Software Flashcards
ASIF
3 Facts
Sparse format
Delta layers
Plugin for Amber
AMBER
Definition
Apple Modular Block Device Library
AEBD
Definition
Apple Encrypted Block Device
KNOX
2 facts
Asset database
Fast and secure storage
NBD
Definition
Network block device
FileVault
Definition, Use on ASM
Storage encryption with volume key
Class C protection on ASM
Data Protection
Definition
File Encryption
Data Vault
Definition
Restrict access to the data of an app from all other requesting apps
Sandbox access controls
Definition
Restrict what data an app can access
GCD
definition and description
Grand central dispatch
Execute code concurrently on multicore hardware by submitting work to dispatch queues managed by the system
Forward secrecy
Definition
Ensures session keys will not be compromised even if long term secrets used in the session key exchange are compromised
ARV
Definition
Authenticated root volume
Evil Maid Attack
Description
An attack on an unattended device, in which an attacker alters it in some undetectable way so that they can later access the device, or the data on it.
ABD
description
file format for external customers that support AMBER like functions
ACS
Definition
Apple Cloud Service
DT
Apple Team
definition, two goals
Developer Tools
Planning to use virtual machine to test different OS and Xcode
replace Xcode simulator
MAC stadium
Purpose
Build and run with macOS in the cloud
Journaling file system
Description
Keep track of uncommitted changes in a data structure to avoid data corruptions
CAS
Apple Technology
Description
Build server
What are the two ways to find build records?
xbs buildrecords
knox download/extract build-record
New train names
Apple builds
Luck iOS
Cheer macOS
Napili watch
Charisma tv
Wonder Xcode
Discovery vision
Libkrun
Description
Rust based virtual machine monitor that links directly to hypervisor framework
Orbstack
Purpose
Run docker container and Linux on macOS VM
Accelerate framework
Apple Software Stack
Description
Make large scale mathematical computations and image calculations using SME and AMX
define, who, what
ESP
Networking Technology
Encapsulating security payload
Member of IPSec set of protocols
encrypt and authenticate the data packets between computers using a VPN
Description
VMNet
Apple Tech
Apple Framework for virtual machines to read and write packets
Description
Stolen time
Time that guest is ready to run but not scheduled
Description
Network link conditioner
Xcode tool to control bandwidth, latency and packet loss
Description
VZVirtioSocketDevice
A device that manages port-based connections between guest and host
Four trap controls for performance monitors
ARM
ARM PMU register
CPMU, UPMU and CLPC registers
How CPMU registers are partitioned
ARM
Guarded vs unguarded
Host vs guest
Two functions of PMCR0_EL1
ARM
Enabling CPMU counters
Configuring overflow interrupts
Description
Apple framework
A bundled shared library (dylib), which contains code and miscellaneous files
3 Facts
libSystem
Apple Tech
Darwinβs most essential library
Services provided by the lowest level of the C runtime
Wrappers over kernel functions
Definition
NMOS
Apple Term
Next mainline OS
Description
Linux namespace
Partition kernel resources such that a process can only access resources of its namespace
protocol, request, handling
VirtioFS
This uses the FUSE protocol, funnels requests through shared memory, and handles them on macOS
Description
Recap
Apple Tech
API and CLI to Synthetically playback events or gestures on a device
what, how, who
Virtio Net
Paravirtualized network device
Use shared memory for data transmission
Adopted in Linux and other operating systems
3 Entitlements
Impacts of entitlements on VM ISA
Apple Tech
security.hypervisor allows generic ISA
Private.hypervisor.apple - allows Apple ISA
private.hypervisor - allows Apple ISA at least but also internal ISA for
Development kernel, AppleInternal, research guests
Darwinβs four kernel interfaces
Apple Tech
System calls
Mach traps
Machine dependent calls (machdep)
Comm page
definition, info, code, management
ACPI
Standard
Advanced configuration and power interface
Description of a computerβs configuration and its various components
Associate drivers with its system peripherals
Platform interfaces for power and system management
definition and four management functions
PSCI
Standard
Power state coordination interface
Core idle management
Dynamic addition and removal of cores
secondary core boot
System shutdown and reset
4 things defined
SMCCC
ARM
Defines a common calling mechanism to be used with SMC and HVC
Defines how registers are used to pass parameters and results
Defines service types
Defines Arm architectural calls
definition and description
NAT
Networking Tech
Network address translation
Map one address space to another by modifying address information in the IP header in transit across a routing device or virtual machine monitor
definition, what, vm, why
TAP
Linux
Terminal access point
Network device mode that allows the creation of a virtual network interface
Support network backend for virtual machines
More performant and capable than SLIRP (user networking)
Description
CentOS
Linux
Linux distribution derived from Red Hat Enterprise Linux
Three VMWare scheduling constraints
Shares
Reservation
Limit
Two ways to put expiring workarounds
Apple Tech
_CFAppVersionCheckLessThan
dyld_program_sdk_at_least
Names of 1000 bytes to the power of 1 to 5
Kilobytes, megabytes, gigabytes, terabytes, petabytes
Names of 1024 bytes to the power of 1 to 5
Kibibytes, Mebibytes, Gibibytes, tebibytes, pebibytes
what, where and how many
PCIe BAR
Virtio Standard
Describe a memory region the CPU accesses to interact with a PCIe device
Defined in configuration space
Each device has 8 functions, and each has 6 BARs
Purpose
Kali Linux
Debian based Linux distribution geared toward information security tasks
definition and description
P2V
Physical to virtual
Migration of physical machines to virtual machines
Description
Libkern
Apple Tech
C++ runtime environment in XNU
what, find, interface, support
IOKit
Apple Tech
Objected oriented kernel drivers
A driver is looked up through IORegistry
Driver properties are provided in IOUserClient
Kernel APIs
definition and 4 features
APFS
Apple Tech
Apple File System
Full 64-bit mode, snapshots, encryption, volume management
what, why
DMG
Apple Tech
Disk image
bundling software distribution into single files and can be mounted as a block device
description
FSEvent
Apple Tech
File system wide notifications
Apple CLI to gather details about every aspect of the system
system_profiler
Apple home applications
MacOS: finder
iOS: SpringBoard
TvOS: Pineboard
WatchOS: carousel
AudioOS: soundboard
Apple HID monitor
MacOS: WindowServer
Others: backboardd
Visible view and user input of MacOS window
Visible view: IOSurface
User input: Tactile layer
what and how to communicate
VirtioBlk
Standard
Simple virtual block device
Communication based on the virtio notification and queues
Isochronous transfer in USB
Transmit at a constant rate for real time information such as audio and video
What, VM consequence
Bridged networking
Replicate another node in the physical network
VM will receive its own IP address if DHCP is enabled in the network
definition and function
SMBIOS
System Management BIOS
Reading management information produced by the BIOS of a computer
definition and 2 facts
MDM
Mobile device management
Securely and wirelessly configure a device by sending profiles and commands
Administer managed preferences
protocol, usage
Apple Open Directory
Light weight directory access protocol (LDAP) implementation from Apple
Organize information about a networkβs users and resources
When isnβt APFS clone used?
Copy to a different volume
Copy nested directory
Extra: cp -c
Conforms, Integrate
REST API
Standard
conforms to the representational state transfer principles
Integrate applications and components in microservices architecture
Mediate, continue, narrow
XPC services
Apple Tech
mediate access to a shared resource
continue work beyond a clientβs lifecycle
narrow the scope of access for different functionality
3 Apple service types
Launch agent
Launch daemon
XPC service
Definition
GPTK
Apple Tech
Game porting kit
Description
Ray tracing
Technique for rendering light transport
Symbols, Prove
Turing machine
Abstract machine that manipulates symbols on a strip of tape according to a table of rules
Prove properties of computation in general
definition and description
IPSW
Apple Tech
iPhone software
File format for most Apple firmware
Apple three commands to debug memory usage
leaks βoutputGraph
Footprint
Vmmap
Description
Owned unmapped memory
Represent memory that your process allocated, shared with another process, unmapped from its own address space but not yet unmapped from the other process address space
Definition
SFR
Apple Tech
System firmware and recovery
Description
EBS
Amazon
Block storage service designed for Amazon Elastic Compute Cloud (EC2)
Description
BSD interface name
Networking
Network driver name followed by a number.
Ex. En0
Definition
Thimble
Apple Tech
Trusted hybrid inference machine learning
definition and description
TCB
Security
Trusted computer base
Set of components that collectively enforce the systemβs security properties
definition and description
Inode
Linux
Index node
Data structure that describes a file or directory
Description
VHDX
Microsoft
Virtual hard disk drive of a virtual machine used by hyper-v
Description
Universal binary
Apple Tech
Package with one binary for each architecture
Apple CLI to see architectures of a universal binary
file
Apple CLI to see details of a Mach O file
otool
Definition
WASM
Web assembly
Description
Shared library cache
Apple Tech
Prelink various commonly used Mach O dylibs into one file per architecture
What does kevent do?
Apple Tech
Block current thread until any of the requested events occur
Definition
SPRR
Apple Hardware
Shadow permissions remap registers
Definition
APRR
Apple Hardware
Access permissions remap registers
Definition
CTRR
Apple Hardware
Configurable text read only region
Definition, Description
CDN
Networking
Content distribution network
Geographically distributed network of proxy servers and their data centers
Definition
UAF
Software Security
Use after free
Description
Palladium
Hardware Tech
In circuit emulation for verification and debug
Definition
AMI
Amazon
Amazon machine image
Description
AWS Nitro
Amazon
Combination of dedicated hardware and lightweight hypervisor for running EC2 instances efficiently and securely
Definition, purpose
VPC
Networking
Virtual private cloud
Networking for cloud based resources and services that is global, scalable and flexible
Link, Run
Tart VM
3rd Party
Link to virtualization framework
Run locally or in the cloud
Description, Purpose
AI quantization
Convert input values from a large set to output values in a small set
Reduce computation demands of AI models
Description
NumPy
Python
Python package for scientific computing
Two keywords and their meanings
Swift structured concurrency
Async to define a method for doing asynchronous work
Await to call an async method
Definition, Description
DPDK
Networking
Data Plane Development Kit
Open source kit consists of libraries to accelerate data processing workloads running on a wide variety of CPUs.
what and why
Apple VideoToolbox
Low level framework that provides direct access to hardware encoders and decoders
For video compression and decompression, and for conversion between raster image formats
Description
Rasterization
Graphics
Converting images in a vector graphics format to raster format used by display monitors
Definition, Description
TBB
C++
Thread building block
C++ template library from Intel for parallel programming on multi core processors
Description
Future
Programming
place holder for the result of an asynchronous operation
Description
Promise
Programming
Set the value of a future once an asynchronous operation is complete
Do, Donβt
Pure function
Programming
Return the same result given the same argument
Cannot be affected by mutable states or other side effects
define, what, why
VFS
File
Virtual file system
Standard interface for all file systems
Enable Linux to support large number of file systems
define, push, pop
SQ
Apple Software
DI2 submission queue
Producer pushes a SQE for a new IO request, which rings the doorbell
Consumer pops a SQE to service the request
define, push, pop
CQ
Apple Software
DI2 Complete Queue
Push a CQE for a completed IO operation, which may invoke a callback function.
Pop CQE to acknowledge
Description
Upward dependency
Programming
Two software modules that have link dependencies on each other
definition, user perspective, OS perspective
TCC
Apple Software
Transparency, consent and control
OS perspective: manager of authorizing system
User perspective: decision input point
Definition, trade mark
ACIO
Apple Tech
Apple Converged Input Output
Apple trade-mark for USB 4.0
definition, connections, routing
OVS
Networking
Open vSwitch
Connecting different VMs and Internet
Route packets from vhost net and NIC
configuration, daemon
Libvirt
Linux QEMU
Translate XML configurations to QEMU CLI calls
Provide admin daemon to manage QMU child processes
Description
vhost protocol
Networking
Allows the virtio data plane implementation to be offloaded to another element (user process or kernel module) for performance
Two meanings
virtio net
Networking
Virtio networking device implementation
Guest kernel front end described in the vhost net protocol
Definition, Description
DPDK
Networking
Data plane development kit
Bypass the kernel networking stack and directly access network devices
definition, two checks
AMFI
Apple Software
Apple Mobile files integrity
Check code signatures
Check they are signed by a trusted authority
Description
ABA problem in concurrency
Programming
A value is read is twice and itβs having the same value is used to conclude nothing has happened in the interim
what, each letter
REMITS
Security
Chain of trust pipeline
Root of trust
Endorsement
Measurement
Identity
Trust
Secrets
Definition, Description
TCG
QEMU
Tiny Code Generator
Dynamic translation backend that translates guest code to host code
what, trust, 3 services
COCONUT SVSM
Linux
Secure VM service module
same trust boundary but isolated from guest operating system
vTPM
UEFI variable store
Live migration for CVMs
definition, 2 facts
IGVM
Linux
Independent guest virtual machine
Encapsulate all the information required to launch a virtual machine on any virtualization stack
Contain measurement
define, how, so what
ARC
Apple Programming
Automatic reference counting
Retain and release are inserted at compile time
Deallocate objects with zero reference
Definition, Description
VPC
Netwoking
Virtual private cloud
An isolated and customizable network within a public cloud
Description
Syntactic sugar
Programming
Programming syntax thatβs easier to read and write
Description
Mersenne twister
Software
Pseudo number generator
security, function
Paravisor
Executed within the VM but higher privilege than the guest OS
Provide virtualization and device services
Description
OpenVMM
Modular cross-platform virtual machine monitor written in Rust
what, parts, why
OpenHCL
Open source paravisor
Consists of OpenVMM, boot loader and Linux kernel
Confidential compute for non enlightened guests
6 Steps
Progression of kernel memory corruption exploit
vulnerability β constrained memory corruption β strong memory corruption β memory read/write β control flow integrity bypass β arbitrary code execution
what, why
Monad
Programming
Structure that combines program fragments and wraps their return values in a type with additional computations
Simplifying common operations and abstracting control flows
what, who
Hyperlight
Microsoft Tech
Open Source Rust library enabling fast and secure execution of small functions using hypervisor based protection
Developed by Microsoft Azure
Virtio initialization: Four Status Bits
Acknowledge
Driver
Features OK
Driver OK
Five parts of virtio device
Device status field
Feature bits
Notifications
Device configuration space
At least one virt queues
Three virtio notifications
Configuration change
Available buffer
Used buffer
Three parts of a virtqueue
Descriptor area - describe buffers
Driver area - data from driver
Device area - data from device
Two virtqueue formats
Split
Packed
Five steps for a buffer to transfer from driver to device and back on split virtqueue
β’ Driver fills a slot in the descriptor table.
β’ Driver writes the descriptor index into the available ring.
β’ Driver sends an available buffer notification.
β’ Device writes the descriptor index into the used ring.
β’ Device sends a used buffer notification.
Three parts of packed virt queues
Descriptor ring
Driver event suppression
Device event suppression
Four steps for sending a buffer to a device and back via a packed virtqueue
- Driver writes an available descriptor for the buffer in the descriptor ring.
- Driver sends an available buffer notification.
- Device writes a used descriptor in the descriptor ring, thereby overwriting a descriptor previously made available.
- Device sends an used buffer notification.
DD, why
vDSO
Linux
Virtual dynamic shared object
Mechanism to export kernel routines to user space
Avoid costs of system calls
Definition, description, 3 components
ATS
PCIe
Address translation service
Converts device IO address to physical address
Translation agent, address translation page table, address translation cache
PCI: PRI: d2
PCIe
Page request interface
Sent by an endpoint to request a page be mapped into system memory for an ATS transaction
CXL: define, 3 facts
PCIe
Compute express link
Open standard interconnect
high speed, high capacity CPU to memory and CPU to device connections
For data center computers
SFINAE: d2
Programming
Substitution failure is not an error
Itβs a powerful technique used in template metaprogramming to enable conditional compilation based on the properties of types.
Suppress buddy flow
Apple Software
defaults write com.apple.purplebuddy SetupFinishedAllSteps -bool YES
graphics
Vulkan
description
Low level, Low overhead cross platform API and open standard for 3D graphics and computing
graphics
MoltenVK
description
Software library that allows Vulkan software to run on top of metal on Apple devices
graphics
Metal
description
low-level, low-overhead hardware-accelerated 3D graphic and compute shader API created by Apple
RO Used
XNU HV State
Indicate a set of registers used by the guest
RW Dirty
XNU HV State
Indicate a set of registers to be set to user provided values
RO Dirty
XNU HV State
Indicate a set of registers to be modified with kernel validated values
RO Valid
XNU HV State
Indicate a set of register value already saved in memory
what, when is it used?
GXF_CONFIG_EL2.HVAC
Disallow writes to guarded mode registers in EL2
Prevent XNU from hosting guarded mode guests
Two types uncategorized errors
XNU
ARM uncategorized exceptions
DTrace
