Chapter 4 - System Architecture Flashcards
(116 cards)
0
Q
IEEE/ISO 42010:2007
A
Systems and software engineering architecture description
1
Q
Computer security
A
Defined as AIC
2
Q
What is an architects job?
A
To successfully create views for each stakeholder into a single global plan
3
Q
Register
A
A temporary storage location for the next CPU task
4
Q
Arithmetic logic unit ALU
A
Actual execution of instructions occurs here, this is the brain of the processor
5
Q
Control unit
A
The traffic cop of the CPU .. It serializes the requests from the registers to the ALU
6
Q
General vs special registers
A
General registers hold variables and temporary data
Special registers hold more static data like program counters and pointers
7
Q
What is the name for the bit that defines user mode vs privileged?
A
Program status word - PSW
8
Q
What is another name for user mode and privileged mode respectively?
A
Problem state and kernel/supervisor mode
9
Q
What is the difference between address bus and data bus?
A
Address bus tells the location what it’s looking for data bus is what allows the data to move between location and CPU
10
Q
LIFO
A
Last in first out
The order things are processed on the memory stack (think mtg)
11
Q
Return pointer
A
Usually the first message in telling where to send the data
12
Q
Stack pointer
A
This is the current stack location while processing a stack
13
Q
Program counter
A
Holds the memory address for the CPU actions needed
14
Q
Cooperative multitasking vs preemptive multitasking
A
Cooperative means the resource programmatically releases the resources and preemptive means that the is controls all processing
15
Q
Ready, blocked and running state?
A
Ready - waiting process
Running - executing process
Block - suspended
16
Q
Process table
A
Think task manager
17
Q
Maskable vs non-maskable interrupt
A
Maskable means that the CPU can ignore it and no maskable means the CPU must immediately execute it
18
Q
Watchdog timer
A
System will reboot if critical systems fail
19
Q
Threads
A
Individual instruction set
20
Q
Software deadlock
A
When a resource is being used by another process and cannot continue, but the other process will not release until the first finishes
21
Q
Process isolation
A
Ensuring that processes cannot use memory space of another process, this is required for preemptive multitasking
22
Q
Process Encapsulation
A
When process A can only speak to an interface from process B
23
Q
Data hiding
A
When one process does not know how another works, it simple sends to the interface between
24
Time multiplexing
Time slices for resources
25
Process naming distinction
PID is used to assist process isolation
26
Virtual memory addressing
Rather than address to memory applications address to the memory space allocated by the OS
27
Abstraction
The details of something are hidden
28
Memory manager functions?
Relocation - swap file, pointers
Protection - limit process access and access control
Sharing - complex controls govern memory space sharing
Local org - allow sharing of procedures like DLL
Physical org - virtual memory management
29
What is a base and limit register?
Base register is the beginning address of a memory segment and limit register is the last address
30
DRAM
Capacitive memory that requires a refresh to ensure the capacitors do not lose charge
31
SRAM
Static memory uses exclusively transistors and does not require refresh
32
Thrashing
Moving data around to free resources for more data
33
What is the difference between EEPROM and flash
EEPROM need firmware updates that write bit by bit over the previous
Flash can be rewritten at the block or device level and acts like a hard drive
34
Absolute addresses vs logical
Physical vs virtual memory
35
Buffer overflow
When the buffer is too large and malicious code can be inserted
If accepted input is larger than input there is a possibility of inserting data
36
ASLR - Address space layout randomization
When an OS randomized and shifts address spaces around in memory
37
DEP - data execution prevention
Locked down memory spaces for certain executables
38
Memory leaks
Not using proper code that will release memory
[system.gc]::collect()
39
Programmed IO
The application requests that the IO take place, this is CPU wasteful
40
Interrupt IO
Byte is sent, CPU moves on, interrupt occurs, byte is sent
This is better but still uses the CPU
41
IO over DMA
Also called unmapped IO
| Does not use the processor, it's just sent from memory to the DMA controller to the device
42
Premapped IO
OS assigns memory address and trusts device not to be malicious
Scary
43
Fully mapped IO
OS brokers the IO requests of untrusted device
44
What is ring architecture?
CPU levels. Ring 0 is unprotected ring 3 would be more protected. The CPU manufacturer decides the number of rings, OS decides how to use them.
45
What does the word domain mean?
A collection of resources
46
Monolithic architecture
MSDOS - user mode / priveledged mode
Too much code could run in a higher mode
47
What is THE?
A layered kernel approach where each later called the next user>IO>interpreter>mem>processor
48
What is data hiding?
When you cannot bypass layers to call sub layers
49
Micro kernel model
It is a smaller kernel subset to promote security, this became slow because of process level changes
50
Hybrid micro kernel architecture
Partially uses the micro kernel for memory specific tasks, mostly uses the driver kernel to handle devices
51
Security policy
Is a strategic tool to indicate how sensitive information is managed
52
TCB
Trusted Computer Base - A collection of all the hardware, software, and firmware security components of a system
53
Trusted path
The path between the user and the TCB
54
Trusted shell
A shell someone cannot get into or out of
55
Security perimeter
Divides the trusted from the untrusted
56
Reference monitor
Used as a reference to user access of an object, this is effectively the law of the TCB
57
Security kernel
All access decisions must go through the security kernel, it is the core of the TCB
58
Multilevel security policy
Each level has it's own security policy of where it can talk to
59
State change model
System model over the premise all states of an object are regulated
60
State transitions
When the state of an object changes
61
Simple security rule
Subject cannot read at a higher priveledge.
62
* property
Cannot write to a level lower
63
Strong star property
Read and write can only function at the level currently on
64
Basic security theorem
If a system starts secure, and all state levels are secure, the system is secure regardless of input
65
Tranquility principle
Subjects and objects cannot change states undefined in the security principle
66
Bell-Lapadula
A security model used in MAC access control systems that specifies rules on read and write
67
Biba model
Similar to Bell-Lapadula but concerned solely on data integrity
68
*-integrity axiom
No write up, so dirty data does not mix with clean data
69
Simple integrity axiom
No read down
70
Invocation property
A dirty subject cannot use a clean tool to contaminate a clean object
71
Clark-Wilson
An integrity model that compartmentalizations data based on programmatic processing
72
Transformation procedures TP
Programmatic operations like read and write
73
Constrained data items CDI
This data is allowed to be manipulated by TPs
74
Unconstrained data items UDI
Users can directly manipulate these items
75
Integrity verification procedures IVP
Checks consistency of CDI against reality
76
Access triple
Subject, object, program
User, CDI, TP
77
Well formed transaction
Using a TP to process a CDI and having it go through an IVP
78
Covert channel
A way for an entity to receive information in an unauthorized secretive way
79
Non-inference
Someone of a lower clearance cannot see state changes of a higher clearance
80
Inference attack
When someone had access to something that goes through a state change that implies what the change means
81
Lattice model
Access is defined as:
Least upper bound
Greatest lower bound
82
Brewer-Nash model (Chinese wall model)
This model is used to prevent conflict of interest
If you access bank A files you cannot access bank B files
83
Graham-Denning model
8 critical security questions to ask especially when programming
84
Harrison-Ruzzo-Ullman model
Ensures access controls are being met at all levels
85
Dedicated security mode
An OS model that means all users have a need to know all information and have signed NDA pertaining the information
86
System high security mode
When a user has the security clearance to see it, but the need to know for only partial portions of the data
87
Compartmented security mode
Just like high security mode, but the highest clearance data enforces who can access the system
88
Compartment mode workstations
Have built in functionality to all multiple clearance levels on the same system
89
Guards
A system used between trust (assurance) levels
90
Assurance rating
An EOL # used to quantify a systems trust
91
Common criteria
A systematic review used to rate a system A-D
92
Division D
This division is the lowest security rating
93
Division C1
Discretionary security protection - access is controlled by user or group low security environment
94
Division C2
Controlled access protection - each individual is authenticated and security events are audited. All mediums containing data cannot store data, ie memory or temp storage
95
Division B1
Label security - each object must contain an accurate security label
96
Division B2
Structured protection - fully documented and defined security policy with stringent authentication and covert channel analysis has been passed
97
Division B3
Security domains - reduction of complexity from B2 .. Reduced code and simplified procedures
98
Division A
Strictly verified and scrutinized B3
99
Rainbow books
Like the orange book/common criteria, but targeted to the business sector
100
Red book
Trusted network interpretation -
Communication integrity
Denial of service prevention
Compromise protection
(Read more on red book/rainbow books)
101
Assurance
Derived from comparing how things actually work to the theory of how they should work
102
What is he history of the TCSEC
TCSEC became Common Criteria
103
ITSEC
European version of the common criteria
104
What is different between TCSEC and ITSEC?
ITSEC has a separate rating for assurance vs functionality
105
EAL
Evaluation assurance level
EAL 1 - functionally tested
2 - structurally tested
3 - methodically tested and checked
4 - methodically designed tested and reviewed
5 - semi formally designed and tested
6 - semi formally verified design and tested
7 - verified design
106
Verified design?
Mathematically proven model
107
How rare protection profiles used in common criteria?
A committed assurance level to develop on and towards
108
What 5 parts make up and protection profile?
```
Descriptive elements
Rationale
Functional requirements
Development assurance requirements
Evaluation assurance requirements
```
109
What steps are taken during the CC (common criteria)?
Protection profile is made - assurance target
Target of evaluation - security target
Security target - how our product does the above
Security functional req. - individual security function proof
Security assurance req. - measures taken during development to assure these requirements are met and confirmable
Packages - what must be met to continue with an EAL rating
110
ISO 15408
International standard linked to common criteria
- 1 - lays out the general concept of the common criteria
- 2 - describes and catalogs security functionality
- 3 - defined assurance requirements with criteria
111
Certification vs accreditation
Certification - the testing of a claim
| Accreditation - acceptance of the risk associated with the certification process results
112
Open vs closed systems
Open standardized interoperability vs exclusively proprietary interoperability
113
Maintenance hook
This is code developed to monitor the software for flaws, these are dangerous security wise..
Think of my /end function!
114
Time of use attack
Similar to race condition, but manipulates something process 2 relies on prior to process 2 running, (a flag in a file)
115
If time of use is mandatory in code how can you avoid this?
Using system locks on the resources required by the process
