Domain 3 - Security Architecture and Engineering Flashcards
What is the reference monitor?
This is an component of the TCB and it is a validation mechanism composed of hardware, firmware and software. It enforces the system’s security policy and mediates all attempts by subjects to objects. It is essentially the access control enforcer of TCB.
What is a secure state machine?
This is a state machine model that if is fed a secure input and it produces a secure output. Therefore maintaining a secure state at all times.
What security models are based on state machine model and information flow model?
Bell-Lapudula and Bipa
What is the sutherland model based on?
This is an integrity model based on system states.
What is the Goguen-Meseguer Model based on?
It is based on the non-interference model. The model is base don predetermined actions on predetermined objects.
What is the Graham-Denning Model
This is a model based on the secure creation and deletion of subjects and objects
What is the difference between the Graham-Denning model and HRU?
HRU considers subjects to be objects as well. The HRU does not have the transfer right. And it condenses the providing or removing rights into just adding or removing from access matrix.
What are the system modes of operations>
- Dedicated
- System High
- Compartmented
- Multi-Level
What is the difference between monolithic kernel and micro-kernel?
Micro-kernels add functionality via loadable kernel modules. These modules can be run in user mode (ring 3) instead of supervisor mode. In monolithic kernels, functionality is compiled in one static executable. If functionality needs to be added it needs to be recompiled and rebooted.
What is data execution prevention?
This is a memory protection technique in which can be enabled via hardware or software. It prevents executable content not be able to be executed if it sits in memory that has not been marked as expecting executable content.
When would be best to use a distributed control system (DCS)?
Where the need to gather data and implement control over a large-scale environment from a single location. This is suited to operating on a limited scale.
When would a PLC be best used?
Where high reliable control is required for controlling systems on an assembly line or robotic devices.
When would a SCADA be best used?
In instance where managing systems over large geographic areas is required.
What are microservices?
- Programming Design Architecture
- Where small independent services communicate over well-defined APIs
- Rather than one monolithic application
What is a embedded system?
Any device with an OS that host at least one dedicated application.
What are examples of an embedded system?
- Traffic Lights
- Medical equipment
- ATM
- Printers
- Thermostats
- Digital watches and cameras
What are common issues with RTOS?
A concept related to High Performance Computing System. RTOS systems are often single-purpose (leaving little room for security). They are often using custom or proprietary code which may include unknown bugs or flaws.
Where is data processed in edge computing?
It is processed at the edge where each device at the edge will process its own data locally rather than sending it to a master processing entity.