Application and OS Security Flashcards
What is the main function of an OS from a bottom up view?
A collection of computer programs that manage the computer’s resources, such as the CPU , memory, disk drives.
What is the main function of an OS from a top-down review?
A collection of computer programs that provide an interface between a user and the hardware
What does each device have connected to the bus?
a device controller
What does a device driver do?
- communicates with the device controller
- enables data to be transferred between buffer and main memory
What must a CPU be able to do?
- distinguish between OS and application programs
- prevent application programs from executing privileged instructions
When is a bootstrap program loaded?
at power up or reboot
What is a bootstrap?
a technique of loading a program into a computer by means of a few initial instructions which enable the introduction of the rest of the program from an input device.
What is firmware?
a combination of a hardware device and computer instructions or computer data that reside as read-only software on the hardware device.
What does BIOS mean?
Basic Input/output System
What is the primary role of the BIOS?
to initialise and test hardware components and load the OS
What could malicious BIOS modification lead to?
- a permanent denial of service
- a persistent malware presence
What are the 5 steps of booting?
- execute BIOS boot block
- initialise and test low-level hardware
- load additional firmware modules
- select boot device
- use boot loader to load OS and run it
what does UEFI stand for?
Unified Extensible Firmware Interface
What do UEFI specs define?
interface between OS and firmware
What are 3 ways the bootloaders can be attacked?
- user-initiated installation of new BIOS code (most difficult to address)
- malware could re-flash the system BIOS
- network-based system management tools could cause an organisation-wide BIOS update attack
What is SMM?
System Management Mode - an operating mode of x86 CPU
What rootkits are in ring 3?
Usermode rootkits
What rootkits are in ring 0?
Kernelmode rootkits
What rootkits are in ring -1?
Hypervisor rootkits (bluepill)
What rootkits are in ring -2?
SMM rootkits
What does TPM stand for?
Trusted platform module
What is a TPM designed for?
- a chip with low cost
- embedded in a computing platform
- TPM is an international standard for a secure cryptoprocessor
What is a cryptoprocessor?
a dedicated microcontroller designed to secure hardware through integrated cryptographic keys
What does the TPM provide?
- a random number generator
- facilities for the generation of cryptographic keys
- remote attestation to create a nearly unforgeable hash key summary of the hardware and software configuration
- binding: encrypts data using the TPM bind key
- sealing: specifies the TPM state for the data to be decrypted
