Security Architecture and Design Flashcards
Security Model Concepts
Confidentiality
Integrity
Availability
Defense in depth
System Architecture
Process of describing, representing components that make up the planned system and interrelationships between components.
Answer questions like:
what is the purpose of system?
who will use it?
what environment will it operate in?
System Architecture Steps
- System Design Phase - gather system requirements, and manner in which requirements will be met
- Development Phase - HW, SW components assigned for development
- Maintenance Phase - System and Security architecture are evaluated to ensure system operates properly and security is maintained
ISO / IEC 42010:2011 Terminology
Architecture
Describes organization of system including its components and their interrelationships along with principles that guide its design and evolution
ISO / IEC 42010:2011 Terminology
AD - Architectural Description
Set of documents that convey the architecture in a formal manner
ISO / IEC 42010:2011 Terminology
Stakeholder
Individuals, teams, departments including groups outside organization with interests or concerns to consider
ISO / IEC 42010:2011 Terminology
View
Representation of the system from the perspective of a stakeholder or set of stakeholders
ISO / IEC 42010:2011 Terminology
Viewpoint
Template used to develop individual views that establish the audience, techniques and assumptions made
Computing Platforms
Mainframe / Thin Clients
power is on mainframe, clients just used to access it
Computing Platforms
Distributed Systems (Client / Server)
devices have client software that interact with server software
Computing Platforms
Middleware
software that talks between two different systems
ex. Users connect to software that provides interface which accesses databases
Computing Platforms
Embedded Systems
Platform in another system.
System within a system
Embedded in hardware or software
Computing Platforms
Mobile Computing
software running on tablets, phones, etc
Virtual Computing and Security Services
Running multiple instances of operating system on a single server
Security Services
Boundary Control
Placing components in security zones and maintaining boundary control among them
Security Services
Access Control Services
Gives users only the access required to do their jobs
Security Services
Integrity Services
Ensures data moving through OS or application can be verified as not damaged or corrupted
Security Services
Cryptography Services
Encrypting information in transit
Security Services
Auditing and Monitoring Services
Method of tracking the activities of users and of the operations of the system processes
System Components
CPU
Executes all instructions in the code
Multiprocessing allows executing multiple instructions in parallel
CPUs have their own memory
Can work in user mode (user or app) or privileged mode (for operating system)
If instruction for CPU is marked to be performed in privileged mode, it must be a trusted OS Process and is given functionality not available in user mode
System Components
RAM
Desktop SDRAM - Synchronous Dynamic RAM DDR SDRAM - Double Data Rate SDRAM DDR 2 SDRAM - Double Data Rate 2 SDRAM DDR 3 SDRAM - Double Data Rate 3 SDRAM
Laptop
SODIMM - Small Outline DIMM
System Components
ROM
Flash Memory - electronically programmable ROM
PLD - Programmable Logic Device, integrated circuit with internal logic gates that can be changed programmatically
FPGA - Field Programmable Gate Array, a type of PLD programmed by blowing fuse connections on the chip, or using an antiques that makes connection when high voltage applied to junction
Firmware - type of ROM where a program or low-level instructions are installed
Memory Concepts
Associative Memory
Searches for specific data value in memory rather than by specific memory address
Memory Concepts
Implied Addressing
Refers to registers usually contained inside the CPU