Architecture Flashcards
Multi-Tasking
Multi-Tasking: A system can perform more than one Process at a time
• Pre-emptive multi-tasking mode: The operating system manages use of system resources.
• Cooperative mode: An application manages use of system resources.
Multi-Processing
Multi-Processing: is the use of two or more central processing units (CPUs) within a single computer system
Multi-Threading
Multi-Threading: A system can manage use by more than one user at a time or multiple requests within
a single process
Multi-Programming
Multi-Programming: A system that can have two or more programs running on one CPU
The Ring Model
The Ring Model- Processes communicate between layers via system calls o Ring 0- Kernel o Ring 1- Other OS Components not in 0 o Ring 2- Device Drivers o Ring 3- User apps
Hypervisor mode
Hypervisor mode (aka Ring -1) allows virtual guests to operate in Ring 0
o Type 1 (aka bare metal) runs directly on host HW (VMWare ESX)
o Type 2 runs as an app on normal OS (eg VMware Workstation, VirtualBox)
Computer bus
Computer bus- communication channel between CPU, memory, & I/O devices. Some computers use 2 buses:
o Northbridge- (aka MCH- Memory Control Hub) between CPU, RAM, video memory
o Southbridge- (aka ICH- I/O controller Hub) connects I/O devices (slower than Northbridge)
components of a CPU
The three components of a CPU:
• Control Unit: Manages CPU access
• Registers: Keeps track of memory location of next set of instructions and manages state
• Arithmetic Logic Unit (ALU): Performs calculations, fed by the control unit
FDX
Fetch & Execute- CPUs fetch machine instructions and execute them in 4 steps (FDX- fetch, decode, execute):
- Fetch
- Decode
- Execute
- Write result
Pipelining
Pipelining- combines multiple FDXs into one combined process
Interrupt
Interrupt: A special input into the CPU. An interrupt table tells the CPU where to go to address the interrupt condition (where to find the interrupt handler).
Task
Task- a heavyweight process
Thread
Thread- child processes (LWP- lightweight process) spawned by a process; share memory for lower overhead
Watchdog timer
Watchdog timer- recovers/reboots a system after a critical process hangs or crashes
CISC
CISC (Complex Instruction Set Computer)- larger set of machine instruction (x86)
RISC
RISC (Reduced Instruction Set Computer)- used in Sparc, PDAs, Cell phones
RAM
RAM- hold instructions and data
Cache
Cache- fastest; used by CPU registers; uses SRAM
SRAM
SRAM (Static)- flip-flops store bits; maintains integrity as long as power is supplied
DRAM
DRAM (Dynamic)- stores bits in capacitors; slower & cheaper; leak charge and must be refreshed
ROM
ROM- stores firmware, BIOS; types are EPROM & EEPROM (e.g. flash)
Virtual Memory
Virtual Memory: Using secondary storage to simulate RAM. This process is also referred to as paging or swapping.
o A security risk with virtual memory is that files may not be deleted after use.
o Page fault- occurs when kernel attempts to access a page stored in swaps space
o Thrashing- sys spends large amounts of time copying data to/from swap space
WORM
WORM- Write once read only storage can be used for records retention (CD-R, DVD-R)
Absolute Address
Absolute Address: (Direct) The actual physical address of the memory segment
Base Address
Base Address: (Indirect) A reference point for other addresses
Relative Address
Relative Address: The location of the memory segment based on its offset from the Base Address
Firmware
Firmware- stores small programs (eg BIOS) in ROM chips
o PROM- programmable, written once at factory
o EPROM- erasable & written to using ultraviolet light
o EEPROM- electrically erasable via flash programs (eg flash/thumb drives)
o PLD- programmable logic device for field programming
VMEscape
Virtualization Escape (VMEscape)- attacker exploits host or a guest from another guest; often not seen by NIDS
Cloud Computing 3 levels of service
Cloud Computing has 3 common levels of service
o IaaS- Infrastructure; entire virtualized OS; lunix server hosting
o PaaS- Platform; preconfigured OS; used for web-apps
o SaaS- Software; preconfigured OS and apps; used for web mail
Grid computing
Grid computing- harnesses a large number of dissimilar computers/devices
P2P
Peer to Peer (P2P) networks- any system can be host, client; (eg Naptster, BitTorrent); hashing should be used to verify data integrity downloaded from P2P
Emanations
Emanations- energy that escapes the system and can be monitored. TEMPEST was developed by the NSA for shielding
Covert Channels
Covert Channels- any communication that violates security policy.
o Storage channels- uses shared storage for passing info
o Timing channels- relys on system clock to infer information
Race Condition
Time of Check/Time of Use (TOC/TOU): aka Race Condition. An attack that takes advantage of the difference in time between when the system checks for an object and when it actually uses the object.
Object Reuse
Object Reuse- Information left behind when the processor switches from one task to another and can be accessed by another task.
Redirection of Interrupt
Redirection of Interrupt- Corruption of the interrupt table that sends the CPU to malicious code instead of the actual interrupt handler. This can cause one process to assume the priority of a higher level process
Buffer Overflow
Buffer Overflow- The data being processed is entered into the CPU in blocks of time. If the software instructions do not properly set the boundaries for how much data can come in as a block, then extra data can slip in and be executed
Maintenance Hooks
Maintenance Hooks: Allows access to a program without having to go through the usual access control and authentication process. (Also called Back-door, Trap-door, Privileged program or Worm-hole)
State Machine model
State Machine model: A conceptual model (required to be in place for other security models) for all computers which ensures that no matter what activities take place within a system, it is protecting itself and will not slip into an insecure state. The State machine model is concerned with:
o Initial State
o State Transitions
o State variables
Bell-LaPadula
Bell-LaPadula: Focuses on “Confidentiality” of information. Mandatory Access Control (MAC) model developed for the DoD. It is used in a multilevel environment. It uses an access control matrix. In this model, all Subjects (users) have a clearance level and all objects (information) have a classification level.
o No read up. (aka Simple Security Property)- a subject cannot read data of a higher security level
o No write down (aka * Security Property)- a subject cannot lower the classification of data
o No read/write up or down (aka Strong * Property)
o Stong Tranquility Property- security labels will not change during system operation
o Weak Tranquility Property- security labels will not change in a way that conflicts with defined security properties.
Biba
Biba: Focuses on “Integrity” of information model. It uses an access control matrix. This addresses only one of the three concepts of integrity: Unauthorized user should make no changes.
o No read down (aka Simple Integrity Axiom)- a subject cannot pull data from a source with a lower integrity level
o No write up (aka * Integrity Axiom)- a subject cannot write data to a destination with a higher integrity level or invoke another process to do so
o Invocation property – A subject cannot invoke (call upon) subjects at a higher integrity level.
Clark-Wilson
Clark-Wilson: real world “Integrity” model; uses two concepts: Well formed transactions- assurance is based on integrity verification procedure (IVP). It is comprised of the access control triple:
- User
- Transformation Procedure (TP)- a well formed transaction
- Constrained Data Item (CDI)- requires data integrity
- Certification monitors integrity
- Enforcement preserves integrity
- Separation of duties ensures authorized users don’t change data in an inappropriate way
Brewer-Nash
Chinese Wall Model (aka Brewer-Nash):
• The goal was to address conflicts of interest.
• developed to provide dynamic access controls that depended on the subject’s previous actions.
• Lattice-based access controls- depends on the role AND needs of the subject, the label of the object.
• Subjects have least upper bound (LUB) and greatest lower bound (GLB) of access.
Information Flow Model
Information Flow Model- describe how info can flow. Eg Bell-Lapadula, Biba
Noninterference model
Noninterference- model ensures data at different security domains remain separate
Lattice Security Model
Lattice Security Model- Model consists of a set of objects constrained between the least upper bound and the greatest lower bound values.
• The least upper bound is the value that defines the least level of object access rights granted to a subject.
• The greatest lower bound is value that defines the maximum level of object access rights granted to a subject
• The goal of this model is to protect the confidentiality of an object and only allow access by an authorized subject
Dedicated Mode
Dedicated Mode: This type of system handles a single classification of data and all users have access to everything on the system: Requirements include:
o Only one classification of data for a set time.
o All users must have the required clearance.
o All users must have a need-to-know
System High mode
System high: mixed labels (confidential, secret, top secret). All subjects must posess clearance of highest object label
Compartmental Mode
Compartmental Mode: All users have the clearance to access all information, but might not have the need-to-know all information.
Multi-Level Mode
Multi-Level Mode: Allows two or more classifications of data to be processed at the same time. When all users do not have the same clearance level.
TCB
Trusted Computing Base (TCB): All protection mechanisms within a computer system including hardware, firmware and software that contribute to ensuring a security policy. The TCB must be “Isolated” from the un-trusted areas of the system.
• Reference Monitor: (i.e. the law) An abstract machine that ensures that only authorized subjects can access objects. It mediates all access attempts using access rules.
• Security Kernel: (the police) Enforces the rules of the reference monitor. It is a combination of hardware, firmware and software located in the Trusted Computer Base.
TCSEC
Trusted Computer Security Evaluation Criteria (TCSEC) aka Orange Book (originally orange): Developed by the US government (NCSC (part of NIST) with help from NSA). Ratings represent a more granular look at each classification: A1: Verified design o Formal Methods B3: Security Domains (MAC) o Security Administrator o Trusted Recovery o Monitor events and notify security B2: Structured Protection (MAC) o Trusted path o Separation of duties o Covert channel analysis B1: Label Security (MAC) o Sensitivity labels o Mandatory access controls o Analysis of design specifications C2: Controlled Access Protection (DAC) (Most commercial applications) o Individual accountability o Protect audit trails C1: Discretionary Security Protection (DAC) o Identification and Authentication o Discretionary protection resources D: Minimal protection
Rainbow Series
Rainbow Series- 35 different security standards; created by NCSC (National Computer Security Center, NIST); includes the Orange Book
TNI
TNI (aka Red Book)- Trusted Network Interpretation like TSEC for network systems.
ITSEC
Information Technology Security Evaluation Criteria (ITSEC)
This is a European standard for rating operating systems and applications. It evaluates functionality (trust) and assurance separately.
o Assurance ratings are: E0 – E6 (E6 is the highest assurance)
o Functionality ratings are F1 – F10 (F10 is the highest functionality)
Common Criteria
The common criteria are developed as an international standard and are replacing both TCSEC, ITSEC, and Canadian version. ISO 15408
o Protection Profiles (PP): A specific set of functional and assurance requirements that are currently not available in another product.
o Security Target (ST): Is written by the vendor and explains the specifications of a product, including functionality and assurance.
o Target of Evaluation (ToE): Is the product or system to be evaluated.
o Evaluation Assurance Level (EAL): the eval score of the tested system
o Evaluation Packages: the additional offerings provided by the supplier
EAL in the Common Criteria
There are seven EAL in the Common Criteria:
o EAL 1: Functionally tested
o EAL 2: Structurally tested
o EAL 3: Methodically tested and checked
o EAL 4: Methodically designed, tested and reviewed (most common for commercial offerings)
o EAL 5: Semi-formally designed and tested
o EAL 6: Semi-formally verified, designed and tested
o EAL 7: Formally verified, designed and tested
PCI-DSS
PCI-DSS- Payment Card Industry Data Security Standard; requires security management, policies, procedures, network arch, sw design, and other measures
Certification
Certification: The technical evaluation of compliance with security requirements for the purpose of accreditation
Accreditation
Accreditation: The official management decision to operate the system
public cloud
A form of cloud computing in which a company relies on a third-party cloud service provider for services such as servers, data storage and applications, which are delivered to the company through the Internet.
private cloud
Private cloud is the phrase used to describe a cloud computing platform that is implemented within the corporate firewall, under the control of the IT department.
A private cloud is designed to offer the same features and benefits of public cloud systems, but removes a number of objections to the cloud computing model including control over enterprise and customer data, worries about security, and issues connected to regulatory compliance.
