Domain 3 Security Engineering

Question 1

Program Status Word (PSW)

Answer 1

The program status word (PSW) holds different condition bits. One of the bits indicates whether the CPU should be working in user mode (also called problem state) or privileged mode (also called kernel or supervisor mode).

Question 2

Symmetric mode and asymmetric mode of multiprocessing

Answer 2

When a processor is dedicated, as in this example, the system is working in asymmetric mode. This usually means the computer has some type of time-sensitive application that needs its own personal processor. So, the system scheduler will send instructions from the time-sensitive application to CPU 4 and send all the other instructions (from the operating system and other applications) to CPU 3.

Question 3

SDRAM, EDO DRAM, BEDO DRAM, DDR SDRAM

Answer 3

Synchronous DRAM (SDRAM) Synchronizes itself with the system’s CPU and synchronizes signal input and output on the RAM chip. It coordinates its activities with the CPU clock so the timing of the CPU and the timing of the memory activities are synchronized. This increases the speed of transmitting and executing data.
•
Extended data out DRAM (EDO DRAM) This is faster than DRAM because DRAM can access only one block of data at a time, whereas EDO DRAM can capture the next block of data while the first block is being sent to the CPU for processing. It has a type of “look ahead” feature that speeds up memory access.
•
Burst EDO DRAM (BEDO DRAM) Works like (and builds upon) EDO DRAM in that it can transmit data to the CPU as it carries out a read option, but it can send more data at once (burst). It reads and sends up to four memory addresses in a small number of clock cycles.
•
Double data rate SDRAM (DDR SDRAM) Carries out read operations on the rising and falling cycles of a clock pulse. So instead of carrying out one operation per clock cycle, it carries out two and thus can deliver twice the throughput of SDRAM. Basically, it doubles the speed of memory activities, when compared to SDRAM, with a smaller number of clock cycles. Pretty groovy.

Question 4

L1, L2, L3 Cache

Answer 4

Different motherboards have different types of cache. Level 1 (L1) is faster than Level 2 (L2), and L2 is faster than L3. Some processors and device controllers have cache memory built into them. L1 and L2 are usually built into the processors and the controllers themselves.

Question 5

Absolute address, logical address, relative address

Answer 5

The physical memory addresses that the CPU uses are called absolute addresses. The indexed memory addresses that software uses are referred to as logical addresses. And relative addresses are based on a known address with an offset value applied.

Question 6

Memory Manager

Answer 6

the memory manager allows the application to use its own addressing scheme—the logical addresses. When the application makes a call to one of these “phantom” logical addresses, the memory manager must map this address to the actual physical address

Question 7

Buffer Overflow

Answer 7

Since the stack grows downward in most operating systems, putting too many characters into the stack will eventually lead to overwriting the RP. Why? Because the RP is written to the stack first whenever a function is called. Depending on how much memory you have between the vulnerable variable and the RP, you could insert malicious code all the way up to the RP and then overwrite the RP to point to the start of the malicious code you just inserted. This allows the malicious instructions to be executed in the security context of the requesting application

Question 8

Memory protection techniques: address space layout randomization (ASLR) and data execution prevention (DEP)

Answer 8

If an attacker wants to maliciously interact with a process, he needs to know what memory address to send his attack inputs to. If the operating system changes these addresses continuously, which is what ASLR accomplishes, the potential success of his attack is greatly reduced. You can’t mess with something if you don’t know where it is.
Many of the main operating systems use some form of data execution prevention (DEP), which can be implemented via hardware (CPU) or software (operating system). The actual implementations of DEP vary, but the main goal is to help ensure that executable code does not function within memory segments that could be dangerous.

Question 9

Counter measures for memory leak

Answer 9

Two main countermeasures can protect against memory leaks: developing better code that releases memory properly, and using a garbage collector, software that runs an algorithm to identify unused committed memory and then tells the operating system to mark that memory as “available.”

Question 10

Process State

Answer 10

A process can be in a running state (CPU is executing its instructions and data), ready state (waiting to send instructions to the CPU), or blocked state (waiting for input data, such as keystrokes, from a user).

Question 11

Cooperative Multitasking vs. Preemptive Multitasking

Answer 11

Cooperative multitasking, used in Windows 3.x and early Macintosh systems, required the processes to voluntarily release resources they were using. This was not necessarily a stable environment because if a programmer did not write his code properly to release a resource when his application was done using it, the resource would be committed indefinitely to his application and thus be unavailable to other processes. With preemptive multitasking, used in Windows 9x and later versions and in Unix systems, the operating system controls how long a process can use a resource. The system can suspend a process that is using the CPU and allow another process access to it through the use of time sharing.

Question 12

Why process isolation

Answer 12

With process isolation, if one process hangs for some reason, it will not affect the other software running. (Process isolation is required for preemptive multitasking.)

Question 13

How to enforce process isolation

Answer 13

• Encapsulation of objects -Encapsulation provides data hiding
• Time multiplexing of shared resources -Although it seems as though all applications are running (executing their instructions) simultaneously, the operating system is splitting up time shares between each process. Multiplexing means there are several data sources and the individual data pieces are piped into one communication channel.
• Naming distinctions -Naming distinctions just means that the different processes have their own name or identification value. Processes are usually assigned process identification (PID) values, which the operating system and other processes use to call upon them
• Virtual memory mapping - Virtual address mapping allows the different processes to have their own memory space; the operating system ensures no processes improperly interact with another process’s memory. This provides integrity and confidentiality for the individual processes and their data and an overall stable processing environment for the operating system.

Question 14

Memory Manager - 5 functionalities

Answer 14

Relocation, Protection,Sharing, Logical organization, Physical organization

Question 15

Software I/O procedures

Answer 15

•
Programmed I/O
•
Interrupt-driven I/O
•
I/O using DMA
•
Premapped I/O
•
Fully mapped I/O

Question 16

Architecture types of OS

Answer 16

• Monolithic All operating system processes run in kernel mode.
• Layered All operating system processes run in a hierarchical model in kernel mode.
• Microkernel Core operating system processes run in kernel mode and the remaining ones run in user mode.
• Hybrid microkernel All operating system processes run in kernel mode. Core processes run within a microkernel and others run in a client\server model.

Question 17

TCB, Security Kernel, Reference Monitor

Answer 17

The security kernel is made up of hardware, software, and firmware components that fall within the TCB, and it implements and enforces the reference monitor concept. The security kernel mediates all access and functions between subjects and objects.

The reference monitor is a concept in which an abstract machine mediates all access to objects by subjects. The security kernel is the hardware, firmware, and software of the TCB that implements this concept. The TCB is the totality of protection mechanisms within a computer system that work together to enforce a security policy. It contains the security kernel and all other security protection mechanisms.

Question 18

Clark-Wilson Model Components

Answer 18

•
Users Active agents
•
Transformation procedures (TPs) Programmed abstract operations, such as read, write, and modify
•
Constrained data items (CDIs) Can be manipulated only by TPs
•
Unconstrained data items (UDIs) Can be manipulated by users via primitive read and write operations
•
Integrity verification procedures (IVPs) Check the consistency of CDIs with external reality

Question 19

Graham-Denning Model

Answer 19

This model shows how subjects and objects should be created and deleted. It also addresses how to assign specific access rights.

Question 20

Harrison-Ruzzo-Ullman Model

Answer 20

The Harrison-Ruzzo-Ullman (HRU) model deals with access rights of subjects and the integrity of those rights. A subject can carry out only a finite set of operations on an object.

Question 21

Common Criteria

Answer 21

•
EAL1 Functionally tested
•
EAL2 Structurally tested
•
EAL3 Methodically tested and checked
•
EAL4 Methodically designed, tested, and reviewed
•
EAL5 Semiformally designed and tested
•
EAL6 Semiformally verified design and tested
•
EAL7 Formally verified design and tested

Question 22

PP, TOE, Security Target

Answer 22

• Protection profile (PP) Description of a needed security solution.• Target of evaluation (TOE) Product proposed to provide a needed security solution.• Security target Vendor’s written explanation of the security functionality and assurance mechanisms that meet the needed security solution—in other words, “This is what our product does and how it does it.”• Security functional requirements Individual security functions that must be provided by a product.• Security assurance requirements Measures taken during development and evaluation of the product to assure compliance with the claimed security functionality.• Packages—EALs Functional and assurance requirements are bundled into packages for reuse. This component describes what must be met to achieve specific EAL ratings.

Question 23

CC framework - ISO?

Answer 23

•
ISO/IEC 15408-1 Introduction and general model
•
ISO/IEC 15408-2 Security functional components
•
ISO/IEC 15408-3 Security assurance components

Question 24

Industrial control systems (ICS)

Answer 24

PLC, DCS, SCADA

Question 25

SCADA

Answer 25

A remote terminal unit (RTU) is an endpoint that connects directly to sensors and/or actuators. Though there are still plenty of RTUs in use, many of these have now been replaced with PLCs. The data acquisition servers (DAS) are backends that receive all data from the endpoints through a telemetry system, and perform whatever correlation or analysis may be necessary. Finally, the users in charge of controlling the system interact with it through the use of a human-machine interface (HMI), the user station, that displays the data from the endpoints and allows the users to issue commands to the actuators (e.g., to close a valve or open a switch).

Question 26

Components of steganography

Answer 26

Carrier, Medium, Payload

Question 27

CPTED vs. target hardening

Answer 27

CPTED and target hardening are two different approaches. Target hardening focuses on denying access through physical and artificial barriers (alarms, locks, fences, and so on). Traditional target hardening can lead to restrictions on the use, enjoyment, and aesthetics of an environment.

Question 28

ISO/IEC/IEEE 42010
Systems and software engineering—
Architecture description

Answer 28

The goal is to internationally standardize how system architecture takes place so that product developers aren’t just “winging it” and coming up with their own proprietary approaches. A disciplined approach to system architecture allows for better quality, interoperability, extensibility, portability, and security.

􀁲􀀁 Architecture Fundamental organization of a system embodied in its
components, their relationships to each other and to the environment, and the
principles guiding its design and evolution.
􀁲􀀁 Architecture description (AD) Collection of document types to convey an
architecture in a formal manner.
􀁲􀀁 Stakeholder Individual, team, or organization (or classes thereof) with interests
in, or concerns relative to, a system.
􀁲􀀁 View Representation of a whole system from the perspective of a related set of
concerns.
􀁲􀀁 Viewpoint A specification of the conventions for constructing and using a
view. A template from which to develop individual views by establishing the
purposes and audience for a view and the techniques for its creation and analysis.

Question 29

Physical security program

Answer 29

Deterrence, Delay, Detection, Assessment, Response.

I. Deterrence of criminal activity
A. Fences
B. Warning signs
C. Security guards
D. Dogs
II. Delay of intruders to help ensure they can be caught
A. Locks
B. Defense-in-depth measures
C. Access controls
III. Detection of intruders
A. External intruder sensors
B. Internal intruder sensors
IV. Assessment of situations
A. Security guard procedures
B. Damage assessment criteria
V. Response to intrusions and disruptions
A. Communication structure (calling tree)
B. Response force
C. Emergency response procedures
D. Police, fire, medical personnel