BOOK: Ch 1, 3, 4 & 5 Flashcards Preview

CS6035 - Intro to Info Sec > BOOK: Ch 1, 3, 4 & 5 > Flashcards

Flashcards in BOOK: Ch 1, 3, 4 & 5 Deck (27)
Loading flashcards...
1
Q

Takes place when one entity pretends to be a different entity

A

A Masquerade

2
Q

Limit information system access to authorized users, processes acting on behalf of authorizedusers, or devices (including other information systems) and to the types of transactions and functions thatauthorized users are permitted to exercise.

A

Access Control

3
Q

Means that every access must be checked against theaccess control mechanism.

A

Complete mediation

4
Q

Means that the design of a security mechanism should be openrather than secret. For example, although encryption keys must be secret, encryptionalgorithms should be open to public scrutiny.

A

Open Design

5
Q

Can be viewed as a specific form of isolation based on object-oriented functionality.

A

Encapsulation

6
Q

In the context of security refers both to the development of securityfunctions as separate, protected modules and to the use of a modular architecturefor mechanism design and implementation.

A

Modularity

7
Q

Is a branching, hierarchical data structure that represents a set of potential techniques for exploiting security vulnerabilities

A

Attack Tree

8
Q

In this type of attack, the attacker is able to interceptcommunication between the UT and the IBS.

A

Injection of Commands

9
Q

Deals with computer-related assets that are subject to a variety of threats and for whichvarious measures are taken to protect those assets.

A

Computer Security

10
Q

In the nature of eavesdropping on, or monitoring of, transmissions.The goal of the attacker is to obtain information that is being transmitted.

A

Passive Attacks

11
Q

Involve some modification of the data stream or the creationof a false stream and can be subdivided into four categories: replay, masquerade,modification of messages, and denial of service.

A

Active Attacks

12
Q

Four means of authenticating a user’s identity.

A
  1. Something the individual knows.2. Something the individual possesses.3. Something the individual is (static biometrics). [Retina, fingerprint]4. Something the individual does (dynamic biometrics). [voice pattern, typing rhythm]
13
Q

How are hashed passwords are implemented?

A

The password and salt serve as inputs to ahashing algorithm to produce a fixed-length hash code. The hash algorithm isdesigned to be slow to execute in order to thwart attacks. The hashed passwordis then stored, together with a plaintext copy of the salt, in the password file forthe corresponding user ID.

14
Q

Biometric Enrollment, Verification and Identification

A
  1. Each individual who is tobe included in the database of authorized users must first be enrolled in the system. This is analogous to assigning a password to a user.2. Verification is analogous to a user logging onto a system by using a memory card or smart card coupled with a password or PIN.3. The individual uses the biometric sensor butpresents no additional information. The system then compares the presented templatewith the set of stored templates.
15
Q

Challenge-Response Protocol

A

In this case, the computer system generates a challenge, such as a random string of numbers. The smart token generates aresponse based on the challenge.

16
Q

Controls access based on the identityof the requestor and on access rules (authorizations) stating what requestors are (or are not) allowed to do.

A

Discretionary access control (DAC)

17
Q

Controls access based on comparingsecurity labels (which indicate how sensitive or critical system resources are) with security clearances (which indicate system entities are eligible to accesscertain resources).

A

Mandatory access control (MAC)

18
Q

Controls access based on the roles thatusers have within the system and on rules stating what accesses are allowed tousers in given roles.

A

Role-based access control (RBAC)

19
Q

In the context of access control, this is an entity capable of accessing objects. Generally, the concept of_____equates with that of process.

A

Subject

20
Q

In the context of access control, is a resource to which access is controlled. In general, an _____is an entity used to contain and/or receive information.

A

Object

21
Q

Are roles such that a user can be assigned to onlyone role in the set.

A

Mutually exclusive roles

22
Q

Refers to setting a maximum number with respect to roles. Onesuch constraint is to set a maximum number of users that can be assigned to a givenrole.

A

Cardinality

23
Q

Which dictates that a user can only be assigned to a particular role if it is already assigned to some otherspecified role.

A

Prerequisite Role

24
Q

Which is a suite of programs for constructing and maintaining the database and foroffering ad hoc query facilities to multiple users and applications.

A

Define a database management system (DBMS)

25
Q

Provides a uniform interface to the database for users and applications.

A

Query Language

26
Q

In a ____________, the basic building block is a relation, which is a flat table. Rows are referred to as tuples, and columns are referred to as attributes.

A

Relational DB

27
Q

Focuses on the requirements of “what” cloud services provide, not a “how to” design solution and implementation.

A

Cloud Computing Reference Architecture