Section 7: Supply Chain Management

Question 1

An organization must ensure that the operation of every element (hardware, firmware, driver, OS, and application) is __________________ to establish a trusted computing environment.

Answer 1

Consistent and tamper resistant

Question 2

Due Diligence

Answer 2

A legal principle identifying a subject has used vest practice or reasonable care

Question 3

What is due diligence in terms of working with vendors?

Answer 3

Properly resourced cyber program, security assurance and risk management processes, product support life cycle, security controls for confidential data, incident response and forensics assistance, general and historical company information

Question 4

Trusted Foundry

Answer 4

A microprocessor manufacturing utility that is part of a validated supply chain (one where hardware and software does not deviate from its documented function). Operated by the Department of Defense (DoD)

Question 5

Hardware Source Authenticity

Answer 5

The process of ensuring that hardware is procured tamper-free from trustworthy suppliers

Question 6

Hardware Root of Trust

Answer 6

A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics (like a TPM module); digital certificate embedded in your processor

Question 7

TPM

Answer 7

Trusted Platform Module. A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information. (essentially, it’s just a chip in your computer that allows the computer to boot securely)

Question 8

HSM

Answer 8

Hardware Security Module. An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software-based storage. (automated and can’t be compromised by human involvement)

Question 9

Anti-Tamper

Answer 9

Methods that make it difficult for an attacker to alter the authorized execution of software

Question 10

Firmware Exploit

Answer 10

Gives an attacker an opportunity to run any code at the highest level of CPU privilege

Question 11

UEFI

Answer 11

A type of system firmware providing support for 64 bit CPU operation at boot

Question 12

Secure Boot

Answer 12

a UEFI feature that prevents unwanted processes from executing during the boot operation

Question 13

Measured Boot

Answer 13

A UEFI feature that gathers secure metrics to validate the boot processes in an attestation report

Question 14

Attestation

Answer 14

A claim that the data presented in the report is valid by digitally signing it using the TPM’s private key

Question 15

eFUSE

Answer 15

A means for software or firmware to permanently alter the state of a transistor on a computer chip

Question 16

Self-Encrypting Drives

Answer 16

A disk drive where the controller can automatically encrypt data that is written to it

Question 17

Secure Processing

Answer 17

A mechanism for ensuring the CIA of software code and data as it is executed in volatile memory (hardening the RAM part of information that passes through)

Question 18

Processor Security Extensions

Answer 18

Low-level CPU changes and instructions that enable secure processing

Question 19

Trusted Execution

Answer 19

Basically, makes sure that what’s being booted can be trusted

Question 20

Secure Enclave

Answer 20

The extensions allow a trusted process to create an encrypted container for sensitive data

Question 21

Atomic Execution

Answer 21

Certain operations that should only be performed once or not at all, such as initializing a memory location

Question 22

Bus Encryption

Answer 22

Data is encrypted by an application prior to being placed on the data bus (for this to work, we have ensure that the device on the other end of the bus is trusted to decrypt the data)