Secure System Design Concepts

Question 1

Kernel mode (Supervisor mode)

Answer 1

is where the kernel lives, allowing low-level unrestricted access to memory, CPU, disk, etc. This is the most trusted and powerful part of the system. Crashes are not recoverable.

Question 2

User mode (Problem mode)

Answer 2

has no direct access to hardware, it is directed through an API (Application programming interface). Crashes are recoverable. This is most of what happens on a PC.

Question 3

The Ring Model:

Answer 3

4 ring model that separates Users (Untrusted)
from the Kernel (Trusted).
 The full model is slow and rarely used; most
OS’s only use rings 0 and 3.
 There is a new addition to the Ring Model:
Hypervisor mode is called Ring -1 and is for VM
Hosts. Ring -1 sits below the Client kernel in Ring 0.

Question 4

System unit

Answer 4

– The case and all internal hardware

Question 5

Motherboard

Answer 5

• Motherboard and CPU, memory slots, firmware, PCI slots

Question 6

Peripherals

Answer 6

Mouse, keyboard, monitors, anything plugged into the system unit.

Question 7

Regular computer bus

Answer 7

– The primary communications channel on a computer.

 Communicates between internal hardware and I/O devices (Input/Output), keyboards, mice, monitors, webcams, etc.

Question 8

Northbridge and Southbridge

Answer 8

This design is more common on newer computers
and replaces the regular computer bus.
 The Northbridge (Host bridge) is much faster than the Southbridge.
 There are no North/Southbridge standards, but they must be able to work with each other.
 There is a move towards integrating the Northbridge onto the CPU itself (Intel Sandy Bridge / AMD Fusion).

Question 9

CPU (Central Processing Unit)

Answer 9

is the brains of the system.
 It performs millions of calculations; everything a computer does is math.
 CPUs are rated on their clock cycles per minute. Example: a 4.2GHz processor has 4.2 billion clock cycles per second.

Question 10

Arithmetic logic unit (ALU)

Answer 10

performs arithmetic and logic operations.
It’s a processor that registers the supply operands
(Object of a mathematical operation) to the ALU and
stores the results of ALU operations.
It does all the math.

Question 11

Control unit (CU)

Answer 11

handles fetching (from memory) and
execution of instructions by directing the coordinated operations of
the ALU, registers and other components. It also sends instructions to the ALU.

Question 12

Multithreading, Processing, Tasking and Programming.

Answer 12

Multithreading is the ability of a central processing unit (CPU) or a single core in a multi-core processor to execute multiple processes or threads concurrently, appropriately supported by the operating system.
 Multiprocessing - A computer using more than one CPU at a time for a task.
 Multitasking - Tasks sharing a common resource (1 CPU).
 Multiprogramming - A computer running more than one program at a time (Word and Chrome at the same time).

Question 13

Memory protection

Answer 13

prevents one process from affecting the confidentiality, integrity, or availability of another. Used to protect user/process data in multi-user and multitasking environments.

Question 14

Process isolation

Answer 14

is a logical control that tries to prevent one process from Interfering with another.

Question 15

Hardware segmentation

Answer 15

takes that a step further by mapping processes to specific memory locations.

Question 16

Virtual Memory

Answer 16

provides virtual address mapping between applications and hardware memory. Virtual memory is used for many things: multitasking, multiprocessing, swapping, to name a few

Question 17

Swapping

Answer 17

moves entire processes from primary memory (RAM) from/to secondary memory (Disk).

Question 18

Paging

Answer 18

copies a block from primary memory (RAM) from/to secondary memory
(Disk).

Question 19

BIOS

Answer 19

Basic Input Output System (Low level

OS)

Question 20

WORM Media (Write Once Read Many):

Answer 20

ROM is a WORM Media (not in use, though).

 CD/DVDs can be WORM Media (R), if they are not R/W (Read/Write).

Question 21

TPM (Trusted Platform Module):

Answer 21

Is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices.
 TPM can be used for RNG (Random Number Generation), Symmetric Encryption, Asymmetric Encryption, Hashing Algorithms, and secure storage of cryptographic keys and message digests.
 It is most commonly used to ensure boot integrity.

Question 22

Data Execution Prevention (DEP)

Answer 22

is a security feature that can prevent damage to your computer from viruses and other security threats.
 Harmful programs can try to attack Windows by attempting to execute code from system memory locations reserved for Windows and other authorized
programs; DEP prevents that

Question 23

Address Space Layout Randomization (ASLR)

Answer 23

is a memory-protection process for OS’s; it guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.

Question 24

The Kernel

Answer 24

At the core of the OS is the Kernel. At ring 0 (or 3), it interfaces between the operating system (and applications) and the hardware.
A monolithic kernel is one static executable and the kernel runs in supervisor mode. All functionality
required by a monolithic kernel must be precompiled in.
 Microkernels are modular kernels. A microkernel is smaller and has less native functionality than a monolithic kernel. They can add functionality via
loadable kernel modules.
Microkernels may also run kernel modules in user mode ring 3, instead of supervisor mode. If a nonprecompiled piece of hardware is added the Microkernel can load it, making the hardware work.
 The reference monitor is a core function of the kernel; it handles all access between subjects and objects. It is always on and can’t be bypassed.

Question 25

IaaS - (Infrastructure as a Service)

Answer 25

The vendor provides infrastructure up to the OS, the customer adds the OS and up.

Question 26

SaaS - (Software as a Service)

Answer 26

The vendor provides the OS and applications/programs. Either the customer interacts with the software manually by entering data on the SaaS page, or data is automatically pushed from your other applications to the SaaS application (Gmail, Office 365, Dropbox, Payroll).

Question 27

PaaS - (Platform as a Service)

Answer 27

The vendor provides pre-configured OSs, then the customer adds all programs and applications.