Udemy Sections 7-8 Supply Chain Management and Virtualization Flashcards
Ensuring that the operation of every element (hardware, firmware, driver, OS, and application) is consistent and tamper resistant establishes a what?
Trusted computing environment
A legal principle identifying a subject has used best practice or reasonable care when setting up, configuring, and maintaining a system
Due diligence
Properly resourced cybersecurity program
Security assurance and risk management processes
Product support life cycle
Security controls for confidential data
Incident response and forensics assistance
General and historical company information
You must consider all of these things in order to do what?
Due diligence
A microprocessor manufacturing utility that is part of a validated supply chain (one where hardware and software does not deviate from its documented function)
Trusted Foundry
Who operates the Trusted Foundry Program?
DoD
What does the Trusted Foundry do?
Ensures that microprocessors in a supply chain are secure. It is run by the DoD.
The process of ensuring that hardware is procured tamper-free from trustworthy suppliers
Hardware source authenticity
ROT stands for
Root of Trust
A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics
ROT (Root of Trust)
Hardware that is used to scan the boot metrics and OS files to verify their signatures, which we can then use to sign a digital report
Hardware root of trust
What is the most common ROT?
TPM (Trusted Platform Module)
A specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information
TPM (Trusted Platform Module)
Which part is the part of your system that ensures when your computer is booted up, it does so securely?
TPM (Trusted Platform Module)
What is the program name to manage the TPM in your Windows computer?
tpm.msc
OR you can manage the TPM through group policy
An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software-based storage
HSM (Hardware Security Module)
Methods that make it difficult for an attacker to alter the authorized execution of software
Anti-tamper
FPGA stands for
Field programmable gate array
PUF stands for
Physically unclonable function
What type of mechanisms are FPGA and PUF?
Anti-tamper mechanisms
What do FPGA and PUF do?
When an attacker attempts to tacker with a system, these mechanisms zero out your cryptographic key, which wipes out the info on that system. That way, you know the system has been tampered with.
A type of exploit that gives an attacker an opportunity to run any code at the highest level of CPU privilege
Firmware exploit
A type of system firmware providing support for 64-bit GUI operation at boot, full GUI and mouse operation at boot, and better boot security
UEFI (Unified Extensible Firmware Interface)
A feature of UEFI that prevents unwanted processes from executing during the boot operation. Checks each process for digital signatures. If a process does not have a legitimate digital signature, it will not be loaded.
Secure boot
A UEFI feature that gathers secure metrics to validate the boot process in an attestation report. How much time each process takes to load, etc.
Measured boot
A claim that the data presented in the report is valid by digitally signing it using the TPM’s private key
Attestation
A means for software or firmware to permanently alter the state of a transistor on a computer chip.
It uses one-time programming to secure cryptographic keys and other security information during the development process. If someone attempts to tamper with the firmware, this triggers, and the system that had been tampered with will no longer be trusted.
eFUSE