Domain 6 - Security Architecture And Design Flashcards
Is a volatile hardware memory that loses integrity after loss of power
Random Access Memory or RAM
It mediates all access between objects and subjects. It enforces the system’s security policy, such as preventing normal user from writing to a restricted file such as e system password file.
Reference Monitor
Is a non volatile memory that maintains integrity after loss of power
Read Only Memory or ROM
Trusted Computer System Evaluation Criteria is also known as ——
The Orange book
The security relevant portions of computer system
Trusted Computing Base - TCB
An interface between computer hardware and the operating system, allowing multiple guest operating systems to run on one host computer
Virtualisation
This separates hardware and software functionality into modular tiers
Layering
Complexity is the enemy of security; the more complex the process is, the less secure it is. Computers are tremendously complex machine, ——- provides a way to manage that complexity and hides unnecessary details from the user.
Abstraction
Is the list of objects a subject is allowed to access.
Security Domain
What are the two domains of a Kernel?
- Kernel mode
2. User mode
It is where the Kernel lives allowing low level access to memory, CPU, disk etc. It is the most trusted and powerful part of the system.
Kernel mode
It is where user accounts and their processes lives.
User mode
Is a form of CPU hardware layering that separates and protects domains (such as Kernel and user mode) from each other
Ring model
What are the four theoretical rings of the ring model?
Ring 0 - Kernel
Ring 1 - other OS components that do not fit ring 0
Ring 2 - Device drivers
Ring 3 - User applications
Processes communicates between the rings via —-, which allow processes to communicate with the kernel and provide a window between the rings
System calls
Is a system that uses open hardware standards, using standard components from variety of vendors
Open system
Is a system that uses proprietary hardware or software
Closed system
Is the primary communicant channel on a computer system
Computer bus
Also called the Memory Controller Hub (MCH) which connects. He CPU to RAM and video memory
Northbridge
Also called the IO Controller Hub (ICH) which connects input/output devices such as disk, keyboard, mouse etc…
Southbridge
Is a part of CPU that performs mathematical calculations
Arithmetic Logic Unit (ALU)
Part of the CPU that sends instructions to the ALU
Control Unit
Combines multiple steps into one combined process, allowing simultaneous fetch, decode, a d write steps for different instructions
Pipelining
This indicates that an asynchronous event has occurred. It is a form of hardware interrupt that cause the CPU to stop processing its current task, save the state, and began processing a new request
CPU interrupts
—- is an executable program and its associated data loaded and running in memory
Process
This allow multiple tasks (heavy weight processes) to run simultaneously on one CPU
Multitasking
This runs multiple processes on multiple CPU
Multiprocessing
Is designed to recover a system by rebooting after critical processes hangs or crash
Watchdog timer
What are the two forms of CPU designs?
- Complex Instruction Set Computer - CISC
2. Reduced Instruction Set Computer - RISC
Is a form of CPU design that uses a large set of complex machine language instructions
CISC
Is a form of CPU design that uses reduced set of simpler intructions.
RISC
Is the fastest memory on the system required to keep up with the CPU as it fetches and executes intructions.
Cache memory
Is a logical control that attempts to prevent one process from interfering with another
Process Isolation
Techniques used to provide process isolation
- Virtual Memory
- Object encapsulation
- Time multiplexing
This takes process isolation one step further by mapping processes to specific memory locations.
Hardware Segmentation
This provides virtual mapping between applications and hardware memory
Virtual Memory
This uses virtual memory to copy contents in primary memory (RAM) to or from secondary memory ( not directly addressable by the CPU, on disk)
Swapping
T or F. Flash memory drives are disk drives.
False
T or F. Secure destruction method used for magnetic drives, such as degaussing may not work with flash drives.
True
—- are energy that escape an electronic system, and which may be remotely monitored under certain circumstances.
Emanations
Is any communication that violates security policy.
Covert channel
Is an authorised communication that complies with security policy.
Overt channel
Two specific types off covert channel
- Storage channel
2. Timing channels
Is a covert channel that uses shared storage such as temporary directory to allow two subjects to signal each other.
Covert storage channel
Is a covert channel that relies on the system clock to infer sensitive information.
Covert Timing channel
—— can occur when a programmer fails to perform bounds checking
Buffer Overflow
An attack where attackers attempts to alter condition after it has been checked by the Operating System, but before it is used. It is an example of state attack where attacker capitalises on a change in operating system
Time of check/Time of use - TOCTOU or race conditions
Is a shortcut in a system that allows a user to bypass security checks (such username/password authentication ) to login
Backdoor
Is a type of backdoor typically shortcuts installed by system designers/programmers to allow developers to bypass normal system checks during development, such as requiring users to authenticate.
Maintenance Hook
Is the generic term for any type of software that attacks an application of system
Malicious code or Malware
—– are malware that does not spread automatically and require a carrier such as human
Computer Viruses
—– is a virus written in macro language such as MS office macros
Macro virus
Is a virus that infects the boot sector of a PC, which ensures the virus loads upon system startup
Boot Sector virus
Is a virus that hides itself from the OS and other protective software, such AV software
Stealth virus
Is a virus that change its signature upon infection of new system, attempting to evade signature based anti virus software
Polymorphic virus
Is a virus that spreads via multiple vectors
Multipartite virus
—— -are malware that self propagates
Worm
Is a malware that performs two functions: one benign (such as a game), and one malicious
Trojans
Is a malware which replaces portions of the kernel and/or operating system
Rootkits
This provides run time executables . The original exe is compressed and a small decompresser is prepended to the EXE.
Packers
Is a malicious program that is triggered when a logical condition is met, such as after a number of transactions have been processed, or on a specific date
Logic bombs
An attack that is launched directly from an attacker (the client) to a listening service
Server (service) side attacks
This occurs when a user downloads malicious content. Attacks initiate from the victim who downloads contents from the attacker
Client side attack
Is a small piece of mobile code that are imbedded in other software such as web browser. Primary security concern is this are downloaded from servers and run locally.
Applets
Is an object oriented language used not only to write applets, but also as a general purpose programming language. Applets written run in a sandbox which segregates the code for the OS thus preventing malicious applet to access file system
Java
Is a Microsoft functional equivalent of java applets but use digital certificate instead of a sandbox to provide security .
ActiveX
—– allows two difference objects have the same name. In databases, it means two rows may have the same primary key but different data
Polyinstantiation (multiple instances)
This occur when a user is able to use lower level access to learn restricted information. It requires deduction; there is a mystery to be solved and lower level clues are available. One example is when there are plenty of cars and pizza delivery in the White House in the middle of the night
Inference
This searches large amounts of data to determine patterns that would otherwise get ‘lost in the noise’.
Data Mining
This occurs when a subject reads an object at lower sensitivity level such as top secret subject reading a secret object
Reading down
This occurs when a subject has information and passes that information up to an object which has higher sensitivity than the subject has permission to access
Writing up
Is a mathematical model that groups all possible system occurrences, called states. Every possible state of the system is evaluated, showing all possible interactions between subjects and objects. The system is proven to be secure if all the state is proven to be secure.
State Machine Model
——– is a security model developed by US Dept of Defense focusing on maintaining the confidentiality of objects. It means not allowing users at lower security levels to access objects at higher security level. No Read-up and no write down
Bell-LaPadula
What are the two properties/rule that operates Bell LaPadula?
- Simple Security property
2. Star Property
A security property that states “no read up”. A subject at a specific classification level cannot read an object at a higher classification level.
Simple Security Property
Is a security property that is “no write down”. A subject at a higher classification level cannot write to a lower classification level.
- Security Property
Within the Bell-LaPadula access control model, what are the two properties which dictates how the system will issue security labels for objects.
- The Strong Tranquility property
2. The Weak Tranquility property
In Bell-LaPadula access control model, this states that security models will not change while the system is is operating
Strong Tranquility Property
In Bell-LaPadula access control model, this states that security models will not change in a way that conflicts with defined security properties
Weak Tranquility Model
—— is a security access control model that defines upper (least Upper Bound - LUB) and lower access limits ( Greatest Lower Bound - GLB) . This allows reaching higher and lower data classification based on the need of the subject, label of the object, and the role of the subject.
Lattice Based Access Control
Is a security model focusing on integrity that protects integrity by requiring subjects to access objects via programs.
Clark-Wilson
This security model focuses on integrity of information at the highest level by using two primary rules :
No read down
No write up
Biba model.
What are the two primary rules of BIBA model?
- Simple Integrity Axiom
2. * Integrity Axiom
In BIBA security model, this specifies that a subject at specific classification level cannot read data at a lower classification - thus “no read down”. This prevents subject from accessing information at a lower integrity level. This protects integrity by preventing bad information from moving up from lower integrity levels.
Simple Integrity Axiom
In BIBA model, at subject at a specific classification level cannot write to data at a higher classification. “No write up”. This protects integrity by preventing bad information from moving up to a higher integrity level
- Integrity Axiom
