Security Architecture & Design

Question 1

What is Basic Computer Architecture ?

Answer 1

Basic computer (system) architecture refers to the structure of a computer system and comprises its hardware, firmware, and software

Question 2

What is Basic Computer Hardware ?

Answer 2

Hardware consists of the physical components in computer architecture.
This broad definition of hardware can include keyboards, monitors, printers, and other peripherals

Question 3

What is the CPU ?

Answer 3

CPU
The CPU (Central Processing Unit) or microprocessor is the electronic circuitry that performs a computer’s arithmetic, logic, and computing functions. including:

Arithmetic Logic Unit (ALU): Performs numerical calculations and comparative logic functions, such as ADD, SUBTRACT, DIVIDE, and MULTIPLY

Bus Interface Unit (BIU): Supervises data transfers over the bus system between the CPU and I/O devices

Control Unit: Coordinates activities of the other CPU components during program execution

Decode Unit: Converts incoming instructions into individual CPU commands

Floating-Point Unit (FPU): Handles higher math operations for the ALU and control unit

Memory Management Unit (MMU): Handles addressing and cataloging data that’s stored in memory and translates logical addressing into physical addressing

Pre-Fetch Unit: Preloads instructions into CPU registers

Protection Test Unit (PTU): Monitors all CPU functions to ensure that they’re properly executed

Registers: Hold CPU data, addresses, and instructions temporarily, inspecial buffers

Question 4

The Two Distinct Phases of a CPU ?

Answer 4

Fetch - During the fetch phase, the CPU locates and retrieves a required instruction from memory.

Execute - The CPU decodes and executes the instruction.

These two phases make up a basic machine cycle that’s controlled by the CPU clock signals.

Question 5

What are the four operates states of a CPU ? (W.A.R.S.)

Answer 5

Operating (run) state: The CPU executes an instruction or instructions.

Problem (application) state: The CPU calculates a solution to an application-based problem. During this state, only a limited subset of instructions (non-privileged instructions) is available.

Supervisory state: The CPU executes a privileged instruction, meaning that instruction is available only to a system administrator or other authorized user/process.

Wait state: The CPU hasn’t yet completed execution of an instruction and must extend the cycle.

Question 6

What are the two basic CPU Designs ?

Answer 6

CISC - Complex Instruction Set Computing`

RISC - Reduced Instruction Set Computing

Question 7

What are the 3 Micro processor classifications ?

Answer 7

Multitasking - multi tasks, single processor
Multiprogramming - multi programs, single processor
Multiprocessing - multi tasks & Programs over multiple processors.

Question 8

What is MultiState ?

Answer 8

The operating system supports multiple operating states,

such as single-user and multiuser modes in the UNIX/Linux world and Normal and Safe modes in the Windows world.

Question 9

What is MultiUser ?

Answer 9

The operating system can differentiate between users. For example, it provides different shell environments, profiles, or privilege levels for each user, as well as process isolation between users.

Question 10

What are the two Main Memory types ?

Answer 10

RAM - Random Access (volatile) 2 sub types:

• DRAM Must be refreshed, rewritten every 2 seconds.
• SRAM Faster than DRAM, static.

ROM - Read Only memory - None volative, there after shutdown.

• PROM - Programmable (can’t be re-written)
• EPROM - Erasable Programmable (Can be erased using UV light)
• EEPROM - Electronic Erasable Programmable - Can be erased without UV Light.
• Flash memory - Kind used on USB thumb drives.

Question 11

What is Secondary Memory ?

Answer 11

It provides dynamic storage on nonvolatile magnetic media such as hard drives, solid-state drives, or tape drives.

Virtual memory (such as a paging file, swap space, or swap partition)is a type of secondary memory that uses both installed physical memory and available hard-drive space to present a larger apparent memory space to the CPU than actually exists in main storage.

Question 12

what is Protection Domain ?

Answer 12

Prevents other programs or processes from accessing
and modifying the contents of address space that’s already been assigned to another active program or process.

This protection can be performed by the operating system or implemented in hardware.

Question 13

What is Memory Space ?

Answer 13

This describes the amount of physical memory available in a computer system (for example, 2 GB),

Question 14

What is Memory Address Space ?

Answer 14

Whereas address space specifies where memory is located in a computer system (a memory address).

Question 15

what is a Physical Memory Address ?

Answer 15

A physical memory address is a hard-coded address assigned to physically installed memory. It can only be accessed by the operating system that maps physical addresses to virtual addresses.

Question 16

What is a Virtual Memory Address ?

Answer 16

A virtual (or symbolic) memory address is the address used by applications (and programmers) to specify a desired location in memory.

Question 17

Common Virtual Memory Address Modes ?

Answer 17

Base addressing: An address used as the origin for calculating other addresses.

Absolute addressing: An address that identifies a location without reference to a base address — or it may be a base address itself.

Indexed addressing: Specifies an address relative to an index register. (If the index register changes, the resulting memory location changes.)

Indirect addressing: The specified address contains the address to the final desired location in memory.

Direct addressing: Specifies the address of the final desired memory location

Question 18

What is FirmWare ?

Answer 18

Firmware is a program or set of computer instructions stored in the physical circuitry of ROM memory. Firmware is typically stored on one or more ROM chips on a computer’s motherboard

Example: Computer BIOS

Question 19

What are the three Main components of an Operating System ?

Answer 19

Kernel
Device Drivers
Tools

Question 20

What are the Main Functions of an Operating System ?

Answer 20

Process management.
Resource management.
I/O Device management.
Memory management.
File management.
communications management.

Question 21

what is virtualisation ?

Answer 21

A virtual machine is a software implementation of a computer, enabling many running copies of an operating system to execute on a single running computer
without interfering with each other.

Question 22

What is a HyperVisor ?

Answer 22

This is the operating system that runs the rest of the virtual operating systems.

Question 23

What is the TCB ?

Answer 23

The Trusted Computer Base (TCB) is the entire complement of protection mechanisms within a computer system (including hardware, firmware, and software) that’s responsible for enforcing a security policy.

Question 24

What is the TCB Security Perimeter ?

Answer 24

The boundary lines that separates the TCB from the rest of the System.

Question 25

What is a Reference Monitor ?

Answer 25

This is a system component that enforces access controls on an object.

Stated another way, a reference monitor is an abstract machine that mediates all access to an object by a subject.

Question 26

What is a Security Kernel ?

Answer 26

This is the combination of hardware, firmware, and software elements in a TCB that implements the reference monitor concept.

Three requirements of a security kernel are that it must

• Mediate all access
• Be protected from modification
• Be verified as correct

Question 27

What is an Open System ?

Answer 27

An open system is a vendor-independent system that complies with a published and accepted standard.

Examples: Open Office, Apache Web Server MySQL

Question 28

What is a Closed System ?

Answer 28

A closed system uses proprietary hardware and/or software that may not be compatible with other systems or components.

Examples: Windows, ITunes, Microsoft Office.

Question 29

What are Security Rings ?

Answer 29

The concept of protection rings implements multiple concentric domains with increasing levels of trust near the center. The most privileged ring is identified
as Ring 0 and normally includes the operating system’s security kernel.

Question 30

What are Security Modes ?

Answer 30

• generally found in government and Military.
  A system’s security mode of operation describes how a system handles stored information at various classification levels.

Question 31

What are the 4 Security Mode Designations ?

Answer 31

• Dedicated: All authorized users must have a clearance level equal to or higher than the highest level of information processed on the system and a valid need-to-know.
• System High: All authorized users must have a clearance level equal to or higher than the highest level of information processed on the system, but a valid need-to-know isn’t necessarily required.
• Multilevel: Information at different classification levels is stored or processed on a trusted computer system (a system that employs all necessary hardware and software assurance measures and meets the specified requirements for reliability and security). Authorized users must have an appropriate clearance level, and access restrictions are enforced by the system accordingly.
• Limited access: Authorized users aren’t required to have a security clearance, but the highest level of information on the system is Sensitive but Unclassified (SBU).

Question 32

What is a Trusted System ?

Answer 32

A Trusted System is a system with that implements a TCB.

Question 33

Recovery Procedures - Security Design:

Answer 33

• Fault-tolerant systems: These systems continue to operate after the failure of a computer or network component. The system must be capable of detecting and correcting — or circumventing — a fault.
• Fail-safe systems: When a hardware or software failure is detected, program execution is terminated, and the system is protected from compromise.
• Fail-soft (resilient) systems: When a hardware or software failure is detected, certain noncritical processing is terminated, and the computer or network continues to function in a degraded mode.
• Fail over systems: When a hardware or software failure is detected, the system automatically transfers processing to a component, such as a clustered server.

Question 34

Vulnerabilities in the Security Architecture

Answer 34

Covert Channel - unknown and hidden communications.

Root Kits - subvert OS, turn OS into hypervisor, subtle changes, tough to find.

Race Conditions - A race condition is a flaw in a system
where the output or result of an activity in the system is unexpectedly tied to the timing of other events.

State Attacks - Session identifier theft / guessing, this allows an attacker to steal / hijack another users session.

Emanations - The unintentional emissions of electromagnetic or acoustic energy from a system can be intercepted by others and possibly used to illicitly obtain information from the system.

Question 35

Common Security Counter Measures

Answer 35

• Defense in Depth - layered defense using protective controls.
• System Hardening - none acceptance of default install, removal on unnecessary accounts, permissions, users, software components, closure of ports, change default passwords.
• heterogeneous Environment - multple OSes and Vendors means that a 0 day might not affect 100% of your systems.

Question 36

What is System Resilience ?

Answer 36

The ability for a system to run in less than ideal conditions, means it stands a better chance of resisting a security attack.

• Filter Malicious Input - Injection, buffer overflow attacks
• Redundant Components - RAID
• Maintenance Hooks - Removal of undocumented software features that might compromise the system.
• System Security CounterMeasures (aka don’t be verbose)
• Don’t have the system display OS or Patch / version.
• Limiting access to people
• disabling unwanted services
• Using Strong Authentication

Question 37

What is the Orange Book ?

Answer 37

The Trusted Computer System Evaluation Criteria (TCSEC), commonly known as the Orange Book, is part of the Rainbow Series developed for the U.S. DoD by the National Computer Security Center (NCSC) in 1983.

(The current issue was published in 1985.) It’s the formal implementation of the Bell-LaPadula model

Question 38

What are the 4 main hierarchical classes listed in the Orange Book?

Answer 38

D: Minimal protection - (systems that fail evaluation)

C: Discretionary protection (DAC) System deson’t need to distinguish between user and access type.

B: Mandatory protection (B1, B2, and B3)

• B1 - Sensitivity Labels are required for all subjects and stored objects.
• B2 - Sensitivity Labels are required for all subjects and stored objects; trusted path required.
• B3 - ACLs required.

A: Verified protection (A1) - Formal Top-Level Specification (FTLS) required; configuration management procedures must be enforced throughout entiresystem life cycle.

Question 39

what is the Red Book ?

Answer 39

Part of the Rainbow Series, like TCSEC (discussed in the preceding section), Trusted Network Interpretation (TNI) addresses confidentiality and integrity in trusted computer/communications network systems.

Question 40

What is ITSEC ?

Answer 40

The European Information Technology Security Evaluation Criteria (ITSEC)
ITSEC addresses confidentiality, integrity, and availability, as well as evaluating an entire system, defined as a Target of Evaluation (TOE), rather than a single computing platform.

Question 41

What is Common Criteria ?

Answer 41

The Common Criteria for Information Technology Security Evaluation (usually just called Common Criteria) is an international effort to standardize and improve existing European and North American evaluation criteria.

EAL0 - Lowest
EAL7 - Highest

Question 42

What is Accreditation ?

Answer 42

Accreditation is an official, written approval for the operation of a specific system in a specific environment, as documented in the certification report.
Accreditation is normally granted by a senior executive or Designated Approving Authority (DAA).

Question 43

What is DITSCAP ?

Answer 43

The certification and accreditation process has been formally implemented in U.S. military and government organizations as the Defense Information
Technology Security Certification and Accreditation Process (DITSCAP)

Question 44

What are the 4 phases of DITSCAP ?

Answer 44

• Definition: Security requirements are determined by defining the organization and system’s mission, environment, and architecture.
• Verification: Ensures that a system undergoing development or modification remains compliant with the System Security Authorization Agreement (SSAA), which is a baseline security-configuration document.
• Validation: Confirms compliance with the SSAA.
• Post-Accreditation: Represents ongoing activities required to maintain compliance, and address new and evolving threats, throughout a system’s life cycle