Chapter 3 - Security Engineering Flashcards
What is System Architecture?
- Architecture is a conceptual tool to understand the structure and behavior of a complex entity through different views. The views are based upon the needs of the stakeholders of that system.
- ISO 42010 defines five key System Architecture terms:
- Architecture: organization of a system embodied in its components, their relationships to each other and to the environment
- Architecture Description: Collection of documents that convey an architecture in a formal manner.
- Stakeholders: individual, team or organization that have an interest or stake in the system.
- View: representation of a system from a whole system from the perspective of a related set of concerns.
- View point: A template from which to develop individual views by establishing the purposes and audience for a view and the techniques for its creation and analysis.
What functionality does the CPU provide?
- The CPU is the brain of the computer and fetches instructions from memory and executes them.
- Control unit: It determines what application instructions get processed and in what priority and time slice.
- ALU performs mathematical functions and logical operations on data.
- Uses registers to hold information:
- General Registers are like scratch pads while the ALU is working.
- Special Registers: Contains program counter, Stack pointer, PSW.
- Program counter Register: contains the address of the next instruction.
- PSW: contains bits to indicate if the CPU should execute in user or privileged mode.
- Connected via an address bus, which is a hardwired connection, to the RAM chips, and I/O devices.
What is Multiprocessing?
- Symmetric mode, this means the processors are handed work as needed. Scheduler determines which processor is ready for more work and sends it on.
- When a processor is dedicated the system is working in asymmetric mode. This usually means the computer has some type of time-sensitive application that needs its own personal processor.
What is Random Access Memory (RAM)?
RAM is a type of temporary storage facility where data and program instructions can temporarily be held and altered. Considered volatile because when system reboots then information is lost. RAM is made up of millions of transistors and capacitors, and the capacitors hold a charge to represent 1 or no charge (0). Capacitors can’t hold the charge for long.
- Dynamic RAM (DRAM): dynamically refresh the capacitors charge making it slow.
- Static RAM (SRAM): holds bits in cells not capacitors. Users more transistors and therefore takes more space.
- Synchronous DRAM (SDRAM): coordinates its activities with the CPU clock so the timing of the CPU and the timing of the memory activities are synchronized.
- Extended data out DRAM (EDO DRAM): can capture the next block of data while the first block is being sent to the CPU. ‘Look ahead’ feature speeds up processing.
- Burst EDO DRAM (BEDO DRAM): Works like EDO Ram but it can send more data at once (burst).
- Double data rate SDRAM (DDR SDRAM): Carries out read operations on the rising and falling cycles of a clock pulse - twice the throughput.
What is Read Only Memory (ROM)?
ROM is a non-volatile memory type. ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called firmware.
- Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured but only once.
- Erasable programmable read-only memory (EPROM) can be erased, modified, and upgraded. To erase the data on the memory chip, shine UV light on the quartz.
- Electrically erasable programmable read-only memory (EEPROM): data storage can be erased and modified electrically by onboard programming circuitry and signals. This activity erases only 1 byte at a time.
- Flash memory is a special type of memory, solid state technology used more as a type of hard drive than memory. Flash memory basically moves around different levels of voltages to indicate that a 1 or 0 must be held in a specific address.
What is Cache memory?
- Used for high-speed writing and reading activities.
- Information needed by the CPU very quickly and very often is usually stored in cache memory.
What is a memory mapper and how does it provide security?
- Access to memory needs to be controlled to ensure data does not get corrupted and data is only accessed by authorized processes.
- CPU has physical wires connecting it to the memory chips, which allows the CPU to use Physical or Absolute addresses
- Operating systems enable software to access memory indirectly by using index tables and pointers, instead of giving them the right to access the memory directly.
- When a program attempts to access memory, its access rights are verified and then instructions and commands are carried out in a way to ensure that badly written code does not affect other programs or the system itself.
What allows a bufferover attack to take place?
- Buffer overflow takes place when there is insufficient input validation.
- Applications, makes function calls which uses a linear memory construct (FILO Stack). First adds a return pointer (RP), which is pointer to the application’s memory that tells the function to return control to the application after it has finished working through the values.
- Thus, if input validation is not performed, and a function call is made, malicious code can be inserted all the way to the RP, and overwrite the RP to point to the start of the malicious code just inserted. Allows the malicious code to be executed in the context of the application.
What are some memory protection techniques to prevent buffer overflow?
- Address Space layout Randomisation (ASLR): If an attacker needs to conduct a buffer overflow attack needs to know what memory address to send the attack. With ASLR the OS changes the addresses continously.
- Data Execution prevention (DEP): Implemented via CPU or OS, to ensure executable code doesnt function within memory segments that could be dangerous.
- Garbarge Collector, implemented by the OS to run an algorithim to identify unused commited memory and then mark the memory as available.
- Memory leaks can also be addressed via better programming.
How do OS manage processes?
- Applications work as individual units called processes , when a process is created the OS assigns resources to it, such as memory segment, CPU time slot, access to system APIs. The collection of instructions and assigned resources is a ‘process’.
- Multitasking allows the OS to maintain many processes in various execution states: running state (CPU is executing the instructions), ready state( waiting to send to the CPU), or blocked state (waiting for input data, such as keystrokes)
- OS keeps a process table, contains process state, pointer, memory allocation, when a process CPU time slice is over, all the information about a process is put into the table.
- Processes know when it can communicate CPU via interrupts. Two types of interrupts - maskable is assigned to an event that may not be overly important. Non-maskable interupt used for critical processes.
How are processes protected from each other? To ensure a malicious program doesnt negatively impact others.
- Encapsulation of objects: When a process is encapsulated, no other process understands or its internal programming code. Processes can communicate with other processes via interfaces.
- Time multiplexing of shared resources:
- Naming distinctions: Each process has its own name and ID value.
- Virtual memory mapping: OS dividies memory and assigns portions of it to the requesting process. Each process has its own memory space, ensuring processes do not interact improperly.
What does a memory management provide?
- Provide an abstration level for programmers, maximise performance with the limited amount of memory and protect the OS and applications loaded into memory.
Provides the following:
- Relocation: Swap contents from RAM to hard-drive. Systems use the hard-drive to extend RAM. When RAM is combined with hard-drive the result is virtual memory.
- Protection: Limit process to interact only with the memory segments assigned. Provide access control to segments.
- Sharing: Allow users with different levels to interact with the same app, complex controls to ensure Integrity, and confidentiality when processes to use shared resources.
- Logical organisation: Segment all memory types and provide adddressing scheme, allow for sharing of specific software modules.
- Physical organisation: Segment the physical space for application and OS processes.
How does the OS handle I/O devices?
- I/O devices are usually considered block or character devices. A block device works with data in fixed-size blocks, eg. disk drive. A character device works with a streams of characters such as NIC, or mouse.
- When an I/O device has completed its task, it needs to inform the CPU that data is memory is ready for processing. The OS maintains a table called Interrupt vector of all the I/O devices connected to it, including memory addresses.
OS can carry out software I/O procedures in various ways.
How does the CPU Architecture provide security?
- The CPU and OS need to be compatible to work together. The OS uses memory protection to ensure processes dont impact each other.
- The ring-based architecture of the CPU is another way to provide protection. Ring 0 is where the OS’s kernel (most trusted and powerful process) works. Ring 1 is where OS utilities reside, and the least trusted applications (applications) work in Ring 3.
- less trusted processes that are working in ring 3 send their communication requests to an API provided by the OS specifically to ensure communication between an untrusted process and a trusted process is controlled and safe.
- Process is assigned a status level by the OS, stored as PSW, and when the process needs to interact with the CPU, the CPU checks the process status level to know what it can or cannot do.
What are the types of OS Architectures?
OS architectures dictates how the pieces and parts of the OS interact with each other and provide the functionality that the applications and users require of it. Main differences in the architectural approaches come down to what is running in the kernel mode.
- Monolithic: Earlier OS acted as 1 software layer between the user applications and the hardware level, all code ran in priviledged state making mistakes and malicious activites. Not modular in nature.
- Layered: Seperates system functionality into hierarchical layers. 5 layers from 0 which is controlled access to the processor and layer 4 where the applications reside. Provides data hiding by not allowing layers with direct access to each other. Too many layers for even simple OS activities results in performance hit, and still too much code running in kernel.
- Microkernel: smaller subset of critical kernel processes, focusing maintly on memory management and interprocess communication. Other processes including device drivers run in user mode. Performance hit was to great.
- Hybrid Microkernel: Microkernel still exists. Other operating services work in a client/server model. If a user’s application needs the OS to carry out some type of functionality, it makes a request to the specific API of the system’s server service.
How do Virtual Machines work?
- Virtualization enables single hardware equipment to run multiple OS environments simultaneously, greatly enhancing processing power utilization, among other benefits.
- The virtual machines do not directly access these resources; instead, they communicate with a hypervisor within the host environment, which is responsible for managing system resources.
VMs allow:
- Consolidates the workloads of several under-utilized servers to fewer machines,
- provide secure, isolated sandboxes for running untrusted applications.
- retrofit new features in existing operating systems without “too much” work.
What are the components of System Security Architecture?
- Security Policy involves setting the goals of what the security mechanisms are supposed to accomplish.
- TCB is a collection of all the hardware, software, and firmware components within a system that provides some type of security and enforces the system’s security policy. Theprocesses within the TCB are the components that protect the system overall. They reside in ring 0, their instructions are executed in privileged state. OS maintains an isolated execution domain, so their processes cannot be compromised or tampered with.
- Security Perimeter is a boundary that divides the trusted from the untrusted. Precise communication standards must be developed for components in and out of the TCB.
- TCB & Security perimeter: are conceptual constructs do delineate between trusted and untrusted components and how they communicate.
- Reference Monitor: abstract machine that mediates all access subjects have to objects, both to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification.
- Security Kernel made up of hardware, software and firmware components that fall within the TCB. Provide isolation for the processes carrying out the reference monitor concept. Invoked in very access attempt and must be impossible to circumvent. Small enough to be tested and verified.
What are the Security models and what types of security do they provide?
-
Bell-LaPadula Model: 1st model of multilevel security policy, focuses on confidentiality.
- Simple security rule: Cannot read data of a higher level object
- * property rule: Cannot write down to lower level object
- Strong Star property rule: Can read & write to an object at the same security level
-
Bilba Model: Describes access controls for data integrity
- simple integrity axiom: Cannot read data of a lower level object
- * integrity axiom: Cannot write to a high level object
-
Clark-Wilson Model: Ensure properly formatted transactions take place:
- Subjects access objects through authorised programs
- Seperation of duties is enforced
- Auditing is required
- Noninterference Model: multilevel security model states that commands and activities performed at one security level should not be seen by, or affect, subjects or objects at a different security level.
- Brewer and Nash Model: allows for dynamically changing access controls that protect against conflicts of interest
- Graham-Denning Model: shows how subjects and objects should be created and deleted, and how to assign specific access rights.
- Harrison-Ruzzo-Ullman Model shows how a finite set of procedures can be available to edit the access rights of a subject.
What is Common Criteria?
Common Criteria is a framework within which users specify their security requirements and vendors make claims about how they satisfy those requirements, and independent labs can verify those claims. 7 assurance levels from 1-7.
Components of CC:
- PP: Description of a needed security solution
- TOE: Product proposed to provide a needed security solution.
- ST: Vendor defines what the product does and how it defines it
- Security functional requirements: Specifies the individual security functions provided by the product
- Security assurance requirements: Measures taken during development and evaluation of the product for assurance.
- EAL packages: Functional and assurance requirements that must be met to achieve certification.
What is the difference between certification and accreditation for products?
- Certification is a technical review that assesses the security mechanisms and evaluates their effectiveness. Accreditation is management’s official acceptance of the information in the certification process findings.
- Any major addition of software, changes to the system, or modification of the environment should initiate a new certification and accreditation cycle.
What is cloud computing?
Cloud computing is the use of shared, remote computing devices for the purpose of providing improved efficiencies, performance, reliability, scalability, and security.
- Software as a Service (Saas): Specific application that executes on the service providers environment. e.g word app.
- Platform as a Service (Paas): Spawning an instance of Server 2012 R2 to provide a web server. Service provider is responsible for securing the platform. User doesnt get admin privileges
- Infrastructure as a Service (Iaas): Unfetted access to the cloud devices. Service provider is not responsible for security.
Parrell computing is the use of simultaneous us of multiple computers to solve a speific task, can be achieved using bit level, instruction-level and task-level.
What are the security issues for Databases?
- Aggregation is the act of combining information from separate sources. The combination of the data forms new information, which the subject does not have the necessary rights to access.
- Preventing Aggregation: To prevent access to the whole combination, the individual components can be placed into containers at higher classification level. Also subjects’ queries should be tracked and a context-dependent access control can be enforced - keeping a history of all requests and denying a request if it appears to be aggregation attack.
- Inference: happens when a subject deduces the full story from the pieces he learned of through aggregation.
- Preventing inference: Using context-dependent access control, and cell suppression - hiding specific cells that contain information could be used in inference attacks. Partitioning a database involves dividing the database into different parts to make harder for individuals to connect the pieces. Noise and pertubation technique for inserting bogus information for misdirecting an attacker.