Section 7: Supply Chain Management Flashcards
An organization must ensure that the operation of every element (hardware, firmware, driver, OS, and application) is __________________ to establish a trusted computing environment.
Consistent and tamper resistant
Due Diligence
A legal principle identifying a subject has used vest practice or reasonable care
What is due diligence in terms of working with vendors?
Properly resourced cyber program, security assurance and risk management processes, product support life cycle, security controls for confidential data, incident response and forensics assistance, general and historical company information
Trusted Foundry
A microprocessor manufacturing utility that is part of a validated supply chain (one where hardware and software does not deviate from its documented function). Operated by the Department of Defense (DoD)
Hardware Source Authenticity
The process of ensuring that hardware is procured tamper-free from trustworthy suppliers
Hardware Root of Trust
A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics (like a TPM module); digital certificate embedded in your processor
TPM
Trusted Platform Module. A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information. (essentially, it’s just a chip in your computer that allows the computer to boot securely)
HSM
Hardware Security Module. An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software-based storage. (automated and can’t be compromised by human involvement)
Anti-Tamper
Methods that make it difficult for an attacker to alter the authorized execution of software
Firmware Exploit
Gives an attacker an opportunity to run any code at the highest level of CPU privilege
UEFI
A type of system firmware providing support for 64 bit CPU operation at boot
Secure Boot
a UEFI feature that prevents unwanted processes from executing during the boot operation
Measured Boot
A UEFI feature that gathers secure metrics to validate the boot processes in an attestation report
Attestation
A claim that the data presented in the report is valid by digitally signing it using the TPM’s private key
eFUSE
A means for software or firmware to permanently alter the state of a transistor on a computer chip
Self-Encrypting Drives
A disk drive where the controller can automatically encrypt data that is written to it
Secure Processing
A mechanism for ensuring the CIA of software code and data as it is executed in volatile memory (hardening the RAM part of information that passes through)
Processor Security Extensions
Low-level CPU changes and instructions that enable secure processing
Trusted Execution
Basically, makes sure that what’s being booted can be trusted
Secure Enclave
The extensions allow a trusted process to create an encrypted container for sensitive data
Atomic Execution
Certain operations that should only be performed once or not at all, such as initializing a memory location
Bus Encryption
Data is encrypted by an application prior to being placed on the data bus (for this to work, we have ensure that the device on the other end of the bus is trusted to decrypt the data)
