Security in Computing, 4th Edition

5.7. Terms and Concepts

trust, 242

trusted process, 245

trusted product, 245

trusted software, 245

trusted computing base, 245

trusted system, 245

security policy, 245

military security policy, 246

sensitivity level, 246

object, 246

need-to-know rule, 246

compartment, 246

classification, 248

clearance, 248

dominance, 248

subject, 248

hierarchical security, 248

nonhierarchical security, 248

ClarkWilson policy, 250

well-formed transaction, 250

constrained data item, 250

transformation procedure, 250

access triple, 250

separation of duty, 250

Chinese wall policy, 251

lattice model, 253

BellLa Padula model, 254

simple security property, 255

*-property, 255

write-down, 256

Biba model, 257

simple integrity policy, 257

integrity *-property, 257

GrahamDenning model, 257

HarrisonRuzzoUllman model, 259

command, 259

condition, 259

primitive operation, 259

protection system, 260

takegrant system, 261

least privilege, 265

economy of mechanism, 265

open design, 265

complete mediation, 265

permission-based access, 266

separation of privilege, 266

least common mechanism, 266

ease of use, 266

user authentication, 266

memory protection, 266

object access control, 266

enforced sharing, 267

fair service, 267

interprocess communication, 267

synchronization, 267

protected control data, 267

user identification and authentication, 269

mandatory access control, 269

discretionary access control, 269

object reuse, 270

magnetic remanence, 270

trusted path, 270

audit, 272

accountability, 272

audit log reduction, 272

intrusion detection, 273

kernel, 274

nucleus, 274

core, 274

security kernel, 274

reference monitor, 275

reference monitor properties:

tamperproof, 275

unbypassable, 275

analyzable, 275

trusted computing base (TCB), 275

process activation, 276

execution domain switching, 276

memory protection, 276

physical separation, 279

temporal separation, 279

cryptographic separation, 279

logical separation, 279

virtualization, 280

virtual machine, 280

virtual memory, 281

layering, 283

hierarchically structured operating system, 285

assurance, 287

flaw exploitation, 288

user interface processing flaw, 288

access ambiguity flaw, 288

incomplete mediation flaw, 288

generality flaw, 289

time-of-check to time-of-use flaw, 289

testing, 290

penetration testing, 291

tiger team analysis, 291

ethical hacking, 291

formal verification, 292

proof of correctness, 292

theorem prover, 292

validation, 295

requirements checking, 295

design and code review, 295

module and system testing, 295

open source, 295

evaluation, 296

Orange Book (TCSEC), 297

D, C1, C2, B1, B2, B3, A1 rating, 297

German Green Book, 300

functionality class, 301

assurance level, 301

British evaluation criteria, 301

claims language, 301

action phrase, 301

target phrase, 301

CLEF, 302

comparable evaluation, 303

transferable evaluation, 303

ITSEC, 303

effectiveness, 303

target of evaluation, 303

security-enforcing function, 303

mechanism, 303

strength of mechanism, 303

target evaluation level, 303

suitability of functionality, 303

binding of functionality, 304

vulnerabilities, 304

Combined Federal Criteria, 304

protection profile, 305

security target, 306

Common Criteria, 307

extensibility, 309

granularity, 309

speed, 309

thoroughness, 309

objectivity, 309

portability, 309

emphatic assertion, 311