Section 7: Supply Chain Management Flashcards

1
Q

An organization must ensure that the operation of every element (hardware, firmware, driver, OS, and application) is __________________ to establish a trusted computing environment.

A

Consistent and tamper resistant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Due Diligence

A

A legal principle identifying a subject has used vest practice or reasonable care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is due diligence in terms of working with vendors?

A

Properly resourced cyber program, security assurance and risk management processes, product support life cycle, security controls for confidential data, incident response and forensics assistance, general and historical company information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Trusted Foundry

A

A microprocessor manufacturing utility that is part of a validated supply chain (one where hardware and software does not deviate from its documented function). Operated by the Department of Defense (DoD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Hardware Source Authenticity

A

The process of ensuring that hardware is procured tamper-free from trustworthy suppliers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Hardware Root of Trust

A

A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics (like a TPM module); digital certificate embedded in your processor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

TPM

A

Trusted Platform Module. A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information. (essentially, it’s just a chip in your computer that allows the computer to boot securely)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

HSM

A

Hardware Security Module. An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software-based storage. (automated and can’t be compromised by human involvement)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Anti-Tamper

A

Methods that make it difficult for an attacker to alter the authorized execution of software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Firmware Exploit

A

Gives an attacker an opportunity to run any code at the highest level of CPU privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

UEFI

A

A type of system firmware providing support for 64 bit CPU operation at boot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Secure Boot

A

a UEFI feature that prevents unwanted processes from executing during the boot operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Measured Boot

A

A UEFI feature that gathers secure metrics to validate the boot processes in an attestation report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Attestation

A

A claim that the data presented in the report is valid by digitally signing it using the TPM’s private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

eFUSE

A

A means for software or firmware to permanently alter the state of a transistor on a computer chip

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Self-Encrypting Drives

A

A disk drive where the controller can automatically encrypt data that is written to it

17
Q

Secure Processing

A

A mechanism for ensuring the CIA of software code and data as it is executed in volatile memory (hardening the RAM part of information that passes through)

18
Q

Processor Security Extensions

A

Low-level CPU changes and instructions that enable secure processing

19
Q

Trusted Execution

A

Basically, makes sure that what’s being booted can be trusted

20
Q

Secure Enclave

A

The extensions allow a trusted process to create an encrypted container for sensitive data

21
Q

Atomic Execution

A

Certain operations that should only be performed once or not at all, such as initializing a memory location

22
Q

Bus Encryption

A

Data is encrypted by an application prior to being placed on the data bus (for this to work, we have ensure that the device on the other end of the bus is trusted to decrypt the data)