Section 7: Supply Chain Management Flashcards
An organization must ensure that the operation of every element (hardware, firmware, driver, OS, and application) is __________________ to establish a trusted computing environment.
Consistent and tamper resistant
Due Diligence
A legal principle identifying a subject has used vest practice or reasonable care
What is due diligence in terms of working with vendors?
Properly resourced cyber program, security assurance and risk management processes, product support life cycle, security controls for confidential data, incident response and forensics assistance, general and historical company information
Trusted Foundry
A microprocessor manufacturing utility that is part of a validated supply chain (one where hardware and software does not deviate from its documented function). Operated by the Department of Defense (DoD)
Hardware Source Authenticity
The process of ensuring that hardware is procured tamper-free from trustworthy suppliers
Hardware Root of Trust
A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics (like a TPM module); digital certificate embedded in your processor
TPM
Trusted Platform Module. A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information. (essentially, it’s just a chip in your computer that allows the computer to boot securely)
HSM
Hardware Security Module. An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software-based storage. (automated and can’t be compromised by human involvement)
Anti-Tamper
Methods that make it difficult for an attacker to alter the authorized execution of software
Firmware Exploit
Gives an attacker an opportunity to run any code at the highest level of CPU privilege
UEFI
A type of system firmware providing support for 64 bit CPU operation at boot
Secure Boot
a UEFI feature that prevents unwanted processes from executing during the boot operation
Measured Boot
A UEFI feature that gathers secure metrics to validate the boot processes in an attestation report
Attestation
A claim that the data presented in the report is valid by digitally signing it using the TPM’s private key
eFUSE
A means for software or firmware to permanently alter the state of a transistor on a computer chip