Chapter 4 - System Architecture Flashcards
IEEE/ISO 42010:2007
Systems and software engineering architecture description
Computer security
Defined as AIC
What is an architects job?
To successfully create views for each stakeholder into a single global plan
Register
A temporary storage location for the next CPU task
Arithmetic logic unit ALU
Actual execution of instructions occurs here, this is the brain of the processor
Control unit
The traffic cop of the CPU .. It serializes the requests from the registers to the ALU
General vs special registers
General registers hold variables and temporary data
Special registers hold more static data like program counters and pointers
What is the name for the bit that defines user mode vs privileged?
Program status word - PSW
What is another name for user mode and privileged mode respectively?
Problem state and kernel/supervisor mode
What is the difference between address bus and data bus?
Address bus tells the location what it’s looking for data bus is what allows the data to move between location and CPU
LIFO
Last in first out
The order things are processed on the memory stack (think mtg)
Return pointer
Usually the first message in telling where to send the data
Stack pointer
This is the current stack location while processing a stack
Program counter
Holds the memory address for the CPU actions needed
Cooperative multitasking vs preemptive multitasking
Cooperative means the resource programmatically releases the resources and preemptive means that the is controls all processing
Ready, blocked and running state?
Ready - waiting process
Running - executing process
Block - suspended
Process table
Think task manager
Maskable vs non-maskable interrupt
Maskable means that the CPU can ignore it and no maskable means the CPU must immediately execute it
Watchdog timer
System will reboot if critical systems fail
Threads
Individual instruction set
Software deadlock
When a resource is being used by another process and cannot continue, but the other process will not release until the first finishes
Process isolation
Ensuring that processes cannot use memory space of another process, this is required for preemptive multitasking
Process Encapsulation
When process A can only speak to an interface from process B
Data hiding
When one process does not know how another works, it simple sends to the interface between
Time multiplexing
Time slices for resources
Process naming distinction
PID is used to assist process isolation
Virtual memory addressing
Rather than address to memory applications address to the memory space allocated by the OS
Abstraction
The details of something are hidden
Memory manager functions?
Relocation - swap file, pointers
Protection - limit process access and access control
Sharing - complex controls govern memory space sharing
Local org - allow sharing of procedures like DLL
Physical org - virtual memory management
What is a base and limit register?
Base register is the beginning address of a memory segment and limit register is the last address
DRAM
Capacitive memory that requires a refresh to ensure the capacitors do not lose charge
SRAM
Static memory uses exclusively transistors and does not require refresh
Thrashing
Moving data around to free resources for more data
What is the difference between EEPROM and flash
EEPROM need firmware updates that write bit by bit over the previous
Flash can be rewritten at the block or device level and acts like a hard drive
Absolute addresses vs logical
Physical vs virtual memory
Buffer overflow
When the buffer is too large and malicious code can be inserted
If accepted input is larger than input there is a possibility of inserting data
ASLR - Address space layout randomization
When an OS randomized and shifts address spaces around in memory
DEP - data execution prevention
Locked down memory spaces for certain executables
Memory leaks
Not using proper code that will release memory
Programmed IO
The application requests that the IO take place, this is CPU wasteful
Interrupt IO
Byte is sent, CPU moves on, interrupt occurs, byte is sent
This is better but still uses the CPU
IO over DMA
Also called unmapped IO
Does not use the processor, it’s just sent from memory to the DMA controller to the device
Premapped IO
OS assigns memory address and trusts device not to be malicious
Scary
Fully mapped IO
OS brokers the IO requests of untrusted device
What is ring architecture?
CPU levels. Ring 0 is unprotected ring 3 would be more protected. The CPU manufacturer decides the number of rings, OS decides how to use them.
What does the word domain mean?
A collection of resources
Monolithic architecture
MSDOS - user mode / priveledged mode
Too much code could run in a higher mode
What is THE?
A layered kernel approach where each later called the next user>IO>interpreter>mem>processor
What is data hiding?
When you cannot bypass layers to call sub layers
Micro kernel model
It is a smaller kernel subset to promote security, this became slow because of process level changes
Hybrid micro kernel architecture
Partially uses the micro kernel for memory specific tasks, mostly uses the driver kernel to handle devices
Security policy
Is a strategic tool to indicate how sensitive information is managed
TCB
Trusted Computer Base - A collection of all the hardware, software, and firmware security components of a system
Trusted path
The path between the user and the TCB
Trusted shell
A shell someone cannot get into or out of
Security perimeter
Divides the trusted from the untrusted
Reference monitor
Used as a reference to user access of an object, this is effectively the law of the TCB
Security kernel
All access decisions must go through the security kernel, it is the core of the TCB
Multilevel security policy
Each level has it’s own security policy of where it can talk to
State change model
System model over the premise all states of an object are regulated
State transitions
When the state of an object changes
Simple security rule
Subject cannot read at a higher priveledge.
- property
Cannot write to a level lower
Strong star property
Read and write can only function at the level currently on
Basic security theorem
If a system starts secure, and all state levels are secure, the system is secure regardless of input
Tranquility principle
Subjects and objects cannot change states undefined in the security principle
Bell-Lapadula
A security model used in MAC access control systems that specifies rules on read and write
Biba model
Similar to Bell-Lapadula but concerned solely on data integrity
*-integrity axiom
No write up, so dirty data does not mix with clean data
Simple integrity axiom
No read down
Invocation property
A dirty subject cannot use a clean tool to contaminate a clean object
Clark-Wilson
An integrity model that compartmentalizations data based on programmatic processing
Transformation procedures TP
Programmatic operations like read and write
Constrained data items CDI
This data is allowed to be manipulated by TPs
Unconstrained data items UDI
Users can directly manipulate these items
Integrity verification procedures IVP
Checks consistency of CDI against reality
Access triple
Subject, object, program
User, CDI, TP
Well formed transaction
Using a TP to process a CDI and having it go through an IVP
Covert channel
A way for an entity to receive information in an unauthorized secretive way
Non-inference
Someone of a lower clearance cannot see state changes of a higher clearance
Inference attack
When someone had access to something that goes through a state change that implies what the change means
Lattice model
Access is defined as:
Least upper bound
Greatest lower bound
Brewer-Nash model (Chinese wall model)
This model is used to prevent conflict of interest
If you access bank A files you cannot access bank B files
Graham-Denning model
8 critical security questions to ask especially when programming
Harrison-Ruzzo-Ullman model
Ensures access controls are being met at all levels
Dedicated security mode
An OS model that means all users have a need to know all information and have signed NDA pertaining the information
System high security mode
When a user has the security clearance to see it, but the need to know for only partial portions of the data
Compartmented security mode
Just like high security mode, but the highest clearance data enforces who can access the system
Compartment mode workstations
Have built in functionality to all multiple clearance levels on the same system
Guards
A system used between trust (assurance) levels
Assurance rating
An EOL # used to quantify a systems trust
Common criteria
A systematic review used to rate a system A-D
Division D
This division is the lowest security rating
Division C1
Discretionary security protection - access is controlled by user or group low security environment
Division C2
Controlled access protection - each individual is authenticated and security events are audited. All mediums containing data cannot store data, ie memory or temp storage
Division B1
Label security - each object must contain an accurate security label
Division B2
Structured protection - fully documented and defined security policy with stringent authentication and covert channel analysis has been passed
Division B3
Security domains - reduction of complexity from B2 .. Reduced code and simplified procedures
Division A
Strictly verified and scrutinized B3
Rainbow books
Like the orange book/common criteria, but targeted to the business sector
Red book
Trusted network interpretation -
Communication integrity
Denial of service prevention
Compromise protection
(Read more on red book/rainbow books)
Assurance
Derived from comparing how things actually work to the theory of how they should work
What is he history of the TCSEC
TCSEC became Common Criteria
ITSEC
European version of the common criteria
What is different between TCSEC and ITSEC?
ITSEC has a separate rating for assurance vs functionality
EAL
Evaluation assurance level
EAL 1 - functionally tested
2 - structurally tested
3 - methodically tested and checked
4 - methodically designed tested and reviewed
5 - semi formally designed and tested
6 - semi formally verified design and tested
7 - verified design
Verified design?
Mathematically proven model
How rare protection profiles used in common criteria?
A committed assurance level to develop on and towards
What 5 parts make up and protection profile?
Descriptive elements Rationale Functional requirements Development assurance requirements Evaluation assurance requirements
What steps are taken during the CC (common criteria)?
Protection profile is made - assurance target
Target of evaluation - security target
Security target - how our product does the above
Security functional req. - individual security function proof
Security assurance req. - measures taken during development to assure these requirements are met and confirmable
Packages - what must be met to continue with an EAL rating
ISO 15408
International standard linked to common criteria
- 1 - lays out the general concept of the common criteria
- 2 - describes and catalogs security functionality
- 3 - defined assurance requirements with criteria
Certification vs accreditation
Certification - the testing of a claim
Accreditation - acceptance of the risk associated with the certification process results
Open vs closed systems
Open standardized interoperability vs exclusively proprietary interoperability
Maintenance hook
This is code developed to monitor the software for flaws, these are dangerous security wise..
Think of my /end function!
Time of use attack
Similar to race condition, but manipulates something process 2 relies on prior to process 2 running, (a flag in a file)
If time of use is mandatory in code how can you avoid this?
Using system locks on the resources required by the process