Studied by 2 people
Looks like no one added any tags here yet for you.
mechanisms
implement the enforcement of protection policies and control access to resources
policies
set rules for how resources should be accessed and used, providing guidelines for access control
principle of least privilege
A design principle stating that every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.
permissions
An entity's access rights to an object (e.g., a user's access rights to a file).
compartmentalization
The process of protecting each system component through the use of specific permissions and access restrictions.
audit trail
The collection of activities in a log for monitoring or review.
defense in depth
The theory that more layers of defense provide stronger defense than fewer layers.
privilege separation
a security technique that divides system operations into different levels of access or privileges, restricting higher-privileged tasks to certain users or processes to reduce the risk of unauthorized access or damage to critical system components
protection rings
a model for privilege separation where concentric rings represent different privilege levels, with inner rings having higher privileges
ring 3
the outermost ring with the lowest privileges, where user-mode code runs with restricted access
ring 0
the innermost ring with the highest privileges, where the kernel operates with full access
hypervisor
The computer function that manages the virtual machine; also called a virtual machine manager (VMM).
TrustZone (TZ)
ARM processor implementation of the most secure protection ring.
secure monitor call (SMC)
An ARM processor special instruction that can be used by the kernel to request services from the TrustZone.
hardware objects
The CPU, memory devices, input/output (I/O) devices, and any other physical components that are part of a computer
software objects
The software components that make up a computer or device (files, programs, semaphores, etc.).
need-to-know principle
The principle that only those resources currently needed should be available to use at a given time.
protection domain
In protection, a set of resources that a process may access. In virtualization, a virtual machine manager creates a protection domain for each guest to inform the CPU of which physical memory pages belong to that guest.
access right
The ability to execute an operation on an object.
domain switching
The mechanism for switching dynamic domains
access matrix
An abstract model of protection in which each row represents a domain, each column an object, and each entry a set of access rights.
confinement problem
The problem of guaranteeing that no information initially held in an object can migrate outside of its execution environment.
access list
a set of rules that controls the permissions granted to users or systems for accessing various resources, such as files, directories, or network services
capability list
a protection mechanism listing objects and the permitted operations on each
capability
a token or key representing an object's access rights in a capability list
role-based access control (RBAC)
a method of access control in which roles rather than individual users directly receive permissions, enhancing security and simplifying administration
mandatory access control (MAC)
security settings enforced by system policies that restrict access based on predefined rules and labels.
role
a predefined set of permissions assigned to users based on their organizational position or function within RBAC systems
discretionary access control (DAC)
permission system that allows users to decide who can access files and resources
labels
identifiers assigned to objects or users in a system; used to enforce security policies
