Chapter 5 - Database Security, CS356 Ch. 4, Computer Security 5 & 6- Access Control and MAC, Ch 4-6

True

"No write down" is also referred to as the *-property.

Role

A __________ is a named job function within the organization that controls this computer system.

Security Class

A class assigned to each subject and object in BLP

Session

A mapping between a user and an activated subset of the set of roles to which the user is assigned.

No read up (ss-property), no write down (*-property)

A multilevel secure system for confidentiality must enforce: __

Group

A named group of users may also be granted access rights. In most schemes, a user may belong to multiple groups

Trusted Computing Base

A portion of a system that enforces a particular policy. The TCB must be resistant to tampering and circumvention. The TCB should be small enough to be analyzed systematically.

Assurance

A process that ensures a system is developed and operated as intended by the system's security policy.

Object

A resource to which access is controlled

True

A subject can exercise only accesses for which it has the necessary authorization and which satisfy the MAC rules.

Prerequisite

A user can only be assigned to a particular role if it is already assigned to some other specified role

True

A user may belong to multiple groups.

The __________ cloud infrastructure is a composition of two or more clouds that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.

A. hybrid A. hybrid B. community C. private D. public

The basic building block of a __________ is a table of data, consisting of rows and columns, similar to a spreadsheet.

A. relational database A. relational database B. query set C. DBMS D. perturbation

__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance. Access control Audit control System control Resource control

Access control

What are the three functions for a NIST RBAC compliant model?

Administrative functions Supporting system functions Review functions

Clark-Wilson Integrity Model

Aimed at commercial rather than military applications. Based on well-formed transactions and separation of duty among users

Policy combinations and conflict resolution

An access control mechanism may apply multiple policies to a given class of resources.

True

An access right describes the way in which a subject may access an object.

Subject

An entity capable of accessing objects

ds-property

An individual or role may grant to another individual or role access to a document based on the owner's discretion, constrained by the MAC

Audit

Anindependentreviewandexaminationofsystemrecordsandactivities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security, and to recommend any indicated changes in control, policy and procedures.

True

Any program that is owned by, and SetUID to, the "superuser" potentially grants unrestricted access to the system to any user executing that program.

Evaluation

Assessing whether the product has the security properties claimed for it.

__________ is verification that the credentials of a user or other system entity are valid. Authorization Audit Authentication Adequacy

Authentication

_________ is the granting of a right or permission to a system entity to access a system resource. Control Authentication Monitoring Authorization

Authorization

Open policy

Authorizations specify which accesses are prohibited

A(n) __________ is a structured collection of data stored for use by one or more applications.

B. database A. attribute B. database C. tuple D. inference

An end user who operates on database objects via a particular application but does not own any of the database objects is the __________.

B. end user other than application owner A. application owner B. end user other than application owner C. foreign key D. administrator

__________ refers to setting a maximum number with respect to roles. Exclusive Prerequisite Cardinality Hierarchy

Cardinality

__________ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization. Cardinality Mutually Exclusive Roles Prerequisites Constraints

Constraints

Mandatory access control

Controls access based on comparing security labels (which indicate how sensitive or critical system resources are) with security clearances (which indicate system entities are eligible to access certain resources).

Discretionary access control

Controls access based on the identity of the requestor and on access rules (authorizations) stating what requestors are (or are not) allowed to do.

Role based access control

Controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles. Assign access rights to roles instead of individual users. In turn, users are assigned to different roles, either statically or dynamically, according to their responsibilities.

__________ is an organization that receives the encrypted data from a data owner and makes them available for distribution to clients.

D. Server A. User B. Client C. Data owner D. Server

__________ is the traditional method of implementing access control. MAC DAC MBAC RBAC

DAC

Sanitized Data

Data that may be derived from corporate data but that cannot be used to discover the corporation's identity

Biba

Deals with integrity and is concerned with the unauthorized modification of data. intended to deal with the case in which there is data that must be visible to users at multiple or all security levels but should only be modified in controlled ways by authorized agents.

Capability Ticket

Decomposition of an access matrix by rows -- specifies authorized objects and operations for a particular user. Integrity of the ticket must be protected since it is dispersed around the system. Ticket must be unforgeable

A user program executes in a kernel mode in which certain areas of memory are protected from the user's use and certain instructions may not be executed. True False

False

External devices such as firewalls cannot provide access control services. True False

False

The authentication function determines who is trusted for a given purpose. True False

False

The two commands that SQL provides for managing access rights are ALLOW and DENY.

False

Traditional RBAC systems define the access rights of individual users and groups of users. True False

False

Security Clearance

Given to an individual

Security Classification

Given to an object

What type of access control system is BLP?

MAC

Chinese Wall Model

Makes use of both discretionary and mandatory access concepts to specify integrity and confidentiality. Involves objects, datasets, and conflict of interest classes.

True

Multilevel security is of interest when there is a requirement to maintain a resource in which multiple levels of data sensitivity are defined.

True

One way to secure against Trojan horse attacks is the use of a secure, trusted operating system.

Closed policy

Only accesses that are specifically authorized are allowed

__________ is based on the roles the users assume in a system rather than the user's identity. URAC RBAC DAC MAC

RBAC

Four levels of RBAC

RBAC0 - No hierarchy, no constraints. RBAC1 - Hierarchies, no constraints RBAC2 - No Hierarchies, constraints RBAC3 - Hierarchies and constraints

False

Security labels indicate which system entities are eligible to access certain resources.

Cardinality

Setting a maximum number with respect to roles

True

The Common Criteria for Information Technology and Security Evaluation are ISO standards for specifying security requirements and defining evaluation criteria.

Trusted Platform Module (TPM)

The _______ is a hardware module that is at the heart of a hardware/software approach to trusted computing.

Chinese Wall

The _________ Model was developed for commercial applications in which conflicts of interest can arise.

Access control list

The columns of an Access matrix -- yields the access rights of different users to an object

Owner

The creator of a resource

Authorization

The granting of a right or permission to a system entity to access a system resource. This function determines who is trusted for a given purpose.

True

The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.

World

The public. The least amount of access is granted to users who are able to access the system.

Isolation:

The reference monitor and database are protected from unauthorized modification

Verifiability

The reference monitor's correctness must be provable. That is, it must be possible to demonstrate mathematically that the reference monitor enforces the security rules and provides complete mediation and isolation.

Functionality

The security features provided by a product.

Complete mediation

The security rules are enforced on every access, not just, for example, when a file is opened.

A constraint is a defined relationship among roles or a condition related to roles. True False

True

A user may belong to multiple groups. True False

True

An access right describes the way in which a subject may access an object. True False

True

An auditing function monitors and keeps a record of user accesses to system resources. True False

True

Encryption can be applied to the entire database, at the record level, at the attribute level, or at the level of the individual field.

True

Reliable input is an access control requirement. True False

True

SQL Server allows users to create roles that can then be assigned access rights to portions of the database.

True

The main innovation of the NIST standard is the introduction of the RBAC System and Administrative Functional Specification, which defines the features required for an RBAC system. True False

True

The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner. True False

True

To create a relationship between two tables, the attributes that define the primary key in one table must appear as attributes in another table, where they are referred to as a foreign key.

True

Authentication

Verification that the credentials of a user or other system entity are valid.

the practice of dividing the steps in a system function among different individuals, so as to keep a single individual from subverting the process.

What is separation of duty?

Least Privilege

What is the principle that access control should be implemented so that each system entity is granted the minimum system resources and authorizations that the entity needs to do its work?

Dual control

When a task requires two or more individuals working in tandem

setUID

When a user w/ execute privileges executes the file, the system temporarily allocates the rights of the user's ID of the file creator or group to those of the user executing the file. Also known as "effective user id" and "effective group id"

Multilevel security

When multiple categories or levels of data are defined

Classification creep

When some information flows up and is now classified at a higher level than it was originally

Assurance

________ is a process that ensures a system is developed and operated as intended by the system's security policy.

Authorization

_________ is the granting of a right or permission to a system entity to access a system resource.

Mandatory Access Control

__________ controls access based on comparing security labels with security clearances.

Sanitized

__________ data are data that may be derived from corporate data but that cannot be used to discover the corporation's identity.

Access control

__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.

Constraints

__________ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization.

setGID

indicates that newly created files will inherit the group of this directory.

ss-property

no read up. A subject can only read an object of less or equal security level.

*-property

no write down. A subject can only write into an object of greater or equal security

An approval to perform an operation on one or more RBAC protected objects is _________ . exclusive role prerequisite support permission

permission

Constraints

provide a means of adapting RBAC to the specifics of administrative and security policies in an organization. A defined relationship among roles or a condition related to roles. Includes mutually exclusive roles and cardinality

A __________ is a named job function within the organization that controls this computer system. role permission user session

role

Mutually exclusive roles

roles such that a user can be assigned to only one role in the set. User can only be assigned to one role in the set and any permission can be granted to only one role in the set.

The final permission bit is the _________ bit. superuser set user kernel sticky

sticky

A __________ is an entity capable of accessing objects. object owner subject group

subject

Fine and Coarse Specifications

the AC system should allow access to be regulated at the level of individual records and classes of resource access