Chapter 3 Security Engineering

Question 1

ISO/IEC/IEEE 42010

Answer 1

systems and software engineering – architecture description (outlines specifications for system architecture frameworks and architecture languages)

Question 2

What is an architecture view?

Answer 2

Architecture views expresses architects decision regarding each stakeholders concerns

Each view confirms to a particular viewpoint (eg Logical, physical, structural)

Question 3

Baking in vs Bolting on security

Answer 3

Baking in : At architecture phase

Bolting on: At development phase

Question 4

What do general registers hold

Answer 4

variables and temporary data

Question 5

What do special registers hold

Answer 5

program counter

stack pointer

program status word

Question 6

What does program counter register hold?

Answer 6

memory address of next instruction to be fetched

Question 7

what is the significance of program status word

Answer 7

PSW holds different bits, one of the bits indicates if CPU should be in user mode or privileged mode

Question 8

What are the 6 different types of RAM

Answer 8

1. Static
2. Dynamic
3. Synchronous
4. EDO DRAM
5. Burst EDO DRAM
6. Double data rate DRAM

Question 9

What are the characteristics of Static RAM

Answer 9

• Fast
• takes lot of space
• more costly
• uses transistors

Question 10

What are the characteristics of Dynamic RAM

Answer 10

• slow
• less space
• less costly
• uses capacitors

Question 11

What are the characteristics of Synchronous RAM

Answer 11

Synchronises clock of RAM with that of CPU for faster access

Question 12

What are the characteristics of EDO DRAM

Answer 12

Has a look ahead feature to access data while first one is being sent to CPU

In Burst EDO DRAM, data can be sent in bursts of 4 blocks

Question 13

What are the characteristics of Double Data Rate DRAM

Answer 13

Reads on both clock pulses, effectively doubling speed

Question 14

What are the two common memory protection techniques

Answer 14

Address Space Layout Randomisation (ASLR)

Data Execution Prevention (DEP)

Question 15

What is multi-tasking

Answer 15

multiple programs loaded in memory at same time

AND

multiple programs executed simultaneously by CPU

Question 16

What is difference between multi-tasking and multi-programming

Answer 16

To be checked

Question 17

Asymmetric multi-processisng

Answer 17

Multiple CPUs can be used for processing at same time

Specific applications dedicated to one CPU

Good for time sensitive applications

Question 18

What is Thrashing

Answer 18

when a computer spends more time moving data from one small portion of memory to other rather than processing the data

Question 19

What are the different types of memory addresses

Answer 19

Physical memory addresses used by CPU: Absolute addresses

Addresses used by software : Logical

Known address with offset : Relative addresses

Question 20

Co-operative vs pre-emptive multi-tasking

Answer 20

processes voluntarily release resources vs forcefully (CPU decides amount of time)

Question 21

What is process spawning

Answer 21

creating new child processes is referred to as spawning processes

eg in linux/unix - command interpreter is a process itself and within it when commnads are executed like grep etc, they spawn new processes with characteristics similar to the parent process but with its own memory space

Question 22

In what states can a process be in?

Answer 22

1. Blocked state – waiting for inputs
2. Ready state – waiting to send instructions to CPU
3. Running state – being executed by CPU

Question 23

What are the responsibilities of Operating System

Answer 23

• Creating new processes
• Assigning them resources
• Synchronizing communication
• Making sure nothing insecure is taking place

Question 24

What does the OS Process table contain

Answer 24

• One entry per process in the table
• State of the process
• Stack pointer
• Memory allocation
• Program counter
• Status of open files

Question 25

How does CPU switch between processes

Answer 25

CPU requires all of the information in process table loaded into registers for process execution. When process 1’s time is up and process 2 is to be executed, the process 1 information is moved back to the process table and maintained there till required again for process 1 to execute.

Break between two processes happens using interrupt

Question 26

what are the types of interrupts

Answer 26

Software Interrupts

Hardware Interrupts (used by devices)

Question 27

How do interrupts work

Answer 27

The s/w or h/w raises interrupts to the cpu.

The cpu then acknowledges or entertains the interrupt as per its decision

If one process needs to interrupt another process, OS decices on the priority to determine if the interruption should be allowed

Question 28

Maskable vs non-maskable interrupt

Answer 28

maskable interrupt can be ignored

Question 29

What are the functions of Memory stacks

Answer 29

• Each process has its own stack
• It is in LIFO mode
• Stack pointer is used to indicate to CPU where it is within the stack
• Last instrcutuion in stack is the return pointer where the results or control are transferred

Question 30

What is a thread

Answer 30

A thread is made up of the individual instruction set and the data that must be worked on by the CPU

Question 31

Who creates a thread

Answer 31

A thread is created by a process

Each thread shares same resources of the process that created it eg memory space, file access

Question 32

What is multi-threading

Answer 32

Application running multiple tasks via threads at the same time

Question 33

Give an example of how process can become malicious

Answer 33

An attacker can inject malicious instructions in a process. Since process is already verified by OS and running, such injections can end up executing the attackers code. To prevent this, processes should only accept instructions from a approved entity and that the instructions are validated before execution

Question 34

What is a software deadlock

Answer 34

process A commits resource 1 and needs resource 2 to do the job while process B has committed resource 2 and needs resource 1 to do the job

Question 35

Why is process isolation required

Answer 35

To ensure different processes do not step on one another

Question 36

What are the 4 ways process isolation can be achieved

Answer 36

1. Object encapsulation
2. Time multiplexing of resources
3. Virtual memory mapping
4. Naming distinctions

Question 37

What are the goals of memory management

Answer 37

1. Provide an abstraction layer for programmers
2. Maximise performance using limited memory pool
3. Protect OS and Apps in memory

Question 38

What are the memory manager roles

Answer 38

1. Physical Organisation
2. Logical Organisation (Abstraction)
3. Protection (limit as per privilege)
4. Sharing
5. Relocation (swap different types)

Question 39

How are base and limit registers used

Answer 39

CPU assigns base and limit memory address to process

CPU compares the base and limit address in the thread that is sent to it for execution

Question 40

How is data held in RAM

Answer 40

Encyrpted data is generally unencrypted while it resides in RAM. However if the RAM uses HDD as virtual memory, this unencrypted data or the keys can become available in the HDD To attackers in unencrypted form

Question 41

What are the ways CPU and Memory interacts with IO devices

Answer 41

1. Programmable IO (CPU sends information and waits for IO, wastes time)
2. Interrupt driven IO ( CPU moves on to other tasks till IO is ready. Overheads of managing multiple interrupts)
3. Direct Memory Access/ DMA – IO is fed by the DMA controller. This is also known as unmapped IO
4. Pre-mapped IO – CPU trusts IO device and lets it access physical memory directly
5. Pre-mapped IO – CPU trusts IO device and lets it access physical memory directly

Question 42

What do protection mechanisms of the OS ensure

Answer 42

• processes do not negatively affect each other or critical components of the system itself
  1. Memory Protection
  2. Ringed architecture

Question 43

What is a process domain

Answer 43

A collection of resourcese available to the process such as

• memory segments,
• files,
• system services,
• peripheral devices etc

Question 44

What are the different types of OS Architectures?

Answer 44

1. Monolithic
2. Layered OS
3. Microkernel
4. Hybrid Microkernel

5.

Question 45

What are the featuers of monolithic architecture

Answer 45

all OS processes work in kernel mode.

Applications avail services through system calls.

Too many components interact directly with hardware which increases complexity

Question 46

Explain Layered OS architecture

Answer 46

separates system functionality into hierarchical layers (however a lot of code still ran in kernel mode)

Question 47

Explain Microkernel architecture

Answer 47

Only certain areas such as memory management and interprocoess communication run in kernel mode. Other OS compoentns such as protocols, device drivers etc run in User mode. However this too affected performance since mode transitions (ie from user mode to kernel mode) had to be done

Question 48

How does a hybrid microkernel work

Answer 48

1. All OS processes run in kernel mode
2. Core processes run within a microkernetl
3. Others run in a client server model

(Windows uses hyrid microkernel)

Question 49

What is a trusted computing base

Answer 49

a collection of hardware, software and firmware that provides and enforces security

Some of them are directly responsible for security e.g memory manager, others need to behave eg. Not attempting direct access to hardware etc

in a way , the OS kernel is the TCB

Basically any part of a system that can be used to compromise the system or put it in an unstable condition is considered part of the TCB

Question 50

What is a trusted path?

Answer 50

a communication channel between user/application and TCB

Question 51

What is the role of OS in relation to TCB

Answer 51

TCB Executes in its own execution domain

OS ensures that TCB and nonTCB processes interact in a secure manner

Question 52

What is the security perimeter in relation to TCB

Answer 52

It is the imaginary boundary between the trusted and non trusted

Communication across perimeter is controlled by interfaces ie APIs

Question 53

What is a reference monitor

Answer 53

A mechanism that ensures subject’s (program/user/processes) access to objects (file/program/resource) within the OS are as per necessary permission

Question 54

What does a reference monitor implement

Answer 54

1. Mediates all access between subjects and objects
2. Ensures subjects have necessary access rights
3. Protect objects from unauthorise access and destructive modification
4. Defines the design requirement that a reference validation mechanism must meet
5. Access control decisions made in a central concerted manner

Question 55

Define key features of security kernel

Answer 55

1. It is the core of the TCB
2. Mediates all access and functions between subjects and objects
3. Implements and enforces the reference monitor concept

Question 56

What are the three main requirements that a security kernel should fullfill

Answer 56

1. o Process carrying out reference monitor should be isolated and tamperproff
2. o Must be invoked for every access attempt
3. o Must be small enough to be tested and verified in a complete comprehensive manner

Question 57

Distinguish between Reference monitor, Security Kernel, and Trusted computing base

Answer 57

Reference Monitor

Security Kernel

Trusted Computing Base

Abstract model of controlling access of subject to object

Implementation of reference monitor through hardware , software and firmware

Sumtotal of all components in a system that enforce a security policy (includes security kernel)

Question 58

What is a security model

Answer 58

1. • Maps the abstract goals of the security policy to information system terms
2. • Specifies explicit data structures and techniques necessary to enforce security policy
3. • Usually represented as mathematical and analytical ideas

a security policy provides certain goals and the security model provides the necessary mathematical formulas, relationships and logic structure to be followed to accomplish this goal

Question 59

-Key points of Bell Lapadula

Answer 59

Uses Security Levels

1. Simple security rule (No read up )
2. * Property (no write down)
3. Strong star property (read/write only on same level)

Question 60

Key points of Biba model

Answer 60

Uses Integrity levels

1. • *-integrity axiom (no write up)
2. • Simple integrity axiom (no read down)
3. • Invocation property (lower integrity subject cannot invoke higher integrity subject)

Question 61

What does “Simple”and * mean in security models

Answer 61

(If the word simple is used, it is about reading. If the word * is used it is about writing)

Question 62

What is the Clark-wilson model

Answer 62

it is an integrity model

users data access only through program

separation of duties is enforced

Question 63

what are the 4 elements used in clark wilson

Answer 63

1. • Transformation procedure (TP)
2. • Constrained Data items (CDI)
3. • Unconstrained data items (UDI)
4. • Integrity verification procedures (IVP)

Question 64

How does Clark-wilson model work

Answer 64

1. • Users cannot directly access CDI
2. • TP will carry out operations on behalf of user (user cannot modify without using TP)
3. • “Access triple” of subject (user)/ program (TP) / Object (CDI)
4. • UDI does not require high level of protection and can be manipulated directly by user
5. • IVP ensures data manipulation follows defined integrity rules

Question 65

What is non-interference model

Answer 65

• concerned with what a subject knows or can come to know about the state of the system
• Higher level process should not be able to affect a change to a lower level process

Question 66

What is the real intent of noninterference model

Answer 66

to address covert channel communications

Question 67

what is the Brewer and Nash model (Chinese wall)

Answer 67

ubject can read / write to object if and only if subject cannot read another object that is in a different data set

Protects from conflict of interest

Question 68

What are the eight primitive protection rules from Graham Denning model

Answer 68

How to securely create & delete a subject and object (4)

How to securely provide read / grant / Delete/ Transfer access right (4)

Question 69

What is the Harrison-Ruzzo-Ullman model

Answer 69

Maintains the integrity of the access rights

(in situations where command X requires execution of A,B,C,D processes in order to succeed, it is essential to ensure that X has the right levels of access rights for all 4)

Question 70

What is ISO/IEC 15408

Answer 70

It is “common criteria”for systems evaluation.

A framework in which

• Users specify security requirements from a product
• Vendor makes claim of how product meets the requirement
• Independent labs test the product

Question 71

What are the two questions that common criteria help to answer?

Answer 71

1. What does the product’s security mechanism do (functionality)
2. How sure are you of that (assurance)

Question 72

What are the 7 evaluation assurance levels (EAL) of common criteria

Answer 72

EAL 1 – Functionally tested

EAL 2- Structurally tested

EAL 3 –Methodically tested and check

EAL 4 – Methodically designed, tested and reviewed

EAL 5 – Semiformally designed and tested

EAL 6 – semiformally verified design and tested

EAL 7 – formally verified design and tested

Question 73

What is the meaning of formal verification in common criteria

Answer 73

Formal verification means it is based on a system that can be mathematically proven

Question 74

What are the protection profiles used by common criteria in its evaluation process

Answer 74

Provides a means to identify specific security needs

Provides goals and security mechanisms to achieve the security level

Generally contains three sections

• Security problem description (problem statement)
• Security problem objectives (functionality required in order to address problem statemet)
• Security requirements (specific requirements that can be used by developers and evaluators alike)

Question 75

what is the relevance of protection profiles in common criteira

Answer 75

protection profiles describe the functionality, assurance, description and rationale of product requirements

Question 76

Is it enough to have certification on a specific assurance level?

Answer 76

Having a specific assurance level means the product has the potential to provide required security. It needs to be properly configured by customer by using vendor documentation and maintained throughout its life-cycle to obtain the rated level of security

Question 77

What are the Different components of common criteria

Answer 77

Protection profile – Defines problem statement ie description of a needed security solution

Target of evaluation (TOE) – proposed product

Security Target – vendor statement of “This is what our product does and how it does it”

Security functional requirements – Individual security functions details

Security assurance requirements – measures to ensure compliance with functionality

Packages –EAL – describes what must be met to achieve specific EAL ratings (functional and assurance requirements bundled for reuse)

Question 79

What are the different levels of parallel computing

Answer 79

Bit level paraleelism (most CPUs use this today. Hence 64 bit is faster than 32 bit architectures)

Instruction level parallelism ( works on multi-core CPU concept)

Task level parallelism ( each task/thread runs in parallel)

Data parallelism – distribution of data on big data platforms

Question 80

What are some of the security issues related to database?

Answer 80

Aggregation ( using a subset of information to derive the whole story)

Inference (using individual pieces to infer data e.g a clerk accessing food movements to track troop movement)

Question 81

How can inference based attacks be prevented

Answer 81

• Content dependent checks (security levels)
• Context dependent checks (sequence of access, abnormal pattern of access etc)
• Cell Suppression (hide specific cells that contain information)
• Partitioning
• Noise and perturbation (adding dummy or nonsense data)

Question 82

What are the three different type of Industrial Control Systems

Answer 82

1. Programmable Logic Controllers (PLC) – these were used to control individual conveyor belts or other manufacturing machinery
2. Distributed control systems (DCS) – PLC is localized to a machine, but DCS can be used for supervised, coordinated control across machines
3. Supervisory control and data acquisition (SCADA) – across longer distances, eg DCS could be used for a single power plant while SCADA used across a power distribution network

Few common threats

Question 83

What are maintenance hooks

Answer 83

use of backdoors by deverlopers to gain access to code for troubleshooting or updates. Can be misused by attackers if found out

Question 84

What is TOC/TOU attack

Answer 84

time of check and time of use. Attacker jumps in between two tasks and modifies something to control the result

Question 85

What is a race condition

Answer 85

an attack in which attacker makes processes execute out of seqeuence to control the result ( e.g performing authorization before authentication)