Chapter 9 Flashcards
Automated Indicator Sharing (AIS)
- Dept Homeland Security - facilitate free and open exchange of Indicators of Compromise (IoC)
- Indicator - observable with hypothesis of threat
- Observable is an occurrence
STIX (structured threat info expression) - structured language to describe threat
TAXII (threat automated exchange of intel info) - protocol and services for automated sharing
Data localization - related to physical storage location
Data sovereignty - related to country laws governing data
Execution Types
- Multiprogramming - multiple processes switched in/out on single CPU; switch out when waiting for I/O
- Multitasking - run several processes, each with time slice
- Multithreading - break up process into threads and run threads concurrently
- Multiprocessing - multiple processors (CPUs)
- Multicore - multiple cores within CPU
Protection rings
Privileged:
-Ring 0 - OS Kernel/Mem
- Ring 1 - other OS components
- Ring 2 - Drivers
User:
- Ring 3 - Application
EEPROM vs Flash mem
EEPROM - erase/wr by bytes
Flash mem - erase/wr blocks or pages
Dynamic vs Static RAM
Dynamic - needs constant refreshing
Static - retains until no power
Primary memory - RAM
Secondary memory - disk/media
Emission Security
Counter against Van Eck Phreaking (reading of EM emanation from devices)
- Faraday Cage
- White noise
- Control zone via Faraday cage and white noise
BIOS (old), UEFI (new)
UEFI
- Boot attestation / secure boot
- Measured boot (hash of all boot components)
Flashing - program BIOS
Phlashing - attack
Interface Definition Language (IDL)
- RPC
- CORBA - common obj req broker
- DCOM - distr comp obj model
Mobile device deployment policies
- BYOD
- CYOD - choose your own device
- COPE - company owned, personally enabled
- COMS/COBO - company owned business only
Covert channels
Covert Timing Channel - e.g. blinking light,
Covert Storage Channel - write to common storage for another process to read
Incremental attack
data diddling
salami attack
