Architecture Flashcards

1
Q

Multi-Tasking

A

Multi-Tasking: A system can perform more than one Process at a time
• Pre-emptive multi-tasking mode: The operating system manages use of system resources.
• Cooperative mode: An application manages use of system resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Multi-Processing

A

Multi-Processing: is the use of two or more central processing units (CPUs) within a single computer system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Multi-Threading

A

Multi-Threading: A system can manage use by more than one user at a time or multiple requests within
a single process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Multi-Programming

A

Multi-Programming: A system that can have two or more programs running on one CPU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The Ring Model

A
The Ring Model- Processes communicate between layers via system calls
o	Ring 0- Kernel
o	Ring 1- Other OS Components not in 0
o	Ring 2- Device Drivers
o	Ring 3- User apps
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Hypervisor mode

A

Hypervisor mode (aka Ring -1) allows virtual guests to operate in Ring 0
o Type 1 (aka bare metal) runs directly on host HW (VMWare ESX)
o Type 2 runs as an app on normal OS (eg VMware Workstation, VirtualBox)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Computer bus

A

Computer bus- communication channel between CPU, memory, & I/O devices. Some computers use 2 buses:
o Northbridge- (aka MCH- Memory Control Hub) between CPU, RAM, video memory
o Southbridge- (aka ICH- I/O controller Hub) connects I/O devices (slower than Northbridge)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

components of a CPU

A

The three components of a CPU:
• Control Unit: Manages CPU access
• Registers: Keeps track of memory location of next set of instructions and manages state
• Arithmetic Logic Unit (ALU): Performs calculations, fed by the control unit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

FDX

A

Fetch & Execute- CPUs fetch machine instructions and execute them in 4 steps (FDX- fetch, decode, execute):

  1. Fetch
  2. Decode
  3. Execute
  4. Write result
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Pipelining

A

Pipelining- combines multiple FDXs into one combined process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Interrupt

A

Interrupt: A special input into the CPU. An interrupt table tells the CPU where to go to address the interrupt condition (where to find the interrupt handler).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Task

A

Task- a heavyweight process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Thread

A

Thread- child processes (LWP- lightweight process) spawned by a process; share memory for lower overhead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Watchdog timer

A

Watchdog timer- recovers/reboots a system after a critical process hangs or crashes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CISC

A

CISC (Complex Instruction Set Computer)- larger set of machine instruction (x86)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

RISC

A

RISC (Reduced Instruction Set Computer)- used in Sparc, PDAs, Cell phones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

RAM

A

RAM- hold instructions and data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Cache

A

Cache- fastest; used by CPU registers; uses SRAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

SRAM

A

SRAM (Static)- flip-flops store bits; maintains integrity as long as power is supplied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

DRAM

A

DRAM (Dynamic)- stores bits in capacitors; slower & cheaper; leak charge and must be refreshed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

ROM

A

ROM- stores firmware, BIOS; types are EPROM & EEPROM (e.g. flash)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Virtual Memory

A

Virtual Memory: Using secondary storage to simulate RAM. This process is also referred to as paging or swapping.
o A security risk with virtual memory is that files may not be deleted after use.
o Page fault- occurs when kernel attempts to access a page stored in swaps space
o Thrashing- sys spends large amounts of time copying data to/from swap space

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

WORM

A

WORM- Write once read only storage can be used for records retention (CD-R, DVD-R)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Absolute Address

A

Absolute Address: (Direct) The actual physical address of the memory segment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Base Address

A

Base Address: (Indirect) A reference point for other addresses

26
Q

Relative Address

A

Relative Address: The location of the memory segment based on its offset from the Base Address

27
Q

Firmware

A

Firmware- stores small programs (eg BIOS) in ROM chips
o PROM- programmable, written once at factory
o EPROM- erasable & written to using ultraviolet light
o EEPROM- electrically erasable via flash programs (eg flash/thumb drives)
o PLD- programmable logic device for field programming

28
Q

VMEscape

A

Virtualization Escape (VMEscape)- attacker exploits host or a guest from another guest; often not seen by NIDS

29
Q

Cloud Computing 3 levels of service

A

Cloud Computing has 3 common levels of service
o IaaS- Infrastructure; entire virtualized OS; lunix server hosting
o PaaS- Platform; preconfigured OS; used for web-apps
o SaaS- Software; preconfigured OS and apps; used for web mail

30
Q

Grid computing

A

Grid computing- harnesses a large number of dissimilar computers/devices

31
Q

P2P

A

Peer to Peer (P2P) networks- any system can be host, client; (eg Naptster, BitTorrent); hashing should be used to verify data integrity downloaded from P2P

32
Q

Emanations

A

Emanations- energy that escapes the system and can be monitored. TEMPEST was developed by the NSA for shielding

33
Q

Covert Channels

A

Covert Channels- any communication that violates security policy.
o Storage channels- uses shared storage for passing info
o Timing channels- relys on system clock to infer information

34
Q

Race Condition

A

Time of Check/Time of Use (TOC/TOU): aka Race Condition. An attack that takes advantage of the difference in time between when the system checks for an object and when it actually uses the object.

35
Q

Object Reuse

A

Object Reuse- Information left behind when the processor switches from one task to another and can be accessed by another task.

36
Q

Redirection of Interrupt

A

Redirection of Interrupt- Corruption of the interrupt table that sends the CPU to malicious code instead of the actual interrupt handler. This can cause one process to assume the priority of a higher level process

37
Q

Buffer Overflow

A

Buffer Overflow- The data being processed is entered into the CPU in blocks of time. If the software instructions do not properly set the boundaries for how much data can come in as a block, then extra data can slip in and be executed

38
Q

Maintenance Hooks

A

Maintenance Hooks: Allows access to a program without having to go through the usual access control and authentication process. (Also called Back-door, Trap-door, Privileged program or Worm-hole)

39
Q

State Machine model

A

State Machine model: A conceptual model (required to be in place for other security models) for all computers which ensures that no matter what activities take place within a system, it is protecting itself and will not slip into an insecure state. The State machine model is concerned with:
o Initial State
o State Transitions
o State variables

40
Q

Bell-LaPadula

A

Bell-LaPadula: Focuses on “Confidentiality” of information. Mandatory Access Control (MAC) model developed for the DoD. It is used in a multilevel environment. It uses an access control matrix. In this model, all Subjects (users) have a clearance level and all objects (information) have a classification level.
o No read up. (aka Simple Security Property)- a subject cannot read data of a higher security level
o No write down (aka * Security Property)- a subject cannot lower the classification of data
o No read/write up or down (aka Strong * Property)
o Stong Tranquility Property- security labels will not change during system operation
o Weak Tranquility Property- security labels will not change in a way that conflicts with defined security properties.

41
Q

Biba

A

Biba: Focuses on “Integrity” of information model. It uses an access control matrix. This addresses only one of the three concepts of integrity: Unauthorized user should make no changes.
o No read down (aka Simple Integrity Axiom)- a subject cannot pull data from a source with a lower integrity level
o No write up (aka * Integrity Axiom)- a subject cannot write data to a destination with a higher integrity level or invoke another process to do so
o Invocation property – A subject cannot invoke (call upon) subjects at a higher integrity level.

42
Q

Clark-Wilson

A

Clark-Wilson: real world “Integrity” model; uses two concepts: Well formed transactions- assurance is based on integrity verification procedure (IVP). It is comprised of the access control triple:

  1. User
  2. Transformation Procedure (TP)- a well formed transaction
  3. Constrained Data Item (CDI)- requires data integrity
  • Certification monitors integrity
  • Enforcement preserves integrity
  • Separation of duties ensures authorized users don’t change data in an inappropriate way
43
Q

Brewer-Nash

A

Chinese Wall Model (aka Brewer-Nash):
• The goal was to address conflicts of interest.
• developed to provide dynamic access controls that depended on the subject’s previous actions.
• Lattice-based access controls- depends on the role AND needs of the subject, the label of the object.
• Subjects have least upper bound (LUB) and greatest lower bound (GLB) of access.

44
Q

Information Flow Model

A

Information Flow Model- describe how info can flow. Eg Bell-Lapadula, Biba

45
Q

Noninterference model

A

Noninterference- model ensures data at different security domains remain separate

46
Q

Lattice Security Model

A

Lattice Security Model- Model consists of a set of objects constrained between the least upper bound and the greatest lower bound values.
• The least upper bound is the value that defines the least level of object access rights granted to a subject.
• The greatest lower bound is value that defines the maximum level of object access rights granted to a subject
• The goal of this model is to protect the confidentiality of an object and only allow access by an authorized subject

47
Q

Dedicated Mode

A

Dedicated Mode: This type of system handles a single classification of data and all users have access to everything on the system: Requirements include:
o Only one classification of data for a set time.
o All users must have the required clearance.
o All users must have a need-to-know

48
Q

System High mode

A

System high: mixed labels (confidential, secret, top secret). All subjects must posess clearance of highest object label

49
Q

Compartmental Mode

A

Compartmental Mode: All users have the clearance to access all information, but might not have the need-to-know all information.

50
Q

Multi-Level Mode

A

Multi-Level Mode: Allows two or more classifications of data to be processed at the same time. When all users do not have the same clearance level.

51
Q

TCB

A

Trusted Computing Base (TCB): All protection mechanisms within a computer system including hardware, firmware and software that contribute to ensuring a security policy. The TCB must be “Isolated” from the un-trusted areas of the system.
• Reference Monitor: (i.e. the law) An abstract machine that ensures that only authorized subjects can access objects. It mediates all access attempts using access rules.
• Security Kernel: (the police) Enforces the rules of the reference monitor. It is a combination of hardware, firmware and software located in the Trusted Computer Base.

52
Q

TCSEC

A
Trusted Computer Security Evaluation Criteria (TCSEC) aka Orange Book (originally orange):
Developed by the US government (NCSC (part of NIST) with help from NSA). 
Ratings represent a more granular look at each classification:
A1: Verified design
o	Formal Methods
B3: Security Domains (MAC)
o	Security Administrator
o	Trusted Recovery
o	Monitor events and notify security
B2: Structured Protection (MAC)
o	Trusted path
o	Separation of duties
o	Covert channel analysis
B1: Label Security (MAC)
o	Sensitivity labels
o	Mandatory access controls
o	Analysis of design specifications
C2: Controlled Access Protection (DAC) (Most commercial applications)
o	Individual accountability
o	Protect audit trails
C1: Discretionary Security Protection (DAC)
o	Identification and Authentication
o	Discretionary protection resources
D: Minimal protection
53
Q

Rainbow Series

A

Rainbow Series- 35 different security standards; created by NCSC (National Computer Security Center, NIST); includes the Orange Book

54
Q

TNI

A

TNI (aka Red Book)- Trusted Network Interpretation like TSEC for network systems.

55
Q

ITSEC

A

Information Technology Security Evaluation Criteria (ITSEC)
This is a European standard for rating operating systems and applications. It evaluates functionality (trust) and assurance separately.
o Assurance ratings are: E0 – E6 (E6 is the highest assurance)
o Functionality ratings are F1 – F10 (F10 is the highest functionality)

56
Q

Common Criteria

A

The common criteria are developed as an international standard and are replacing both TCSEC, ITSEC, and Canadian version. ISO 15408
o Protection Profiles (PP): A specific set of functional and assurance requirements that are currently not available in another product.
o Security Target (ST): Is written by the vendor and explains the specifications of a product, including functionality and assurance.
o Target of Evaluation (ToE): Is the product or system to be evaluated.
o Evaluation Assurance Level (EAL): the eval score of the tested system
o Evaluation Packages: the additional offerings provided by the supplier

57
Q

EAL in the Common Criteria

A

There are seven EAL in the Common Criteria:
o EAL 1: Functionally tested
o EAL 2: Structurally tested
o EAL 3: Methodically tested and checked
o EAL 4: Methodically designed, tested and reviewed (most common for commercial offerings)
o EAL 5: Semi-formally designed and tested
o EAL 6: Semi-formally verified, designed and tested
o EAL 7: Formally verified, designed and tested

58
Q

PCI-DSS

A

PCI-DSS- Payment Card Industry Data Security Standard; requires security management, policies, procedures, network arch, sw design, and other measures

59
Q

Certification

A

Certification: The technical evaluation of compliance with security requirements for the purpose of accreditation

60
Q

Accreditation

A

Accreditation: The official management decision to operate the system

61
Q

public cloud

A

A form of cloud computing in which a company relies on a third-party cloud service provider for services such as servers, data storage and applications, which are delivered to the company through the Internet.

62
Q

private cloud

A

Private cloud is the phrase used to describe a cloud computing platform that is implemented within the corporate firewall, under the control of the IT department.

A private cloud is designed to offer the same features and benefits of public cloud systems, but removes a number of objections to the cloud computing model including control over enterprise and customer data, worries about security, and issues connected to regulatory compliance.