Deck 13: Trusted Computing and Multilevel Security

The Biba models deals with confidentiality and is concerned with
unauthorized disclosure of information.

Multilevel security is of interest when there is a requirement to maintain a
resource in which multiple levels of data sensitivity are defined.

A subject can exercise only accesses for which it has the necessary
authorization and which satisfy the MAC rules.

The Common Criteria for Information Technology and Security Evaluation
are ISO standards for specifying security requirements and defining evaluation criteria.

One of the most influential computer security models is the Bell-LaPadula
model.

An entire database such as a financial or personnel database cannot be
maintained on a server with other files and still be classified as confidential or restricted.

"No write down" is also referred to as the *-property.

The BLP model includes a set of rules based on abstract operations that
change the state of the system.

A component describes a specific set of security requirements.

An object is said to have a security clearance of a given level.

Functionality is the security features provided by a product.

One way to secure against Trojan horse attacks is the use of a secure,trusted
operating system.

The addition of multilevel security to a database system does not increase
the complexity of the access control function.

Problems with providing strong computer security involve only the design
phase.

A subject is said to have a security _________ of a given level.

_________ rules are built-in system security mechanisms that achieve the objectives of the certification rules.

"No read up" is also referred to as the _________ property.

The ________ access mode allows the subject neither read nor write access to the object but may invoke the object for execution.

When multiple categories or levels of data are defined,the requirement is referred to as __________ security.

_________ rules are security policy restrictions on the behavior of IVPs and TPs.

The _________ model is aimed at commercial rather than military applications and closely models real commercial operations.

The _________ model is intended to deal with the case in which there is data that must be visible to users at multiple or all security levels but should only be modified in controlled ways by authorized agents.

The __________ is a controlling element in the hardware and operating system of a computer that regulates the access of subjects to objects on the basis of security parameters of the subject and object.

An object is said to have a security ________ of a given level.

In the United States the ______ and the NSA jointly operate the Common Criteria Evaluation and Validation Scheme.

_________ secure is a class of system that has system resources at more than one security level and that permits concurrent access by users who differ in security clearance and need-to-know,but is able to prevent each user from accessing resources for which the user lacks authorization.

Trusted computing provides three basic services: authenticated boot,certification, and _________.

The __________ service is responsible for booting the entire operating system in stages and assuring that each portion of the OS,as it is loaded,is a version that is approved for use.

To structure the need for assurance the CC defines a scale for rating assurance consisting of _____ evaluation assurance levels ranging from the least rigor and scope for assurance evidence to the most.