Domain 3, Security architectures, designs, solution elements

Question 1

Modes of Operation (security)

Answer 1

Way of an operating system to work at certiain levels of security.

Question 2

Dedicated Mode

Answer 2

System contains objects of only one classification label. All subs must have clearance at least as high as the object

Question 3

System High mode

Answer 3

contains mixed object levels. All subs must have clearance equal to the highest object classification.

Question 4

Compartmented mode

Answer 4

Ass subs have necessary clearance, but also are required to get formal access approval. Need to know. Compartmented information better allows for need to know access.

Question 5

Multilevel mode

Answer 5

Contains mixed object classes. The Reference Monitor controlls access between subjects and objects. Ensures subjects can only access info at their level.

Question 6

Orange book

Answer 6

TCSEC, first security standard. Most concepts still in use today.

Question 7

TCSEC

Answer 7

Trusted Comp System Evaluation Criteria

Question 8

Orange Book - Divisions

Answer 8

D- lowest
C
B
A - highest

Question 9

Classes

Answer 9

i.e. C1, C2, A1, A2. Higher is more secure

Question 10

TNI/Red book

Answer 10

Trusted Network INterpretation. Uses orange book concepts to apply to networks.

Question 11

ITSEC

Answer 11

Information tech security evaluation criteria

Question 12

ITSEC

Answer 12

first successful internation eval model

Question 13

ITSEC Assurance ratings

Answer 13

E0 - E6

Question 14

ITSEC Functionality rating

Answer 14

F-C1, F-c2, F-b1, F-b2, F-b3

Question 15

International Common Criterai

Answer 15

replaces ITSEC and TCSEC. Designed to evaluate commercial and govt systems.

Question 16

Common Criteria ToE

Answer 16

Target of evaluation. System or product being evaluated

Question 17

Common Criteria ST

Answer 17

Security Target. Documentation that describes the ToE, including sec requirements and operational env.

Question 18

Protective Profile

Answer 18

unique set of sec. reqs for a specific category of products (i.e. firewall, end user pc, intrusion detect.)

Question 19

Eval Assurance Levvel

Answer 19

EAL = score of the tested product or system

Question 20

EAL Levels

Answer 20

EAL1 through EAL7

Question 21

EAL1

Answer 21

Functionally tested

Question 22

EAL2

Answer 22

Structurally tested

Question 23

EAL3

Answer 23

Methodically tested and checked

Question 24

EAL4

Answer 24

methodically designed, tested, and and checked

Question 25

EAL5

Answer 25

semi formally designed and tested

Question 26

EAL6

Answer 26

semi formally verified, designed, and tested

Question 27

EAL7

Answer 27

Formally verified, designed, and tested.

Question 28

Layering

Answer 28

separates hardware and software functionality into tiers

Question 29

Example sec. architecture layers

Answer 29

1. Hardware
2. Kernel and drivers
3. OS
4. Apps

Question 30

Abstraction

Answer 30

Hides unnecessary details from the user.

Question 31

Sec. domains

Answer 31

list of objects a subject is allowed to access. Erros between domains don’t affect each other.

Question 32

Kernel Mode

Answer 32

sec. domain. where the kernel lives. allows low level access to memory, cpu, disk, etc.

Question 33

User mode

Answer 33

sec. domain where users live.

Question 34

Ring model

Answer 34

CPU Hardware layering that separates and protects domains.

Question 35

Rings in the ring model

Answer 35

0 - kernel
1 - OS components not fitting in ring 0
2 - Device drivers
3 - User apps

Question 36

System Call

Answer 36

Method for a process to communicate between rings.

Question 37

Hypervisor ring

Answer 37

HV lives in ring 0

Question 38

Open and closed systems

Answer 38

Open - windows, linux

Closed - MAC-OS

Question 39

Sec Hardware Architecture

Answer 39

Focuses on applying CIA to physical components of a computer.

Question 40

System Unit

Answer 40

Computer case

Question 41

Motherboard

Answer 41

holds cpu, memory, firmware (bios), and connects to peripherals.

Question 42

Computer Bus

Answer 42

primary comms channel on a computer system.

Question 43

Northbridge

Answer 43

in system with two busses,

AKA MCH Memory control unit

connects CPU, RAM, and video cards.

Question 44

Southbridge

Answer 44

ICH - input/output controller hub

Question 45

southbridge

Answer 45

Connects to input output peripherals

Question 46

CPU

Answer 46

• doi

Question 47

ALU

Answer 47

subsystem of CPU. performas math processes. fed instructions by the Control unit

Question 48

CU

Answer 48

subsystem of CPU. Acts as traffic cop for running processes.

Question 49

Process steps

Answer 49

1. fetch inst.
2. decode inst.
3. execute instruction
4. write result

Question 50

Fetch and Execute

Answer 50

CPU runs only one process at a time. Takes full clock cycle for one process.

Question 51

pipelining.

Answer 51

way for CPU to work through multiple instructions at once.

i.e. at the same time:

1. Fetching instruction 4
2. decoding instruction 3
3. executing instruction 2
4. writing instruction 1.

Question 52

interrupts

Answer 52

Asynchronus event - causes CPU to stop what it’s doing, do another process, then resume the task it was previously in the middle of.

Question 53

Process

Answer 53

Executable program and its’ associated data loaded and running in memory.

Question 54

HWP

Answer 54

Heavy weight process AKA task.

Question 55

Thread

Answer 55

a child process started from another ‘parent’ process. LWP.

Question 56

LWP

Answer 56

light weight process - thread

Question 57

Threads can ______ Memory

Answer 57

share.

Question 58

Process states

Answer 58

New, ready, running, blocked, terminate

Question 59

Process State - New

Answer 59

process is being created

Question 60

Process State - Ready

Answer 60

process waiting execution by cpu

Question 61

Process State - running

Answer 61

process is being executed

Question 62

Process State - blocked

Answer 62

waiting for I/O

Question 63

Process State - terminate

Answer 63

Process is completed

Question 64

Multitasking

Answer 64

Allows cpu to run multiple tasks at once.

Question 65

Multiprocessing

Answer 65

Runs multiple processes on multiple CPUs

Question 66

SMP

Answer 66

Symmetric Multiprocessing - uses one OS for all CPUs

Question 67

AMP

Answer 67

asymmetric multiprocessing. Uses one OS per CPU

Question 68

CISC

Answer 68

Complex instruc. set computer

uses large set of complex machine language instructions

Question 69

RISC

Answer 69

Reduced instruct. set computer

uses reduced set of simpler machine language instructions.

Question 70

Direct Memory addressing

Answer 70

Address is based off of physical memory location.

Question 71

Indirect memory addressing

Answer 71

address based off of memory reference

Question 72

register direct addressing

Answer 72

register directly references memory location

Question 73

register indirect addressing

Answer 73

register references another register memory location

Question 74

Memory protection

Answer 74

Prevents one process from affecting the CIA of another process. Requirement for secure multi-user systems.

Question 75

Process isolation

Answer 75

logical control that prevents a process from interfering with another process

Question 76

Hardware segmentation

Answer 76

Further isolates processes by assigning them physically separate memory locations.

Question 77

Virtual memory

Answer 77

provides virtual mapping between apps and system memory.

Question 78

Swapping

Answer 78

uses virtual memory to move contants to/form primary memory and secondary memory.

Question 79

BIOS

Answer 79

basic input/output system

Question 80

WORM Storage

Answer 80

write once read many (CDs, DVDs, Tapes)

Question 81

Trusted platform module

Answer 81

module that adds further security to a system. typically connected straight to Mobo

Question 82

DEP

Answer 82

Data Execution Prevention - attempts to prevent code execution in memory locaations that are not predefined to have executable content.

Question 83

ASLR

Answer 83

Address space location randomization

randomizes the location of instruction sets between different machines. This makes it more difficult to execute attacks.

Question 84

Monolithic Kernel

Answer 84

Compilied into one static executable and the entire kernel runs in supervisor mode. runs in ring 0

Question 85

Microkernels

Answer 85

these are modular. Kernel functions are split up into modules. Modules often operate in ring 3.

Question 86

Reference monitor

Answer 86

mediates access between all subjects and objects.

Question 87

Linux and Unix file permissions

Answer 87

R -read
W - write
X - execute

Question 88

Linux permisson levels

Answer 88

owner
group
world

Question 89

Microsoft PErmissions

Answer 89

Read
Write
Read and Execute
Modify
Full Control

Question 90

priveleged programs

Answer 90

UNIX and linux only. Program that has root access to a very specific set of file.s

Example - a user doesn’t have access to the password file.

The password program does though. So a user can change their own password with the passwd program.

Question 91

Virtualization sec. issues

Answer 91

Multi guest on one host

If host is compromised, potentially so are all vms

Question 92

IAAS

Answer 92

infrastructure as a service. i.e. linux server hosting, windows OS hosting. Phone system hosting.

Question 93

PAAS

Answer 93

Platform as a service. Web service hosting.

Question 94

SAAS

Answer 94

software as a service - webmail.

Question 95

Grid computing

Answer 95

computers all over the world working together to process some goal/information.

Question 96

Large scale parallel data system

Answer 96

Not sure how this is different from grid computing

Question 97

Peer to peer

Answer 97

bittorrent, napster,

Question 98

Thin client

Answer 98

PC without CPU or Memory. share centralized compute resources.

Question 99

Diskless workstation.

Answer 99

uses network storage

Question 100

Thin client apps

Answer 100

Use a web browser as a universal client.