Secure System Design Concepts Flashcards
Kernel mode (Supervisor mode)
is where the kernel lives, allowing low-level unrestricted access to memory, CPU, disk, etc. This is the most trusted and powerful part of the system. Crashes are not recoverable.
User mode (Problem mode)
has no direct access to hardware, it is directed through an API (Application programming interface). Crashes are recoverable. This is most of what happens on a PC.
The Ring Model:
4 ring model that separates Users (Untrusted)
from the Kernel (Trusted).
The full model is slow and rarely used; most
OS’s only use rings 0 and 3.
There is a new addition to the Ring Model:
Hypervisor mode is called Ring -1 and is for VM
Hosts. Ring -1 sits below the Client kernel in Ring 0.
System unit
– The case and all internal hardware
Motherboard
- Motherboard and CPU, memory slots, firmware, PCI slots
Peripherals
Mouse, keyboard, monitors, anything plugged into the system unit.
Regular computer bus
– The primary communications channel on a computer.
Communicates between internal hardware and I/O devices (Input/Output), keyboards, mice, monitors, webcams, etc.
Northbridge and Southbridge
This design is more common on newer computers
and replaces the regular computer bus.
The Northbridge (Host bridge) is much faster than the Southbridge.
There are no North/Southbridge standards, but they must be able to work with each other.
There is a move towards integrating the Northbridge onto the CPU itself (Intel Sandy Bridge / AMD Fusion).
CPU (Central Processing Unit)
is the brains of the system.
It performs millions of calculations; everything a computer does is math.
CPUs are rated on their clock cycles per minute. Example: a 4.2GHz processor has 4.2 billion clock cycles per second.
Arithmetic logic unit (ALU)
performs arithmetic and logic operations.
It’s a processor that registers the supply operands
(Object of a mathematical operation) to the ALU and
stores the results of ALU operations.
It does all the math.
Control unit (CU)
handles fetching (from memory) and execution of instructions by directing the coordinated operations of the ALU, registers and other components. It also sends instructions to the ALU.
Multithreading, Processing, Tasking and Programming.
Multithreading is the ability of a central processing unit (CPU) or a single core in a multi-core processor to execute multiple processes or threads concurrently, appropriately supported by the operating system.
Multiprocessing - A computer using more than one CPU at a time for a task.
Multitasking - Tasks sharing a common resource (1 CPU).
Multiprogramming - A computer running more than one program at a time (Word and Chrome at the same time).
Memory protection
prevents one process from affecting the confidentiality, integrity, or availability of another. Used to protect user/process data in multi-user and multitasking environments.
Process isolation
is a logical control that tries to prevent one process from Interfering with another.
Hardware segmentation
takes that a step further by mapping processes to specific memory locations.
Virtual Memory
provides virtual address mapping between applications and hardware memory. Virtual memory is used for many things: multitasking, multiprocessing, swapping, to name a few
Swapping
moves entire processes from primary memory (RAM) from/to secondary memory (Disk).
Paging
copies a block from primary memory (RAM) from/to secondary memory
(Disk).
BIOS
Basic Input Output System (Low level
OS)
WORM Media (Write Once Read Many):
ROM is a WORM Media (not in use, though).
CD/DVDs can be WORM Media (R), if they are not R/W (Read/Write).
TPM (Trusted Platform Module):
Is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices.
TPM can be used for RNG (Random Number Generation), Symmetric Encryption, Asymmetric Encryption, Hashing Algorithms, and secure storage of cryptographic keys and message digests.
It is most commonly used to ensure boot integrity.
Data Execution Prevention (DEP)
is a security feature that can prevent damage to your computer from viruses and other security threats.
Harmful programs can try to attack Windows by attempting to execute code from system memory locations reserved for Windows and other authorized
programs; DEP prevents that
Address Space Layout Randomization (ASLR)
is a memory-protection process for OS’s; it guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.
The Kernel
At the core of the OS is the Kernel. At ring 0 (or 3), it interfaces between the operating system (and applications) and the hardware.
A monolithic kernel is one static executable and the kernel runs in supervisor mode. All functionality
required by a monolithic kernel must be precompiled in.
Microkernels are modular kernels. A microkernel is smaller and has less native functionality than a monolithic kernel. They can add functionality via
loadable kernel modules.
Microkernels may also run kernel modules in user mode ring 3, instead of supervisor mode. If a nonprecompiled piece of hardware is added the Microkernel can load it, making the hardware work.
The reference monitor is a core function of the kernel; it handles all access between subjects and objects. It is always on and can’t be bypassed.
IaaS - (Infrastructure as a Service)
The vendor provides infrastructure up to the OS, the customer adds the OS and up.
SaaS - (Software as a Service)
The vendor provides the OS and applications/programs. Either the customer interacts with the software manually by entering data on the SaaS page, or data is automatically pushed from your other applications to the SaaS application (Gmail, Office 365, Dropbox, Payroll).
PaaS - (Platform as a Service)
The vendor provides pre-configured OSs, then the customer adds all programs and applications.
