Chapter 9 Security Vulnerabilities, Threats, and Countermeasures Flashcards
permits multiple concurrent tasks to be performed within
a single process
Multitasking
Multiprocessing
Multiprogramming
Multithreading
Multithreading
computing system harnesses the power of more than one processor to complete the execution of a single application
Multitasking
Multiprocessing
Multiprogramming
Multithreading
Multiprocessing
multiple tasks occupy multiple processes
Multitasking
Multiprocessing
Multiprogramming
Multithreading
Multitasking
Multitasking
Multiprocessing
Multiprogramming
Multithreading
Multiprogramming
When multiple documents are opened at the
same time in a word processing program it is an example of _____ thread(s) within _________ process(es).
multiple , single
A single computer contains multiple processors that are treated equally and controlled by a single operating system is ______.
symmetric multiprocessing
massively parallel processing
symmetric multiprocessing
systems house hundreds or even thousands of processors, each
of which has its own operating system and memory/bus resources
massively parallel processing
symmetric multiprocessing
massively parallel processing
Systems certified to handle multiple security levels simultaneously by using specialized security mechanisms
Multistate
security administrators approve a processor and system to handle only one security level at a time
Single-state system
When a process finishes or must be terminated (because an error occurs, a
required resource is not available, or a resource request can’t be met
Ready Waiting Running Supervisory Stopped
Stopped
when the process must perform an action that requires privileges that are greater than the problem state’s set of privileges, including modifying system
configuration, installing device drivers, or modifying security settings.
Ready Waiting Running Supervisory Stopped
Supervisory
process executes on the CPU and keeps going until it finishes, its time slice expires, or it is blocked for some reason
Ready Waiting Running Supervisory Stopped
Running
the process is ready for continued execution but is waiting for a device or access request (an interrupt of some kind) to be serviced before it can continue processing
Ready Waiting Running Supervisory Stopped
Waiting
a process is ready to resume or begin processing as soon as it is scheduled for execution.
Ready Waiting Running Supervisory Stopped
Ready
If the time slice ends and the process isn’t completed, it returns to the ____ state
Ready Waiting Running Supervisory Stopped
ready
if the process blocks while waiting for a resource to become available, it goes into the _____ state
Ready Waiting Running Supervisory Stopped
waiting
■ Each user must have a security clearance that permits access to all information processed
by the system.
■ Each user must have access approval for all information processed by the system.
■ Each user must have a valid need to know for all information processed by the system.
Dedicated Mode
System High Mode
Compartmented mode
Multilevel Mode
Dedicated Mode
■ Each user must have a valid security clearance that permits access to all information
processed by the system.
■ Each user must have access approval for all information processed by the system.
■ Each user must have a valid need to know for some information processed by the
system but not necessarily all information processed by the system.
Dedicated Mode
System High Mode
Compartmented mode
Multilevel Mode
System High Mode
■ Each user must have a valid security clearance that permits access to all information
processed by the system.
■ Each user must have access approval for any information they will have access to on the system.
■ Each user must have a valid need to know for all information they will have access to on the system.
Dedicated Mode
System High Mode
Compartmented mode
Multilevel Mode
Compartmented mode
■ Some users do not have a valid security clearance for all information processed by the system. Thus, access is controlled by whether the subject’s clearance level dominates the object’s sensitivity label.
■ Each user must have access approval for all information they will have access to on the system.
■ Each user must have a valid need to know for all information they will have access to
on the system.
Dedicated Mode
System High Mode
Compartmented mode
Multilevel Mode
Multilevel Mode
a nonvolatile form of storage media that can be electronically erased and rewritten and must be fully erased to be rewritten
Programmable Read-Only Memory (PROM)
Erasable Programmable Read-Only Memory (EPROM)
Electronically Erasable Programmable Read-Only Memory (EEPROM)
Flash Memory
Flash Memory
uses electric voltages delivered to the pins of the chip to force erasure and
chips can be erased without removing them from the computer
Programmable Read-Only Memory (PROM)
Erasable Programmable Read-Only Memory (EPROM)
Electronically Erasable Programmable Read-Only Memory (EEPROM)
Flash Memory
Electronically Erasable Programmable Read-Only Memory (EEPROM)
requires the physical removal of the chip from the computer and exposure to a special kind of ultraviolet
light.
Programmable Read-Only Memory (PROM)
Erasable Programmable Read-Only Memory (EPROM)
Electronically Erasable Programmable Read-Only Memory (EEPROM)
Flash Memory
Erasable Programmable Read-Only Memory (EPROM)
incorporates special functionality that allows an end user to burn in the chip’s contents later
Programmable Read-Only Memory (PROM)
Erasable Programmable Read-Only Memory (EPROM)
Electronically Erasable Programmable Read-Only Memory (EEPROM)
Flash Memory
Programmable Read-Only Memory (PROM)
typically the largest RAM storage resource available to a computer
Real Memory
Registers
Cache RAM
Real Memory
improve performance by taking data from slower devices and temporarily storing it in faster
devices when repeated use is likely
Real Memory
Registers
Cache RAM
Cache RAM
onboard memory that provides directly accessible memory locations that the brain of the CPU, the arithmeticlogical unit (ALU), uses when performing calculations or processing instructions.
Cache RAM
Registers
Registers
means of referring to various
locations in memory
Memory Addressing
The address must be located on the same memory page as the
instruction being executed.
Register Addressing Base+Offset Addressing Immediate Addressing Direct Addressing Indirect Addressing Immediate Addressing
Direct Addressing
the memory address supplied to the CPU as part of the instruction doesn’t contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address
Register Addressing Base+Offset Addressing Immediate Addressing Direct Addressing Indirect Addressing Immediate Addressing
Indirect Addressing
When the CPU needs information from one of its registers to complete
an operation, it uses a ____ (for example, “register 1”) to access its contents.
Register Addressing Base+Offset Addressing Immediate Addressing Direct Addressing Indirect Addressing Immediate Addressing
Register Addressing
uses a value stored in one of the CPU’s registers as the base location from which to begin counting.
Register Addressing Base+Offset Addressing Immediate Addressing Direct Addressing Indirect Addressing Immediate Addressing
Base+Offset Addressing
a way of referring to data that is supplied to the CPU as part of an instruction.
Register Addressing Base+Offset Addressing Immediate Addressing Direct Addressing Indirect Addressing Immediate Addressing
Immediate Addressing
a term commonly used to refer to magnetic, optical, or flash-based media or other storage devices that contain data not immediately available to the CPU.
Virtual memory
Secondary memory
Primary memory
Secondary memory
_______ is a special type of secondary memory that the operating system manages to make look and act just like real memory.
Virtual memory
Secondary memory
Primary memory
Virtual memory
To store data, ______ uses a series of capacitors, tiny electrical devices that hold a charge.
dynamic RAM
Static RAM
dynamic RAM
_______ uses more sophisticated technology—a logical device known as a flip-flop, is simply an on/off switch that must be moved from one position to another to change a 0 to 1 or vice versa.
dynamic RAM
Static RAM
Static RAM
______ means
that there are often blocks of data that are not marked as “live” but that hold a copy of the data when it was copied off to lower wear leveled blocks.
SSD wear leveling
the electronic emanations that every monitor produces is known as
Van Eck radiation
allows the electronic emanations that every monitor produces to be read from a distance
this process is known
as Van Eck phreaking
____ is a technology that allows the electronic emanations that every monitor produces (known as Van Eck radiation ) to be read
TEMPEST
a channel with two signal lines, where one line is a DMA request (DMQ) line and the other is a DMA
acknowledgment (DACK) line.
Memory-Mapped I/O
Interrupt (IRQ)
Direct Memory Access (DMA)
Direct Memory Access (DMA)
part of the address space that the CPU manages
functions to provide access to some kind of device through a series of mapped memory addresses or locations
Memory-Mapped I/O
Interrupt (IRQ)
Direct Memory Access (DMA)
Memory-Mapped I/O
a technique
for assigning specific signal lines to specific devices through a special interrupt controller.
Memory-Mapped I/O
Interrupt (IRQ)
Direct Memory Access (DMA)
Interrupt (IRQ)
In most computers, the BIOS is stored on an _____ chip
EEPROM
There is also an attack known as ______, in which a malicious variation of official BIOS or firmware is installed that introduces remote control or other malicious features into a
device.
phlashing
What are the two elements that are compromised in a client based attack ?
Applets and local caches
code objects are
sent from a server to a client to perform some action
Applets
local caches
Applets
self-contained
miniature programs that execute independently of the server that sent them.
Applets
local caches
Applets
caused by an attack responding to ARP broadcast queries in
order to send back falsified replies
ARP cache poisoning
To combine records from one or more tables to produce potentially useful information is called ________.
aggregation
inference
data mining
Aggregation
combining several pieces of nonsensitive
information to gain access to information that should be classified at a higher level.
aggregation
inference
data mining
Inference
commonly used for storing critical information about data, including
usage, type, sources, relationships, and formats. DBMS software reads the data dictionary to determine access rights for users attempting to access data.
aggregation
inference
data mining
data dictionary
data dictionary
What is stored in a datamart ?
metadata
providing a computing platform and software solution stack as a virtual or cloud-based service.
Platform-as-a-Service
Software-as-a-Service (SaaS)
Infrastructure-as-a-Service
Platform-as-a-Service
provides on-demand online access to specific software applications or suites without the need for local installation
Platform-as-a-Service
Software-as-a-Service (SaaS)
Infrastructure-as-a-Service
Software-as-a-Service (SaaS)
utility or metered computing services, administrative
task automation, dynamic scaling, virtualization services, policy implementation and management
services, and managed/filtered Internet connectivity
Platform-as-a-Service
Software-as-a-Service (SaaS)
Infrastructure-as-a-Service
Infrastructure-as-a-Service
_____ refer to devices that offer a computational means to control
something in the physical world
Cyber-physical systems
Network-enabled devices
embedded system
Cyber-physical systems
any type of portable or nonportable device that has native network capabilities.
Cyber-physical systems
Network-enabled devices
embedded system
Network-enabled devices
______ is a computer implemented as part of a larger system.
Cyber-physical systems
Network-enabled devices
embedded system
embedded system
the collection of devices that can communicate over the Internet with one another or with a control console in order to affect and monitor the real world.
Internet of Things (IoT).
doctrine that says that users of an object (or operating system component) don’t necessarily need to know the details of how the object works; they need to know just the proper syntax for using the object and the type of data that will be
returned as a result (that is, how to send input and receive output).
Abstraction
abstraction applies to security is in the introduction of object groups, sometimes called _____ , where access controls and operation rights are assigned to
groups of objects rather than on a per-object basis
classes
puts the most sensitive functions of a process at the core, surrounded by a series of increasingly larger concentric circles with correspondingly lower sensitivity levels
Layering
placing objects in security containers that are different from those that subjects occupy
to hide object details from those with no need to know about them.
Data Hiding
A _______ presents a user
or process with a processing environment—including memory, address space, and other key system resources and services—that allows that user or process to behave as though they have sole, exclusive access to the entire computer.
virtual machine
_______ requires that the operating system provide separate memory spaces for each process’s instructions and data.
Process Isolation
______ prevents the
access of information that belongs to a different process/security level through physically separating components.
Hardware Segmentation
A _______ a method that is used to pass information over a path that is not normally used for communication.
covert channel
________ conveys information by altering the
performance of a system component or modifying a resource’s timing in a predictable manner.
Covert Timing Channel
Covert Storage Channel
Covert Timing Channel
A _____ conveys information by writing data
to a common storage area where another process can read it.
Covert Timing Channel
Covert Storage Channel
Covert Storage Channel
the type of attack that results when someone attempts to supply malicious instructions or code as part of program input is called a _______.
buffer overflow
The party responsible for a buffer overflow vulnerability is always the _______ .
programmer
systematic whittling at assets in accounts or other records with financial value, where
very small amounts are deducted from balances regularly and routinely
Maintenance Hooks
Data diddling
salami attack
salami attack
entry points into a system that are known only by the developer of the system.
Maintenance Hooks
Data diddling
salami attack
Maintenance Hooks
occurs when an attacker gains access to a system and makes small, random,
or incremental changes to data during storage, processing, input, output, or transaction rather than obviously altering file contents or damaging or deleting entire files.
Maintenance Hooks
Data diddling
salami attack
Data diddling
An ______ constructs new applications or functions out of existing but separate and distinct software services.
serviceoriented architecture (SOA)
A ______ is a special enclosure that acts as an EM capacitor.
Faraday cage