Chapter 9- Security Vulnerabilities, Threats and Countermeasures

Question 1

1. What is hardware?

Answer 1

Hardware: The term hardware encompasses any tangible part of a computer that you can actually reach out and touch, from the keyboard and monitor to its CPU(s), storage media, and memory chips.

Question 2

2. What do you understand by the Processor?

Answer 2

The central processing unit (CPU), generally called the processor or the micro-aprocessor.

It is the computer’s nerve center—

it is the chip (or chips in a multiprocessor system) that governs all major operations and either directly performs or coordinates the complex symphony of calculations that allows a computer to perform its intended task.

Question 3

3. List Execution Types

Answer 3

• Multi tasking
• Multicore
• Multiprocessing

Question 4

4. Explain Multicore

Answer 4

This means that what was previously a single CPU or microprocessor chip is now a chip containing two, four, eight, or potentially dozens of independent execution cores that can operate simultaneously.

Question 5

5. Define Multitasking:

Answer 5

In computing, multitasking means handling two or more tasks simultaneously.

Question 6

6. Define Massively Parallel Processing (MPP):

Answer 6

MPP systems house hundreds or even thousands of processors, each of which has its own operating system and memory/bus resources.

MPP systems are extremely powerful (not to mention extremely expensive!) and are used in a great deal of computing or computational-based research.

Question 7

7. Explain Multiprogramming:

Answer 7

: Multiprogramming is similar to multitasking. It involves the pseudosimultaneous execution of two tasks on a single processor coordinated by the operating system as a way to increase operational efficiency. Multiprogramming is considered a relatively obsolete technology and is rarely found in use today except in legacy systems.

Question 8

8. Differences between multiprogramming and multitasking.

Answer 8

Multiprogramming usually takes place on large-scale systems, such as mainframes,

whereas multitasking takes place on personal computer (PC) operating systems, such as Windows and Linux.

Multitasking is normally coordinated by the operating system, whereas multiprogramming requires specially written software that coordinates its own activities and execution through the operating system.

Question 9

9. Define Multithreading:

Answer 9

Multithreading permits multiple concurrent (simultaneous or coinciding) tasks to be performed within a single process.
Multithreading is often used in applications where frequent context switching between multiple active processes consumes excessive overhead and reduces efficiency. In multithreading, switching between threads incurs far less overhead and is therefore more efficient

Question 10

10. Diff between multithreading and multitasking

Answer 10

multitasking, where multiple tasks occupy multiple processes, multithreading permits multiple tasks to operate within a single process.

Question 11

11. Define a thread

Answer 11

A thread is a self-contained sequence of instructions that can execute in parallel with other threads that are part of the same parent process.

Question 12

12. Define Single State systems:

Answer 12

Single-state systems require the use of policy mechanisms to manage information at different levels.

Question 13

13. Define Multistate systems

Answer 13

: Multistate systems are capable of implementing a much higher level of security. These systems are certified to handle multiple security levels simultaneously by using specialized security mechanisms known as protection mechanisms

Question 14

14. What are technical mechanisms

Answer 14

Technical mechanisms prevent information from crossing between the two users and thereby crossing between security levels.

Question 15

15. Explain Protection Rings

Answer 15

Protection rings organize code and components in an operating system into concentric rings.
The deeper inside the circle you go, the higher the privilege level associated with the code that occupies a specific ring. Most modern operating systems use a four-ring model (numbered 0 through 3).

As the innermost ring, 0 has the highest level of privilege and can basically access any resource, file, or memory location. The part of an operating system that always remains resident in memory (so that it can run on demand at any time) is called the kernel.

Question 16

16. Explain Ring 0 of the protection ring:

Answer 16

As the innermost ring, 0 has the highest level of privilege and can basically access any resource, file, or memory location. The part of an operating system that always remains resident in memory (so that it can run on demand at any time) is called the kernel.

It occupies ring 0 and can pre-empt code running at any other ring.

Question 17

17. Explain ring 1 of the protection ring

Answer 17

The remaining parts of the operating system—those that come and go as various tasks are requested, operations performed, processes switched, and so forth—occupy ring 1.

Question 18

18. Explain Ring 2 of the protection ring:

Answer 18

: Ring 2 is also somewhat privileged in that it’s where I/O drivers and system utilities reside; these are able to access peripheral devices, special files, and so forth that applications and other programs cannot themselves access directly.

Question 19

19. Explain Ring 3 of the protection ring

Answer 19

Applications and programs occupy this ring

Question 20

20. Explain the essence of the protection ring

Answer 20

The essence of the ring model lies in priority, privilege, and memory segmentation.

The process associated with the lowest ring number always runs before processes associated with higher-numbered rings.

Those processes that run in higher-numbered rings must generally ask a handler or a driver in a lower-numbered ring for services they need; this is sometimes called a mediated-access model.

Question 21

21. In practice, many modern operating systems break memory into only two segment explain them

Answer 21

one for system-level access (rings 0 through 2), often called kernel mode, supervisory mode or privileged mode

and one for user-level programs and applications (ring 3), often called user mode.

Question 22

22. Explain the ring model from a security stand point

Answer 22

the ring model enables an operating system to protect and insulate itself from users and applications.

It also permits the enforcement of strict boundaries between highly privileged operating system components (such as the kernel) and less privileged parts of the operating system (such as other parts of the operating system, plus drivers and utilities).

It also permits the enforcement of strict boundaries between highly privileged operating system components (such as the kernel) and less privileged parts of the operating system (such as other parts of the operating system, plus drivers and utilities). Within this model, direct access to specific resources is possible only within certain rings; likewise, certain operations (such as process switching, termination, and scheduling) are allowed only within certain rings.

Question 23

23. Define Process states

Answer 23

process states are various forms of execution in which a process may run. It is also known as operating state

Question 24

25. From a security standpoint, the ring model does what?

Answer 24

The ring model enables an operating system to protect and insulate itself from users and applications. It also permits the enforcement of strict boundaries between high privileged operating system and less parts of the operating system.

Question 26

26. Explain system call

Answer 26

System call is the invocation of a specific system or programming interface designed to pass the Request to an inner ring for service.

Question 27

27. Operating system can be in one of 2 modes name them:

Answer 27

a. supervisor mode b. user mode.

Question 28

28. Define supervisor state

Answer 28

Supervisor state occurs when it operates in a privileged all access mode.

Question 29

29. Define user mode

Answer 29

In user mode, privilege is low and all access requests must be checked against credentials for authorization before they are granted or denied

Question 30

30. Define ready state

Answer 30

In ready state, a process is ready to resume or begin processing as soon as it is scheduled for execution.

Question 31

31. Define waiting state

Answer 31

Waiting State also means waiting for resource, it involves a process that is ready for continued execution but is waiting for device or access request to be serviced before it can continue processing

Question 32

32. Explain Running

Answer 32

the running process executes on the CPU and keeps going until it finishes, its time slice expires or it is blocked for some reason.

Question 33

33. Explain supervisory state

Answer 33

the following occur in supervisory state:

1. System configuration
2. Installing device drivers
3. Modifying security settings. Any function not occurring user mode ring 3 or problem state occurs in supervisory mode

Question 34

34. Explain stopped state

Answer 34

when a process finishes or is terminated it goes into a stopped state. At this point, the operating system can recover all memory and other resources allocated to the process and reuse them for other processes as needed.

Question 35

Explain dedicated mode systems 3 users requirements

Answer 35

Each user must have a security clearance that permits access to all information processed by the system.

Each user must have access approval for all information processed by the system

Each user must have a valid need to know for all information processed by the system.

Question 36

36. Explain systems high mode systems 3 users requirements

Answer 36

Each user must have a security clearance that permits access to all information processed by the system.

Each user must have a valid need to know some information processed by the system

Each user must have access approval for some information processed by the system but not necessarily all information processed by the system.

Question 37

37. Explain systems Comparted mode systems 3 users requirements

Answer 37

Each user must have a valid security clearance that permits access to all information processed by the system.

Each user must have access approval for any information they will have access to on the system.

Each user must have a valid need to know for all information they will have access to on the system

Question 38

38. Explain Compartmented Mode Workstations (CMW)

Answer 38

In a compartmented mode workstations (CMWs), users with the necessary clearances can process multiple compartments of data at the same time.

Question 39

39. Explain multilevel Mode

Answer 39

Some users do not have a valid security clearance for all information processed by the system. Thus, access is controlled by whether the subject’s clearance level dominates the object’s sensitivity label.

Each user must have access approval for all information they will have access to on the system.

Each user must have a valid need to know for all information they will have access to on the system.

Multilevel mode is also known as controlled security mode.
PDMCL means ability to process data from multiple clearance levels

Question 40

Define user mode:

Answer 40

1. User mode is the basic mode used by the CPU when executing user applications.

Question 41

Explain user mode

Answer 41

1. User Mode it protects the system and data from malicious users who might try to execute instructions to circumvent the security measures put in place or who might mistakenly perform actions that could result in unauthorized access or damage to system or valuable information assets.

Question 42

Often processes within user mode are executed within a controlled environment called …..

Answer 42

virtual machine

Question 43

Explain virtual machine

Answer 43

This is a simulated environment created by the OS to provide a safe and efficient place for programs to execute. It is the responsibility of elements in privileges mode (kernel mode) to create and support VMs and prevent processes in one VM from interfering with processes in other VMs

Question 44

Define Privileged Mode

Answer 44

1. Privileged mode is supported by CPUs and it is designed to give OS access to the full range of instructions supported by the CPU. This mode is also known as kernel mode, supervisory mode, system mode, privilege mode.

Well designed OS do not let any user application to execute in priviledge mode, for both security and system integrity purposes.

Question 45

What is memory

Answer 45

This is the storage bank for information that the computer needs to keep readily available.

Question 46

Explain Read Only Memory (ROM)

Answer 46

1. The content of the ROM cannot be changed, it contains bootstrap information that computers use to startup prior to loading an OS from disk. ROM cannot be modified.

Question 47

Explain PROM Programmable Read Only Memory

Answer 47

1. Programmable Read Only Memory can be altered by administrators up to a certain extent. During Manufacturing process the PROM chip’s content are not burned in, instead the end user burns in the chip’s content later and it then functions like ROM. PROM chips provide software developers with an opportunity to store information permanently on a high-speed, customized memory chip. PROMs are commonly used for hardware applications where some custom functionality is necessary but seldom changes once programmed

Question 48

Define Erasable Programmable Read-Only Memory (EPROM)

Answer 48

1. Erasable Programmable Read-Only Memory (EPROM this combines the high cost of PROM chips and the software developer’s inevitable desires to tinker with their code once it is written.

Question 49

List the 2 main sub categories of EPROM

Answer 49

UVEPROM and EEPROM