Domain 3: Security Engineering: Secure System Design Concepts Flashcards Preview

CISSP > Domain 3: Security Engineering: Secure System Design Concepts > Flashcards

Flashcards in Domain 3: Security Engineering: Secure System Design Concepts Deck (11):

What is Layering?

Separates hardware and software functionality into modular tiers.


What is in the generic list of security architecture layers?

1. Hardware
2. Kernel and device drivers
3. Operating System
4. Applications


What is Abstraction?

Hiding unnecessary details from the user. The more complex a process is, the less secure it is.


What are Security Domains?

A security domain is a list of objects a subject is allowed to access.
Example 1: Confidential, Secret, and Top Secret are three security domains used by the DoD.
Example 2: Most modern operating systems separate the kernel mode from user mode.


What is the Ring Model?

It is a form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode) from each other.


What are the theoretical rings in the Ring Model?

Ring 0: Kernel
Ring 1: Other OS components that do not fit into Ring 0
Ring 2: Device drivers
Ring 3: User Applications


How do processes communicate between rings?

Processes uses system calls to communicate between rings. System calls are slow but provide security. This provides abstraction.


What rings do Linux and Windows operating systems use?

Ring 0 and Ring 3.


What is hypervisor mode?

Considered to be Ring -1, it allows virtual guests to operate in ring 0 controlled by the hypervisor.


Name two CPUs that support hypervisor.

Intel VT (Intel Virtualization Technology, aka "Vanderpool")
AMD-V (AMD Virtualization, aka "Pacifica")


What is the difference between open and closed systems?

An open system uses open hardware and standards. Closed systems use hardware and software that are proprietary.