Deck 13: Trusted Computing and Multilevel Security

An entire database such as a financial or personnel database cannot be
maintained on a server with other files and still be classified as confidential or restricted.

Functionality is the security features provided by a product.

A component describes a specific set of security requirements.

The BLP model effectively breaks down when (untrusted)low classified
executable data are allowed to be executed by a high clearance (trusted) subject.

"No write down" is also referred to as the *-property.

The addition of multilevel security to a database system does not increase
the complexity of the access control function.

One of the most influential computer security models is the Bell-LaPadula
model.

The BLP model includes a set of rules based on abstract operations that
change the state of the system.

A subject can exercise only accesses for which it has the necessary
authorization and which satisfy the MAC rules.

An object is said to have a security clearance of a given level.

One way to secure against Trojan horse attacks is the use of a secure,trusted
operating system.

Problems with providing strong computer security involve only the design
phase.

The Common Criteria for Information Technology and Security Evaluation
are ISO standards for specifying security requirements and defining evaluation criteria.

Multilevel security is of interest when there is a requirement to maintain a
resource in which multiple levels of data sensitivity are defined.

_________ rules are security policy restrictions on the behavior of IVPs and TPs.

_________ rules are built-in system security mechanisms that achieve the objectives of the certification rules.

The __________ is a controlling element in the hardware and operating system of a computer that regulates the access of subjects to objects on the basis of security parameters of the subject and object.

The _________ model is aimed at commercial rather than military applications and closely models real commercial operations.

A subject is said to have a security _________ of a given level.

The _________ model is intended to deal with the case in which there is data that must be visible to users at multiple or all security levels but should only be modified in controlled ways by authorized agents.

An object is said to have a security ________ of a given level.

"No read up" is also referred to as the _________ property.

When multiple categories or levels of data are defined,the requirement is referred to as __________ security.

The ________ access mode allows the subject neither read nor write access to the object but may invoke the object for execution.

The __________ service is responsible for booting the entire operating system in stages and assuring that each portion of the OS,as it is loaded,is a version that is approved for use.

Trusted computing provides three basic services: authenticated boot,certification, and _________.

To structure the need for assurance the CC defines a scale for rating assurance consisting of _____ evaluation assurance levels ranging from the least rigor and scope for assurance evidence to the most.

_________ secure is a class of system that has system resources at more than one security level and that permits concurrent access by users who differ in security clearance and need-to-know,but is able to prevent each user from accessing resources for which the user lacks authorization.

In the United States the ______ and the NSA jointly operate the Common Criteria Evaluation and Validation Scheme.