Domain 6 - Security Architecture And Design Flashcards
Is a volatile hardware memory that loses integrity after loss of power
Random Access Memory or RAM
It mediates all access between objects and subjects. It enforces the system’s security policy, such as preventing normal user from writing to a restricted file such as e system password file.
Reference Monitor
Is a non volatile memory that maintains integrity after loss of power
Read Only Memory or ROM
Trusted Computer System Evaluation Criteria is also known as ——
The Orange book
The security relevant portions of computer system
Trusted Computing Base - TCB
An interface between computer hardware and the operating system, allowing multiple guest operating systems to run on one host computer
Virtualisation
This separates hardware and software functionality into modular tiers
Layering
Complexity is the enemy of security; the more complex the process is, the less secure it is. Computers are tremendously complex machine, ——- provides a way to manage that complexity and hides unnecessary details from the user.
Abstraction
Is the list of objects a subject is allowed to access.
Security Domain
What are the two domains of a Kernel?
- Kernel mode
2. User mode
It is where the Kernel lives allowing low level access to memory, CPU, disk etc. It is the most trusted and powerful part of the system.
Kernel mode
It is where user accounts and their processes lives.
User mode
Is a form of CPU hardware layering that separates and protects domains (such as Kernel and user mode) from each other
Ring model
What are the four theoretical rings of the ring model?
Ring 0 - Kernel
Ring 1 - other OS components that do not fit ring 0
Ring 2 - Device drivers
Ring 3 - User applications
Processes communicates between the rings via —-, which allow processes to communicate with the kernel and provide a window between the rings
System calls
Is a system that uses open hardware standards, using standard components from variety of vendors
Open system
Is a system that uses proprietary hardware or software
Closed system
Is the primary communicant channel on a computer system
Computer bus
Also called the Memory Controller Hub (MCH) which connects. He CPU to RAM and video memory
Northbridge
Also called the IO Controller Hub (ICH) which connects input/output devices such as disk, keyboard, mouse etc…
Southbridge
Is a part of CPU that performs mathematical calculations
Arithmetic Logic Unit (ALU)
Part of the CPU that sends instructions to the ALU
Control Unit
Combines multiple steps into one combined process, allowing simultaneous fetch, decode, a d write steps for different instructions
Pipelining
This indicates that an asynchronous event has occurred. It is a form of hardware interrupt that cause the CPU to stop processing its current task, save the state, and began processing a new request
CPU interrupts
—- is an executable program and its associated data loaded and running in memory
Process
This allow multiple tasks (heavy weight processes) to run simultaneously on one CPU
Multitasking
This runs multiple processes on multiple CPU
Multiprocessing
Is designed to recover a system by rebooting after critical processes hangs or crash
Watchdog timer
What are the two forms of CPU designs?
- Complex Instruction Set Computer - CISC
2. Reduced Instruction Set Computer - RISC
Is a form of CPU design that uses a large set of complex machine language instructions
CISC
Is a form of CPU design that uses reduced set of simpler intructions.
RISC
Is the fastest memory on the system required to keep up with the CPU as it fetches and executes intructions.
Cache memory
Is a logical control that attempts to prevent one process from interfering with another
Process Isolation
Techniques used to provide process isolation
- Virtual Memory
- Object encapsulation
- Time multiplexing