Domain 3: Security Engineering: Secure System Design Concepts

Question 1

What is Layering?

Answer 1

Separates hardware and software functionality into modular tiers.

Question 2

What is in the generic list of security architecture layers?

Answer 2

1. Hardware
2. Kernel and device drivers
3. Operating System
4. Applications

Question 3

What is Abstraction?

Answer 3

Hiding unnecessary details from the user. The more complex a process is, the less secure it is.

Question 4

What are Security Domains?

Answer 4

A security domain is a list of objects a subject is allowed to access.
Example 1: Confidential, Secret, and Top Secret are three security domains used by the DoD.
Example 2: Most modern operating systems separate the kernel mode from user mode.

Question 5

What is the Ring Model?

Answer 5

It is a form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode) from each other.

Question 6

What are the theoretical rings in the Ring Model?

Answer 6

Ring 0: Kernel
Ring 1: Other OS components that do not fit into Ring 0
Ring 2: Device drivers
Ring 3: User Applications

Question 7

How do processes communicate between rings?

Answer 7

Processes uses system calls to communicate between rings. System calls are slow but provide security. This provides abstraction.

Question 8

What rings do Linux and Windows operating systems use?

Answer 8

Ring 0 and Ring 3.

Question 9

What is hypervisor mode?

Answer 9

Considered to be Ring -1, it allows virtual guests to operate in ring 0 controlled by the hypervisor.

Question 10

Name two CPUs that support hypervisor.

Answer 10

Intel VT (Intel Virtualization Technology, aka "Vanderpool")
AMD-V (AMD Virtualization, aka "Pacifica")

Question 11

What is the difference between open and closed systems?

Answer 11

An open system uses open hardware and standards. Closed systems use hardware and software that are proprietary.