Chapter 3 Security Engineering Flashcards

1
Q

ISO/IEC/IEEE 42010

A

systems and software engineering – architecture description (outlines specifications for system architecture frameworks and architecture languages)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an architecture view?

A

Architecture views expresses architects decision regarding each stakeholders concerns

Each view confirms to a particular viewpoint (eg Logical, physical, structural)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Baking in vs Bolting on security

A

Baking in : At architecture phase

Bolting on: At development phase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What do general registers hold

A

variables and temporary data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What do special registers hold

A

program counter

stack pointer

program status word

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does program counter register hold?

A

memory address of next instruction to be fetched

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is the significance of program status word

A

PSW holds different bits, one of the bits indicates if CPU should be in user mode or privileged mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the 6 different types of RAM

A
  1. Static
  2. Dynamic
  3. Synchronous
  4. EDO DRAM
  5. Burst EDO DRAM
  6. Double data rate DRAM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the characteristics of Static RAM

A
  • Fast
  • takes lot of space
  • more costly
  • uses transistors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the characteristics of Dynamic RAM

A
  • slow
  • less space
  • less costly
  • uses capacitors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the characteristics of Synchronous RAM

A

Synchronises clock of RAM with that of CPU for faster access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the characteristics of EDO DRAM

A

Has a look ahead feature to access data while first one is being sent to CPU

In Burst EDO DRAM, data can be sent in bursts of 4 blocks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the characteristics of Double Data Rate DRAM

A

Reads on both clock pulses, effectively doubling speed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the two common memory protection techniques

A

Address Space Layout Randomisation (ASLR)

Data Execution Prevention (DEP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is multi-tasking

A

multiple programs loaded in memory at same time

AND

multiple programs executed simultaneously by CPU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is difference between multi-tasking and multi-programming

A

To be checked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Asymmetric multi-processisng

A

Multiple CPUs can be used for processing at same time

Specific applications dedicated to one CPU

Good for time sensitive applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is Thrashing

A

when a computer spends more time moving data from one small portion of memory to other rather than processing the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the different types of memory addresses

A

Physical memory addresses used by CPU: Absolute addresses

Addresses used by software : Logical

Known address with offset : Relative addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Co-operative vs pre-emptive multi-tasking

A

processes voluntarily release resources vs forcefully (CPU decides amount of time)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is process spawning

A

creating new child processes is referred to as spawning processes

eg in linux/unix - command interpreter is a process itself and within it when commnads are executed like grep etc, they spawn new processes with characteristics similar to the parent process but with its own memory space

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

In what states can a process be in?

A
  1. Blocked state – waiting for inputs
  2. Ready state – waiting to send instructions to CPU
  3. Running state – being executed by CPU
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the responsibilities of Operating System

A
  • Creating new processes
  • Assigning them resources
  • Synchronizing communication
  • Making sure nothing insecure is taking place
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What does the OS Process table contain

A
  • One entry per process in the table
  • State of the process
  • Stack pointer
  • Memory allocation
  • Program counter
  • Status of open files
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

How does CPU switch between processes

A

CPU requires all of the information in process table loaded into registers for process execution. When process 1’s time is up and process 2 is to be executed, the process 1 information is moved back to the process table and maintained there till required again for process 1 to execute.

Break between two processes happens using interrupt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

what are the types of interrupts

A

Software Interrupts

Hardware Interrupts (used by devices)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

How do interrupts work

A

The s/w or h/w raises interrupts to the cpu.

The cpu then acknowledges or entertains the interrupt as per its decision

If one process needs to interrupt another process, OS decices on the priority to determine if the interruption should be allowed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Maskable vs non-maskable interrupt

A

maskable interrupt can be ignored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are the functions of Memory stacks

A
  • Each process has its own stack
  • It is in LIFO mode
  • Stack pointer is used to indicate to CPU where it is within the stack
  • Last instrcutuion in stack is the return pointer where the results or control are transferred
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is a thread

A

A thread is made up of the individual instruction set and the data that must be worked on by the CPU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Who creates a thread

A

A thread is created by a process

Each thread shares same resources of the process that created it eg memory space, file access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is multi-threading

A

Application running multiple tasks via threads at the same time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Give an example of how process can become malicious

A

An attacker can inject malicious instructions in a process. Since process is already verified by OS and running, such injections can end up executing the attackers code. To prevent this, processes should only accept instructions from a approved entity and that the instructions are validated before execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is a software deadlock

A

process A commits resource 1 and needs resource 2 to do the job while process B has committed resource 2 and needs resource 1 to do the job

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Why is process isolation required

A

To ensure different processes do not step on one another

36
Q

What are the 4 ways process isolation can be achieved

A
  1. Object encapsulation
  2. Time multiplexing of resources
  3. Virtual memory mapping
  4. Naming distinctions
37
Q

What are the goals of memory management

A
  1. Provide an abstraction layer for programmers
  2. Maximise performance using limited memory pool
  3. Protect OS and Apps in memory
38
Q

What are the memory manager roles

A
  1. Physical Organisation
  2. Logical Organisation (Abstraction)
  3. Protection (limit as per privilege)
  4. Sharing
  5. Relocation (swap different types)
39
Q

How are base and limit registers used

A

CPU assigns base and limit memory address to process

CPU compares the base and limit address in the thread that is sent to it for execution

40
Q

How is data held in RAM

A

Encyrpted data is generally unencrypted while it resides in RAM. However if the RAM uses HDD as virtual memory, this unencrypted data or the keys can become available in the HDD To attackers in unencrypted form

41
Q

What are the ways CPU and Memory interacts with IO devices

A
  1. Programmable IO (CPU sends information and waits for IO, wastes time)
  2. Interrupt driven IO ( CPU moves on to other tasks till IO is ready. Overheads of managing multiple interrupts)
  3. Direct Memory Access/ DMA – IO is fed by the DMA controller. This is also known as unmapped IO
  4. Pre-mapped IO – CPU trusts IO device and lets it access physical memory directly
  5. Pre-mapped IO – CPU trusts IO device and lets it access physical memory directly
42
Q

What do protection mechanisms of the OS ensure

A
  • processes do not negatively affect each other or critical components of the system itself
    1. Memory Protection
    2. Ringed architecture
43
Q

What is a process domain

A

A collection of resourcese available to the process such as

  • memory segments,
  • files,
  • system services,
  • peripheral devices etc
44
Q

What are the different types of OS Architectures?

A
  1. Monolithic
  2. Layered OS
  3. Microkernel
  4. Hybrid Microkernel

5.

45
Q

What are the featuers of monolithic architecture

A

all OS processes work in kernel mode.

Applications avail services through system calls.

Too many components interact directly with hardware which increases complexity

46
Q

Explain Layered OS architecture

A

separates system functionality into hierarchical layers (however a lot of code still ran in kernel mode)

47
Q

Explain Microkernel architecture

A

Only certain areas such as memory management and interprocoess communication run in kernel mode. Other OS compoentns such as protocols, device drivers etc run in User mode. However this too affected performance since mode transitions (ie from user mode to kernel mode) had to be done

48
Q

How does a hybrid microkernel work

A
  1. All OS processes run in kernel mode
  2. Core processes run within a microkernetl
  3. Others run in a client server model

(Windows uses hyrid microkernel)

49
Q

What is a trusted computing base

A

a collection of hardware, software and firmware that provides and enforces security

Some of them are directly responsible for security e.g memory manager, others need to behave eg. Not attempting direct access to hardware etc

in a way , the OS kernel is the TCB

Basically any part of a system that can be used to compromise the system or put it in an unstable condition is considered part of the TCB

50
Q

What is a trusted path?

A

a communication channel between user/application and TCB

51
Q

What is the role of OS in relation to TCB

A

TCB Executes in its own execution domain

OS ensures that TCB and nonTCB processes interact in a secure manner

52
Q

What is the security perimeter in relation to TCB

A

It is the imaginary boundary between the trusted and non trusted

Communication across perimeter is controlled by interfaces ie APIs

53
Q

What is a reference monitor

A

A mechanism that ensures subject’s (program/user/processes) access to objects (file/program/resource) within the OS are as per necessary permission

54
Q

What does a reference monitor implement

A
  1. Mediates all access between subjects and objects
  2. Ensures subjects have necessary access rights
  3. Protect objects from unauthorise access and destructive modification
  4. Defines the design requirement that a reference validation mechanism must meet
  5. Access control decisions made in a central concerted manner
55
Q

Define key features of security kernel

A
  1. It is the core of the TCB
  2. Mediates all access and functions between subjects and objects
  3. Implements and enforces the reference monitor concept
56
Q

What are the three main requirements that a security kernel should fullfill

A
  1. o Process carrying out reference monitor should be isolated and tamperproff
  2. o Must be invoked for every access attempt
  3. o Must be small enough to be tested and verified in a complete comprehensive manner
57
Q

Distinguish between Reference monitor, Security Kernel, and Trusted computing base

A

Reference Monitor

Security Kernel

Trusted Computing Base

Abstract model of controlling access of subject to object

Implementation of reference monitor through hardware , software and firmware

Sumtotal of all components in a system that enforce a security policy (includes security kernel)

58
Q

What is a security model

A
    • Maps the abstract goals of the security policy to information system terms
    • Specifies explicit data structures and techniques necessary to enforce security policy
    • Usually represented as mathematical and analytical ideas

a security policy provides certain goals and the security model provides the necessary mathematical formulas, relationships and logic structure to be followed to accomplish this goal

59
Q

-Key points of Bell Lapadula

A

Uses Security Levels

  1. Simple security rule (No read up )
  2. * Property (no write down)
  3. Strong star property (read/write only on same level)
60
Q

Key points of Biba model

A

Uses Integrity levels

    • *-integrity axiom (no write up)
    • Simple integrity axiom (no read down)
    • Invocation property (lower integrity subject cannot invoke higher integrity subject)
61
Q

What does “Simple”and * mean in security models

A

(If the word simple is used, it is about reading. If the word * is used it is about writing)

62
Q

What is the Clark-wilson model

A

it is an integrity model

users data access only through program

separation of duties is enforced

63
Q

what are the 4 elements used in clark wilson

A
    • Transformation procedure (TP)
    • Constrained Data items (CDI)
    • Unconstrained data items (UDI)
    • Integrity verification procedures (IVP)
64
Q

How does Clark-wilson model work

A
    • Users cannot directly access CDI
    • TP will carry out operations on behalf of user (user cannot modify without using TP)
    • “Access triple” of subject (user)/ program (TP) / Object (CDI)
    • UDI does not require high level of protection and can be manipulated directly by user
    • IVP ensures data manipulation follows defined integrity rules
65
Q

What is non-interference model

A
  • concerned with what a subject knows or can come to know about the state of the system
  • Higher level process should not be able to affect a change to a lower level process
66
Q

What is the real intent of noninterference model

A

to address covert channel communications

67
Q

what is the Brewer and Nash model (Chinese wall)

A

ubject can read / write to object if and only if subject cannot read another object that is in a different data set

Protects from conflict of interest

68
Q

What are the eight primitive protection rules from Graham Denning model

A

How to securely create & delete a subject and object (4)

How to securely provide read / grant / Delete/ Transfer access right (4)

69
Q

What is the Harrison-Ruzzo-Ullman model

A

Maintains the integrity of the access rights

(in situations where command X requires execution of A,B,C,D processes in order to succeed, it is essential to ensure that X has the right levels of access rights for all 4)

70
Q

What is ISO/IEC 15408

A

It is “common criteria”for systems evaluation.

A framework in which

  • Users specify security requirements from a product
  • Vendor makes claim of how product meets the requirement
  • Independent labs test the product
71
Q

What are the two questions that common criteria help to answer?

A
  1. What does the product’s security mechanism do (functionality)
  2. How sure are you of that (assurance)
72
Q

What are the 7 evaluation assurance levels (EAL) of common criteria

A

EAL 1 – Functionally tested

EAL 2- Structurally tested

EAL 3 –Methodically tested and check

EAL 4 – Methodically designed, tested and reviewed

EAL 5 – Semiformally designed and tested

EAL 6 – semiformally verified design and tested

EAL 7 – formally verified design and tested

73
Q

What is the meaning of formal verification in common criteria

A

Formal verification means it is based on a system that can be mathematically proven

74
Q

What are the protection profiles used by common criteria in its evaluation process

A

Provides a means to identify specific security needs

Provides goals and security mechanisms to achieve the security level

Generally contains three sections

  • Security problem description (problem statement)
  • Security problem objectives (functionality required in order to address problem statemet)
  • Security requirements (specific requirements that can be used by developers and evaluators alike)
75
Q

what is the relevance of protection profiles in common criteira

A

protection profiles describe the functionality, assurance, description and rationale of product requirements

76
Q

Is it enough to have certification on a specific assurance level?

A

Having a specific assurance level means the product has the potential to provide required security. It needs to be properly configured by customer by using vendor documentation and maintained throughout its life-cycle to obtain the rated level of security

77
Q

What are the Different components of common criteria

A

Protection profile – Defines problem statement ie description of a needed security solution

Target of evaluation (TOE) – proposed product

Security Target – vendor statement of “This is what our product does and how it does it”

Security functional requirements – Individual security functions details

Security assurance requirements – measures to ensure compliance with functionality

Packages –EAL – describes what must be met to achieve specific EAL ratings (functional and assurance requirements bundled for reuse)

78
Q
A
79
Q

What are the different levels of parallel computing

A

Bit level paraleelism (most CPUs use this today. Hence 64 bit is faster than 32 bit architectures)

Instruction level parallelism ( works on multi-core CPU concept)

Task level parallelism ( each task/thread runs in parallel)

Data parallelism – distribution of data on big data platforms

80
Q

What are some of the security issues related to database?

A

Aggregation ( using a subset of information to derive the whole story)

Inference (using individual pieces to infer data e.g a clerk accessing food movements to track troop movement)

81
Q

How can inference based attacks be prevented

A
  • Content dependent checks (security levels)
  • Context dependent checks (sequence of access, abnormal pattern of access etc)
  • Cell Suppression (hide specific cells that contain information)
  • Partitioning
  • Noise and perturbation (adding dummy or nonsense data)
82
Q

What are the three different type of Industrial Control Systems

A
  1. Programmable Logic Controllers (PLC) – these were used to control individual conveyor belts or other manufacturing machinery
  2. Distributed control systems (DCS) – PLC is localized to a machine, but DCS can be used for supervised, coordinated control across machines
  3. Supervisory control and data acquisition (SCADA) – across longer distances, eg DCS could be used for a single power plant while SCADA used across a power distribution network

Few common threats

83
Q

What are maintenance hooks

A

use of backdoors by deverlopers to gain access to code for troubleshooting or updates. Can be misused by attackers if found out

84
Q

What is TOC/TOU attack

A

time of check and time of use. Attacker jumps in between two tasks and modifies something to control the result

85
Q

What is a race condition

A

an attack in which attacker makes processes execute out of seqeuence to control the result ( e.g performing authorization before authentication)