Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
43 Cards in this Set
- Front
- Back
What are the 8 security models? |
|
|
What are the 3 information systems evaluation models? |
|
|
What is a model? |
A model is a simplified representation used to explain a real world system. |
|
What does DAC stand for? |
Discretionary access control. |
|
What does RBAC stand for? |
Role-based access control. |
|
What does NRU stand for? |
No Read Up |
|
What does NWD stand for? |
No Write Down |
|
What is the Bell LaPadula Security Model? |
|
|
What is the Biba security model? |
The first formal INTEGRITY model, by preventing modifications to data by unauthorized persons.
NRD, NWU |
|
What is the Clark-Wilson Security Model? |
Integrity model with two principals: users and programs (called TPs) that operate on two types of data: UDIs and CDIs. |
|
What does UDI stand for? |
Unconstrained data items |
|
What does CDI stand for? |
Constrained data items |
|
What does TP stand for? |
Transformation procedures.
(Another word for programs) |
|
What does IVP stand for? |
Integrity Verification Procedure. |
|
What is an IVP? |
A type of TP that is used to transform UDIs into CDIs. |
|
What 2 sets of rules does the Clark-Wilson Security Model use? |
|
|
What is C1? |
An IVP must ensure that CDIs are valid. |
|
What is C2? |
From a give CDI, a TP must transform the CDI from one valid state to another valid state. |
|
What is C3? |
Allowed relations (or "triples" that consist of a user, a TP, and one or more CDIs) must enforce separation of duties. |
|
What is C4? |
TPs must create a transaction log that contains all transaction details. |
|
What is C5? |
TPs that accept a UDI as input may perform only valid transactions on the UDI (to convert it to a CDI) or reject the UDI. |
|
What is E1? |
The system must permit only the TPs certified to operate on a CDI to actually do so. |
|
What is E2? |
The system must maintain the associations between users, TPs, and CDIs. The system must prevent operations outside of registered associations. |
|
What is E3? |
Every user must be authenticated before they may run a TP. |
|
What is E4? |
Only a TP's certifier may modify its associations. |
|
What is the Access Matrix Security Model? |
Two dimensional matrix that defines which subjects are permitted to access which objects. |
|
What is the Multi-Level Security Model? |
|
|
What is the MAC Security Model? |
|
|
What is the DAC Security Model? |
The owner of an object controls who and what may access it. Access is at the owner's DISCRETION. |
|
What is the Role-based Access Control (RBAC) Security Model? |
|
|
What is the Non-interference Security Model? |
|
|
What is the Information Flow Security Model? |
|
|
What are the 6 evaluation models? |
|
|
What is the formal name for Common Criteria? |
Common Criteria for Information Technology Security Evaluation |
|
What ISO # is Common Criteria? |
ISO 15408 |
|
What is EAL1? |
Functionally Tested. |
|
What is EAL2? |
Structurally tested. |
|
What is EAL3? |
Methodically Tested and Checked. |
|
What does EAL stand for? |
Evaluation Assurance Level. |
|
What is EAL4? |
Methodically Designed, Tested and Reviewed. |
|
What is EAL5? |
Semiformally Designed and Tested. |
|
What is EAL6? |
Semiformally Verified Design and Tested. |
|
What is EAL7? |
Formally Verified Design and Tested. |