D3 - Security Architecture and Design

Question 1

System’s architecture is make up of different _, which are representations of system _ and their . Each view addresses a different aspect of the sytem (, _ , _, _)

Answer 1

views
components; relationships
functionality; performance; interoperability; security

Question 2

ISO/IEC 42010:2007

Answer 2

International Standard

Outlines how system architecture frameworks and their description languages are to be used.

Question 3

CPU contains a _ and _.

Answer 3

Contains a control unit, which controls the timing of the execution of instructions and data.
ALU, performs mathematical functions and logical operations

Question 4

Memory managers use various memory protection mechanisms, such as:

Answer 4

base (beginning0 and limit (ending) addressing
address space layout randomization
data execution prevention

Question 5

Operating systems use what kind of memory schemes?

Answer 5

absolute (hardware addresses), logical (indexed addresses), and relative address (indexed addresses, including offsets)

Question 6

How are buffer overflow vulnerabilities best addressed?

Answer 6

implementing bounds checking

Question 7

What is a garbage collector?

Answer 7

A software tool that releases unused memory segments to help prevent “memory starvation”

Question 8

Different processor families work within different _ to execute specific instruction sets.

Answer 8

microarchitectures

Question 9

Why were early operating systems considered “monolithic”?

Answer 9

Because all of the code worked within one layer and ran ni kernal mode, components communicated in an ad hoc manner

Question 10

Operating systems can work iwthin the following architecutres:

Answer 10

monolithic kernal, microkernal, hybrid kernal

Question 11

What is mode transition?

Answer 11

when a CPU has to switch from executingone process’s instructions running in user mode to another process’s instructions running in kernal mode.

Question 12

CPUs provide a ringed architecture, which _ _ run within. The more trusted processes run in the - rings and have access to all or most of the _ _. Nontrusted processes run in - rings and have access to smaller amount of resources.

Answer 12

operating systems
lower-numbered
system resource
higher-numbered

Question 13

Operating system processes are executed in _ or _ mode.

Applications are executed in _ mode, also known as “_ _”.

Answer 13

privileged; supervisor

user; “problem state”

Question 14

What does virtual storage combine to have a larger bank of memory?

Answer 14

RAM and secondary storage

Question 15

The more complex a security mechanism is the _ amount of assurance it can usually provide

Answer 15

less

Question 16

TCB - Trusted computing base

Answer 16

A collection of system components that enforce the security policy directly and protect the system. These components are within the security perimeter.

Question 17

What components make up the TCB?

Answer 17

hardware, software, firmware

Question 18

What is a security perimeter?

Answer 18

An imaginary boundary that has trusted components within it (those that make up the TCB and untrusted components outside it.

Question 19

Reference Monitor

Answer 19

An abstract machine that ensures all subjects have the necessary access rights before accessing objects. It mediates all access to objects by subjects.

Question 20

Security kernal

Answer 20

mechanism that actually enforces the rules of the reference monitor concept

Question 21

What are necessary concepts for the security kernal?

Answer 21

It must isolate processes carrying out the reference monitor concept
must be tamperproof
Must be invoked for each access attempt
Must be small enough to be properly tested

Question 22

How can processes be isolated?

Answer 22

Segmneted memory addressing
Encapsulation of objects
Time multiplexing of shared resources
Naming distinctions
Virtual mapping

Question 23

The level of security a system provides depends upon how well it enforces its _ _

Answer 23

security policy

Question 24

Multilevel security system

Answer 24

Processes data at different classifications (security levels) and users with different clearances (security levels) can use the system

Question 25

When does data hiding occur?

Answer 25

When processes work at different layers and have layers of access control between them. Processes need to know how to communicate only iwht each other’s interfaces.

Question 26

Security model

Answer 26

Maps the abstract goals of a security policy to computer system terms and concepts. Gives the security policy structure and provides a framework for the system

Question 27

A _ _ is often proprietary to the manufacturer or vendor.

Answer 27

closed system

Question 28

An _ _ allows for more interoperability

Answer 28

Open system

Question 29

The Bell-LaPadula model deals only with _, while the Biba and Clarke-Wilson models deal only with _.

Answer 29

confidentiality

integrity

Question 30

State machine model

Answer 30

Deals with the different states a system can enter. If a system starts ins a secure state, all state transitions take place securely, the system shuts down and fails securely and the system will never end up in an insecure state.

Question 31

Lattice Model

Answer 31

provides an upper bound and a lower bound of authorized access for subjects

Question 32

The Bell-LaPadula model has a simple security rule, which means:

Answer 32

A subject cannot read data from a higher level (no read up).

Question 33

Bell-LaPadula *-property rule means:

Answer 33

the subject cannot write to an object at a lower level (no write down).

Question 34

Bell-LaPadula strong star property:

Answer 34

a sbuject can read and write to its own security level

Question 35

The Biba model does not let subjects _ to objects at a higher integrity level (no _ up) and does not let subjects read data at a _ integrity level (no read down). This is done to protect the integrity of the data.

Answer 35

write; write

lower

Question 36

The LBell LaPadula model is used mainly in _ and _-oriented systems. The Biba and Clark-Wilson models are used in the _ sector.

Answer 36

military; government

commercial

Question 37

Clark-Wilson Model

Answer 37

subjects can only access objects through applications. Illustrates how to provide functionality for separation of duties and requires auditing tasks within software.

Question 38

What does it mean when a system is working in a dedicated security mode?

Answer 38

It only deals with one level of data classification; all users must have this level o fclearance to be able to use the system

Question 39

Trust

Answer 39

A system uses all of its protectio nmechanisms properly to process sensivtive data for many types of users.

Question 40

Assurance

Answer 40

level of cnofidence you have in this trust and that the protection mechansisms behave properly in all circumstances predictably

Question 41

Orange Book aka TCSEC (Trusted Computer System Evaluation Criteria)

Answer 41

Developed to evaluate systems built to be mainly used by the government; the expanded

Question 42

Orange Book deals with main:

Answer 42

stand-alone systems

Question 43

ITSEC evaluates:

Answer 43

the asurance and functionality of a system’s protection mechanisms separately.

Question 44

Common Criterial

Answer 44

Provides globally recognized evaluation criterial, combining TCSEC, ITSEC, CTCPEC, Federal Criteria

Question 45

What does the Common C riteria use to provide assurance for targets of evaluation (TOE)

Answer 45

Protection profiles
Security Targets
Ratings (EAL1 to EAL7)

Question 46

Covert channel

Answer 46

An unintended communication path that transfers data in a way that violates the security policy.

Question 47

What are the two types of covert channels?

Answer 47

Timing & storage

Question 48

Covert timing channel

Answer 48

Enables a process to relay information to another process by modulating its use of system resources

Question 49

A covert storage channel

Answer 49

Enables a process to write data to a storage medium so another process can read it

Question 50

Why is a maintenance hookj developed?

Answer 50

To let a programmer into the application quickly for maintenance. Should be removed before the application goes into production or it can cause a serious security risk.

Question 51

What does process isolation ensure?

Answer 51

That multiple processes can run concurrently and the processes will not interfere with each other or affect each other’s memory segments.

Question 52

TOC/TOU

Answer 52

Time-of-check/time-of-use. Class of asynchronous attacks

Question 53

Biba model addresses the first coal of:

Answer 53

integrity; to prevent unauthorized users from making gmodifications

Question 54

Clark-Wilson model addressess all three integrity goals:

Answer 54

1- prevent users from making modifications
2 - prevent authorized users from improper modifications
3 - maintain interna and external consistency

Question 55

System architecture

Answer 55

Formal tool used to design computer systems in a maaner that ensures each of the stakeholder’s concerns is addressed