MSIS 4123 Exam 2 (Questions & Answers) Rated 100% Correct!!

MSIS 4123 Exam 2 "Secure", as in secure programs - No single definition; never 100% secure "The Cloud" - "Someone Else's Computer" "Upstream Early and Often" - Popular open source motto regarding code changes Access Control List - Each object has a list of right per object or user; inverse of a file directory Active fault detection - Prorgrams should watch for errors; redundant (duplicate) systems should take the place of failed systems if possible Apache License 2.0 - Can be applied to both copyrights and patents Appropriate Confidence Level in Trusted Software - Trust matches the sensitivity of the environment and the data ASCII - American Standard code for info interchange A standard for representing binary values as human -interpreted characters; a code sheet Assembly language - One step up from machine code; Uses words like "push" and "pop" and "add" Assurance (Trusted Systems) - Our belief that the O/S in implemented in a way that enforces the security policy Audit Logs - Track actions in computer; who did what, when Base Register - Variable fence register that sets the lower bound (lower memory location) Bell-LaPadula Model - Simple Security Property (no read up) * - Property (no write down) All about confidentiality Biba Model - Simple Integrity Rule (no read down) Integrity * -Property (no write up) All about the integrity of the data Biometrics - Authentication that relies on physical characteristics of user BIOS - The first set of instructions ran by a computer; stored in ROM Black Box Testing - Trying to break a program without looking at the code Bounds Register - Variable fence register that sets the upper memory location Brain Virus - Early prototype virus; boot sector virus Brute Force Attack - Trying every possible password combination BSD License - Fewer restrictions than GPL; New BSD restricts use of contributor names for endorsement of a derived work Buffer Overflow - Commiting more data to memory than has been allotted; this pushes data into other memory regions, can allow improper access Change Control - Senior group that reviews and decides on major software changes Chinese Wall Security Policy - Confidentiality; Working on X bars you from seeing Y; Law firm example Clark -Wilson Commercial Security Policy - Integrity and Confidentiality; well -formed transactions; separation of duty Clear Box Testing - Trying to break a program while having the advantage of also seeing the code. Code Red - Very bad virus; exploited IIS; used buffer overflow; different actions on different days Cohesion - We want high cohesion; all code in a module relates to that module Commerical Security Policies - No formal clearances; poor regulation of rules; internal data vs everything else Common Criteria - US/Canadian rewrite of the DoD Orange Book; 1992 Compiled code - All the code is turned into machine code at once; An .exe file is compiled code Complete Mediation - Every access attempt is checked Concurrency Managment - Concurrency management is ensuring that many people can change data at the same time but in some sane order Contributor (Open Source Software) - Someone who has made new code or code changes that are accepted into the original source code Counting in binary - Number right to left starting with 1 and doubling to 256. Add all the numbers over a "1" in binary