transaction are not visible until the transaction is complete Durability-a completed transaction is permanent. |
|
uses a knowledge base and a set of algorithms and/or rules that infer new facts from knowledge and incoming data
|
Expert System Approach
|
|
What can best be described as a domain of trust that shares a single security policy and single management?
|
A security domain
|
|
Which of the following uses protection profiles and security targets?
ITSEC TCSEC CTCPEC International Standard 15408 |
International Standard 15408
|
|
What does it mean to say that sensitivity labels are "incomparable"?
The number of classification in the two labels is different. Neither label contains all the classifications of the other. the number of categories in the two labels are different. Neither label contains all the categories of the other. |
Neither label contains all the categories of the other.
|
|
Controlled Security Mode is also known as:
Multilevel Security Mode Compartmented security mode Dedicated Security Mode System-high Security Mode |
Compartmented security mode
|
|
What is another name for the Orange Book
|
The Trusted Computer System Evaluation Criteria (TCSEC)
|
|
Which of the following was developed by the National Computer Security Center (NCSC)?
TCSEC ITSEC DIACAP NIACAP |
TCSEC
|
|
Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level?
The Bell-LaPadula model The information flow model The noninterference model The Clark-Wilson model |
The noninterference model
|
|
What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept?
The reference monitor Protection rings A security kernel A protection domain |
A security kernel
|
|
What is necessary for a subject to have read access to an object in a Multi-Level Security Policy?
The subject's sensitivity label must dominate the object's sensitivity label. The subject's sensitivity label subordinates the object's sensitivity label. The subject's sensitivity label is subordinated by the object's sensitivity label. The subject's sensitivity label is dominated by the object's sensitivity label. |
›The subject's sensitivity label must dominate the object's sensitivity label.
|
|
Which TCSEC (Orange Book) rating or level requires the system to clearly identify functions of the security administrator to perform security-related functions?
C2 B1 B2 B3 |
›B3
|
|
Which of the following security models does NOT concern itself with the flow of data?
The information flow model The Biba model The Bell-LaPadula model The noninterference model |
›The noninterference model
|
|
A mechanism that enforces the authorized access relationships between subjects and objects is known as:
the reference monitor. discretionary access control. trusted kernel. mandatory access control. |
›the reference monitor.
|