Computer Security 5 & 6- Access Control and MAC
True
"No write down" is also referred to as the *-property.
Role
A __________ is a named job function within the organization that controls this computer system.
Security Class
A class assigned to each subject and object in BLP
Session
A mapping between a user and an activated subset of the set of roles to which the user is assigned.
No read up (ss-property), no write down (*-property)
A multilevel secure system for confidentiality must enforce: __
Group
A named group of users may also be granted access rights. In most schemes, a user may belong to multiple groups
Trusted Computing Base
A portion of a system that enforces a particular policy. The TCB must be resistant to tampering and circumvention. The TCB should be small enough to be analyzed systematically.
Assurance
A process that ensures a system is developed and operated as intended by the system's security policy.
Object
A resource to which access is controlled
True
A subject can exercise only accesses for which it has the necessary authorization and which satisfy the MAC rules.
Prerequisite
A user can only be assigned to a particular role if it is already assigned to some other specified role
True
A user may belong to multiple groups.
What are the three functions for a NIST RBAC compliant model?
Administrative functions Supporting system functions Review functions
Clark-Wilson Integrity Model
Aimed at commercial rather than military applications. Based on well-formed transactions and separation of duty among users
Policy combinations and conflict resolution
An access control mechanism may apply multiple policies to a given class of resources.
True
An access right describes the way in which a subject may access an object.
Subject
An entity capable of accessing objects
ds-property
An individual or role may grant to another individual or role access to a document based on the owner's discretion, constrained by the MAC
Audit
Anindependentreviewandexaminationofsystemrecordsandactivities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security, and to recommend any indicated changes in control, policy and procedures.
True
Any program that is owned by, and SetUID to, the "superuser" potentially grants unrestricted access to the system to any user executing that program.
Evaluation
Assessing whether the product has the security properties claimed for it.
Open policy
Authorizations specify which accesses are prohibited
Mandatory access control
Controls access based on comparing security labels (which indicate how sensitive or critical system resources are) with security clearances (which indicate system entities are eligible to access certain resources).
Discretionary access control
Controls access based on the identity of the requestor and on access rules (authorizations) stating what requestors are (or are not) allowed to do.
Role based access control
Controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles. Assign access rights to roles instead of individual users. In turn, users are assigned to different roles, either statically or dynamically, according to their responsibilities.
Sanitized Data
Data that may be derived from corporate data but that cannot be used to discover the corporation's identity
Biba
Deals with integrity and is concerned with the unauthorized modification of data. intended to deal with the case in which there is data that must be visible to users at multiple or all security levels but should only be modified in controlled ways by authorized agents.
Capability Ticket
Decomposition of an access matrix by rows -- specifies authorized objects and operations for a particular user. Integrity of the ticket must be protected since it is dispersed around the system. Ticket must be unforgeable
Security Clearance
Given to an individual
Security Classification
Given to an object
What type of access control system is BLP?
MAC
Chinese Wall Model
Makes use of both discretionary and mandatory access concepts to specify integrity and confidentiality. Involves objects, datasets, and conflict of interest classes.
True
Multilevel security is of interest when there is a requirement to maintain a resource in which multiple levels of data sensitivity are defined.
True
One way to secure against Trojan horse attacks is the use of a secure, trusted operating system.
Closed policy
Only accesses that are specifically authorized are allowed
Four levels of RBAC
RBAC0 - No hierarchy, no constraints. RBAC1 - Hierarchies, no constraints RBAC2 - No Hierarchies, constraints RBAC3 - Hierarchies and constraints
False
Security labels indicate which system entities are eligible to access certain resources.
Cardinality
Setting a maximum number with respect to roles
True
The Common Criteria for Information Technology and Security Evaluation are ISO standards for specifying security requirements and defining evaluation criteria.
Trusted Platform Module (TPM)
The _______ is a hardware module that is at the heart of a hardware/software approach to trusted computing.
Chinese Wall
The _________ Model was developed for commercial applications in which conflicts of interest can arise.
Access control list
The columns of an Access matrix -- yields the access rights of different users to an object
Owner
The creator of a resource
Authorization
The granting of a right or permission to a system entity to access a system resource. This function determines who is trusted for a given purpose.
True
The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.
World
The public. The least amount of access is granted to users who are able to access the system.
Isolation:
The reference monitor and database are protected from unauthorized modification
Verifiability
The reference monitor's correctness must be provable. That is, it must be possible to demonstrate mathematically that the reference monitor enforces the security rules and provides complete mediation and isolation.
Functionality
The security features provided by a product.
Complete mediation
The security rules are enforced on every access, not just, for example, when a file is opened.
Authentication
Verification that the credentials of a user or other system entity are valid.
the practice of dividing the steps in a system function among different individuals, so as to keep a single individual from subverting the process.
What is separation of duty?
Least Privilege
What is the principle that access control should be implemented so that each system entity is granted the minimum system resources and authorizations that the entity needs to do its work?
Dual control
When a task requires two or more individuals working in tandem
setUID
When a user w/ execute privileges executes the file, the system temporarily allocates the rights of the user's ID of the file creator or group to those of the user executing the file. Also known as "effective user id" and "effective group id"
Multilevel security
When multiple categories or levels of data are defined
Classification creep
When some information flows up and is now classified at a higher level than it was originally
Assurance
________ is a process that ensures a system is developed and operated as intended by the system's security policy.
Authorization
_________ is the granting of a right or permission to a system entity to access a system resource.
Mandatory Access Control
__________ controls access based on comparing security labels with security clearances.
Sanitized
__________ data are data that may be derived from corporate data but that cannot be used to discover the corporation's identity.
Access control
__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.
Constraints
__________ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization.
setGID
indicates that newly created files will inherit the group of this directory.
ss-property
no read up. A subject can only read an object of less or equal security level.
*-property
no write down. A subject can only write into an object of greater or equal security
Constraints
provide a means of adapting RBAC to the specifics of administrative and security policies in an organization. A defined relationship among roles or a condition related to roles. Includes mutually exclusive roles and cardinality
Mutually exclusive roles
roles such that a user can be assigned to only one role in the set. User can only be assigned to one role in the set and any permission can be granted to only one role in the set.
Fine and Coarse Specifications
the AC system should allow access to be regulated at the level of individual records and classes of resource access
