Security design principles

Technologies used to ensure confidentiality, integrity and availability

Understand the basic concepts of security models

Select controls based on system security requirements

Understand the security capabilities of information systems

Ability to define objects and subjects from an access perspective. A principal is a user or process that makes an access request to a resource. object Refers to the resource that the user or process wants to access.

Ability to describe open and closed systems. Open systems are designed using industry standards and are usually easy to integrate with other open systems. Closed systems typically consist of proprietary hardware and/or software. Their specifications are often not public and they are often difficult to integrate with other systems.

Learn about open source and closed source. Open source solutions are solutions where the source code and other internal logic are made available to the outside world. A closed source solution is one in which the source code and other internal logic are kept secret from the outside world.

Know what the default security configuration is. Never assume that any product's default settings are secure. In all cases system administrators and/or corporate security personnel should be asked to change product settings in accordance with organizational security policies.

Understand the concept of fail-safe. Fault management includes programming error handling (i.e. exception handling) and input cleanup; fail-safe capabilities (fail-safe and fail-safe) should be integrated into the system.

Know what the "keep it simple" principle is. “Keep it simple” means that environments, institutions, or products should be avoided from being overly complex. The more complex the system, the harder it is to ensure security.

Learn about zero trust. Zero trust is a security concept that says nothing within an organization should be automatically trusted. Every activity or access request should be assumed to come from an unknown and untrusted location until it is otherwise verified. This concept means "never trust, always verify." The zero trust model is based on “assumed breaches” and differentiated network segments.

Know what privacy by design is. The Privacy by Design (PbD) principle is to integrate privacy protection mechanisms into products during the product design stage, rather than trying to add them after product development is completed. The PbD framework is based on 7 basic principles.

Learn about “trust but verify.” "Trust but verify" refers to a traditional security approach that automatically trusts subjects and devices within a company's security perimeter. This approach to security not only leaves organizations vulnerable to insider attacks, but also allows intruders to easily move laterally between internal systems.

Know what qualifications, boundaries and isolation are. Limits restrict a process's ability to read and write certain memory locations. A bound is a memory limit that a process cannot exceed when reading or writing. Isolation is a mode that limits processes to run within a restricted range through memory boundaries.

Understand the working principles and functions of security controls. Security control restricts subjects' access to objects through access rules.

Learn about trust and assurance. A trustworthy system is one in which all protection mechanisms work together to handle sensitive data for multiple types of users, while keeping the computing environment stable and secure. In other words, trust is a reflection of security mechanisms or capabilities. Assurance is the degree of confidence that security requirements are met. That is, assurance indicates how reliable a security mechanism is in providing security protection.

Define Trusted Computing Base (TCB). TCB is a combination of hardware, software, and controls that creates a trusted foundation for the execution of security policies.

Ability to explain safety boundaries. A security boundary is an imaginary boundary that separates the TCB from the rest of the system. TCB components communicate with non-TCB components through trusted paths.

Learn about reference monitors and security kernels. The reference monitor is a logical part of the TCB and is used to confirm whether a subject is authorized to use a resource before granting access to the child. The security kernel is a collection of TCB components that perform the reference monitor function.

Understand the details of each access control model. Understand access control models and their capabilities.

Understand the security capabilities of information systems. Common security capabilities include memory protection, virtualization, and trusted platform modules (TPM), encryption/decryption, interfaces and fault tolerance

1 You are building a new extension service and trying to connect it to existing computing hardware for core business functions. However, despite weeks of research and experimentation, you couldn't get the system to communicate. The CTO tells you that the computing hardware you are working on is a closed system. So, what is a closed system? A. Systems designed based on final or closed standards B. Systems that include industry standards C. Proprietary system using non-disclosure agreement D. No machines running on Windows

2. Hackers cracked the newly installed baby monitor connected to Wi-Fi and then virtually invaded the home, playing scary sounds to the baby to frighten the child. In this case, how did the attacker gain access to the baby monitor? A. The software scanner that has not been updated in time B. WAP supporting 5 GHz channel C. Social engineering attacks on children’s parents D.Use default configuration

3 To meet a deadline, you need to extract records and data items from a locally hosted database, several documents, several spreadsheets, and multiple pages from an internal server. Then, when you open a file, the system suddenly freezes with a blue screen of death. This event is officially known as a stall error and is an example of a way to deal with software failures. A. Fail open B. Fail safe C. Limit inspection D.Object-oriented

4 You are a software designer and want to limit the operation of a program you are developing. Have you considered using bounds and Isolation means, but not sure if they actually work as you hope. Later you discover that the original restriction method can achieve the restriction purpose you want. Which of the following best describes a restricted or constrained process? A. A process that can only run for a limited time B. Processes that can only run at certain times of the day C. Processes that can only access certain memory locations D. A process that can control access to an object

5. What valid operations occur when a trusted agent violates the Bell-LaPadula star property by wanting to write information to a lower-level object? A. Disturbance B. No interference C. Aggregation D. Remove security classification

6. Which security method, mechanism or model reveals the list of capabilities of a subject across multiple objects? A. Segregation of duties B. Access control matrix C. Biba D. Clark-Wilson

7. Which security model has the property that it theoretically has its own name or label, but when implemented in a solution, takes the name or label of the security kernel? A. Graham-Denning model B. Harrison-Ruzzo-UIlman (HRU) model C. Trusted computing base D. Brewer and Nash model

8. The Clark-Wison model achieves data integrity through a multifaceted approach. The Clark-Wilson model does not define a formal state machine. Instead, each data item and allowed data transformations are defined. Which of the following is not a party to a Clark-Wilson model access control relationship? A. Object B.Interface C. Input cleaning D. Subject

9. You discovered the concept of the Trusted Computing Base (TCB) while researching the security model upon which new computers are designed. So, what exactly is a trusted computing base? A. Hosts that support secure transmission on the network B. Operating system kernel, other operating system components and device drivers C. A combination of hardware, software, and controls that work together to enforce a security policy D. A predetermined set or domain of objects that the subject can access (i.e., a list)

10. What are safety boundaries? (Select all that apply.) A. Boundaries of the physical security area surrounding the system B. An imaginary boundary that isolates the TCB from the rest of the system C. A network equipped with a firewall D. Any connection to a computer system

11. Trusted Computing Base (TCB) is a collection of hardware, software and control that work together to form a trusted foundation for executing security policies. Which part of the TCB concept verifies access to each resource before granting the requested access? access? A. TCB partition B. Trusted library C. Reference monitor D.Security core

12. Security models allow designers to project abstract statements into security policies that specify the necessary algorithms and data structures for building hardware and software. Therefore, it can be said that the security model provides designers with a reference for measuring their own design and implementation plans. So, what is the best definition of a security model? A. A security model indicates the policies that an organization must follow. B. The security model provides the framework for executing security policies. C. The security model is a technical assessment of each part of the computer system and can be used to evaluate the system's consistency with security standards. D. The security model is used to host one or more operating systems in the memory of a single host and run applications that are incompatible with the host operating system.

13: The state machine model describes a system that is always safe no matter what state it is in. Security states and models The system always starts in a secure state, maintains a secure state across all transitions, and only allows subjects to access resources in a secure manner that complies with the security policy. Which of the following security models is built on the state machine model? A. Bell-LaPadula and acquisition-conception B. Biba fI Clark-Wilson C. Clark-Wilson and Bell-LaPadula D. Bell-LaPadula and Biba

14. Your assignment is to design core security concepts for a new government computer system. Details of the use of the concept are kept confidential, but confidentiality needs to be protected across multiple levels. Which of the following security models addresses the issue of data confidentiality in this context? A. Bell-LaPadula B. Biba C. Clark-Wilson D. Brewer and Nash

15, Belllaradula The highest-level security model is derived from the multi-level security policy of the U.S. Department of Defense. A master-level security policy states that principals with any level of permission can access resources at or below that permission level. Which property of the Bell-LaPadula model prevents a lower-level subject from accessing a higher-security level object? A. (Star) Security Attributes B. Attributes cannot be written upwards C. Attributes cannot be read upwards D. Attributes cannot be read down

16. The Biba model was designed after the Bell-LaPadula model. The Bell-LaPadula model deals with confidentiality, while the Biba model deals with integrity. The Biba model is also built on the state machine concept, is based on information flow, and is a multi-level model. What are the implications of the simple properties of the Biba model? A. Can be written down B. Can be read upward C. Cannot write upwards D. Cannot read down

17. The Common Criteria define various levels of testing and validation of a system's security capabilities, with the number on the level indicating which testing and validation was performed. Which part of the Common Criteria specifies the security performance that suppliers should be subject to evaluation? A. Protective outline B. Evaluate Assurance Level C. Authorized official D. Security Goals

18. The Authorization Officer (A0) may independently determine which security events or security changes will result in the loss of Authorization to Operate (ATO). investment Officials may also decide on 4 types of authorizations. Which of the following are examples of the ATO? (Select all that apply.) A. Universal Control Authorization B. Mutual authorization C. Refusal to authorize D.Transmission authorization E. License F. Verified Authorization

19. An operating system update brings significant changes to the previous system. During your testing, you discover that the system is highly unstable, allows integrity violations between applications, is susceptible to local denial-of-service attacks, and allows information to be leaked between processes. You suspect that a critical security mechanism has been disabled or broken by this update. What are the possible causes of these problems? A. Use of virtualization B. Lack of memory protection C. Does not follow the Goguen-Meseguer model D. Support storage and transmission encryption

20. As an application designer, you need to protect the data your software will access and process by implementing various security mechanisms. What is the purpose of implementing a constrained or restricted interface? A. Restrict the actions of authorized and unauthorized users B. Perform identity authentication C. Track user events and check for violations D.Exchanging data sets between primary memory and secondary memory