Ch. 5 Security Architecture

  1. System Architecture - 3 main components
    • CPU – Central Processing Unit
    • Storage devices – includes both long and short-term storage, such as memory and disk
    • Peripherals – includes both input and output devices, such as keyboards and printer
  2. ALU
    Arithmetic Logic Unit - Performs mathematical and logical operations on the CPU ("brain of the CPU")
  3. register
    General Registers
    Special Registers
    • Temporary storage location
    • General Registers - Hold variables and temporary results from ALU (scratch pad)
    • Special Registers - dedicated registers hold information .. program counter, stack pointer, and program status word (PSW)
  4. Control Unit
    manages and synchronizes the system while different applications are running. Overseas instruction sets, fetches the code, interprets the coed (Traffic cop).
  5. Program Counter Register
    Contains the memory address of the next instruction to be fetched (secretary and boss)
  6. Stack
    Memory segment the process can read from and write to .. cafeteria trays ("last in, first off)
  7. PSW
    • Program status word - holds condition bits.
    • user mode (problem state) - for application instructions
    • privileged mod (kernal or supervisor mode) - for operating system instructions
  8. Address bus
    A hardwired connection to the RAM chips in the system and the individual I/O devices (Cd-rom, USB, hard drive)
  9. Data bus
    The circuitry associated with the memory or I/O device recognizes the address the CPU sent down the address bus and instructs the memory or device to read the requested data and put it on the data bus.
  10. Multi-Processing - Symmetric
    The processors are handed work as needed.
  11. Multi-processing - Assymetric
    Dedicated processor for sensitive application. All other commands (other applications and operating system) are sent to other CPUs.
  12. Processor evaluation
    • Microns - width of smallest wire on CPU chip
    • Clock Speed - Speed at which it can execute instructions
    • Data Width - The amount of data the ALU can accept and process
    • MIPS - millions of instructions per second
  13. mult-programming
    More than one process can be loaded into memory at a time
  14. multitasking
    Cooperative multitasking
    Preemptive multitasking
    • Cooperative - required the processes to voluntarily release resources they were using. If the application was the written correctly, the application would not give up resources.
    • Preemptive - Operating system controls how long a procss can use a resource
  15. Process Table
    One entry per process. Records process state, stack pointer, memory allocation, program counter and status of open files in use.
  16. Interrupts
    When a device or process needs to communicate with CPU it waits for the interrupt to be called.

    Maskable - assigned to an interrupt event that is not very important and the program continues to process (ignores interrupt)

    Non-maskable Interrupts - can never be overridden by an application because the event that has the type of interrupt is critical
  17. Thread
    Individual instruction set and the dat that must be worked on by the CPU.
  18. Multiprogramming
    Multiprogramming - an OS can load more than one program in memory at one time

    Multitasking - an OS can handle requests form several different processes and loaded into memory at the same time

    Multithreading - An application has the ability to run multiple threads simultaneously.

    Multiprocessing - a computer has more than one CPU
  19. Time multiplexing
    Allows processes to use the same resources
  20. Memory Manager
    • Relocation
    • Protection
    • Sharing
    • Logical Organization
    • Physical Organization

    Image Upload 2
  21. base register
    limit register
    base register - contains the beginning address that was assigned to teh process

    limit register - contains the ending address
  22. Memory Protection Issues
    Image Upload 4
  23. RAM
    Random Access Memory - Temporary data storage facility where data and program instructions can temporarily be held and altered
  24. DRAM
    Dynamic RAM - Data being held in RAM memory cells are 'dynamically' being refreshed. (If not the charge w/in the capacitor would go out and you would lose the data).
  25. SRAM
    Static RAM - Does not use capacitors, uses transistors which can keep a charge. Because of this it is faster, but takes up more space on the RAMP chip. SRAM is more expensive and is used on the CPU chip. DRAM is cheaper and is used in the RAM chip.
  26. SDRAM
    Synchronous DRAM - Synchronizes itself with the system's CPU and RAM input and output - timing of the memory activities are synchronized - increases the sped of transmitting and executing data.
  27. EDO DRAM
    Extended Data Out DRAM - Faster than DRAM because DRAM can access only one block of data at a time. EDO DRAM can capture the next block of data while the first block is being processed. (look ahead feature)
    Burst EDO DRAM - works like EDO DRAM, but can send more data at one burst. It reads an send up to four memory addresses in a small number of clock cycles.
    Instead of carrying out one operation per clock cycle, can carry out two operations per clock cycle. Twice the throughput of SDRAM.
  30. ROM
    Read-only memory - nonvolatile memory type - when the power is turned off the data is still held in data chips.
  31. PROM
    Programmable Read Only Memory - Form of ROM that can be modified after it has been manufactured. Can only be programmed one time. The instructions are "burned int" PROM using specialized PROM programmer device.
  32. EPROM
    Erasable and programmable read-only memory - can be erased, modified, and upgraded.
  33. Flash Memory
    Solid-state technology, used more as a hard-drive than as memory
  34. Cache memory
    Type of memory that is used for high-speed writing and reading activities.
  35. Memory Mapping
    Absolute Addresses
    Logical Addresses
    Relative Addresses
    Absolute addresses - physical memory addresses that the CPU uses

    logical addresses - Indexed memory addresses that a software uses

    relative address - Based on a known address with an offset value applied.
  36. Operating System Architecture
    Image Upload 6
  37. Operating System Protection Rings
    Privileged state in the center ring. (Privileged mode). Less access in out rings for other applications (User Mode).

    Image Upload 8
  38. Monolithic Operating System Architecture
    Made up of procedures that can be called upon (big mess, MS DOS). All kernal activity performed in privileged mode.
  39. Layered Operating System Architecture
    Seperates system functionality into an hierarchy (Layer 0, 1, 2, 3, etc), THE, VAX, VMS, Unix
  40. execution Domain
    A process in a privileged domain needs to be able to execute its instructions and process data without being interrupted by other processes
  41. Programmed I/O
    CPU send data to an I/O device adn polls the device to see if it is ready to accept more data. This wastes CPU time.
  42. Interrupt-Driven I/O
    The CPU sends a character over to the printer and then goes and works on anothe process request. The printer will send a message that it ready for the next character .. and so on .. The CPU is not waiting for each byte to be printed (programmable I/O) - CPU is wasting time with interrupts
  43. I/O Using DMA
    A way of transferring data between I/O devices and the system's memory without the using the CPU. The DMA controller feeds the characters to the printer without bothering the CPU (unmapped I/O.)
  44. Premapped I/O
    The CPU sends teh physical memory address of the requesting process to the I/O device, and the I/O device is trusted enough to interact with the contents of the meory directly. The CPU does not control the interaction between teh I/O device and memory.
  45. Fully Mapped I/O
    The OS does not fully trust the I/O device. The physical address is not given to the device. The device works purely with logical addresses and works under the security context of the requesting process.
  46. TCB
    Trusted Computing Base - total combination of protection mechanisms within the computer system. (hardware, software, and firmware) The system is sure these components will enforce the security policy.
  47. Processes within TCB
    Process Activation - activating a process - CPU fills registers with data relating to process( program counter, base and limit addresses, user/prvileged mode) Interupts called upon and process interactes with CPU

    Execution Domain switching - CPU switches from executing in privileged mode to user mode

    memory protection

    I/O protection
  48. reference monitor
    abstract machine that mediates all access subjects have to objects, subjects have the necessary access rights .. and to protect the objects from unauthorized access and destructive modification.

    E.g. Laws = reference monitor
  49. The security kernel
    The security kernal is the mechanism tha tactually enforcs the rules of the reference monior concept.

    • The secrurity kernel must
    • 1) isolate processes carrying out the reference monitor concept,
    • 2) must be teamperproof
    • 3) must be invoked for each access attempt
    • 4) msut be small enough to be properly tested
  50. security domain
    All othe objects available to a subject
  51. Data hiding
    Data hiding occurs when processes work at different layers and have layers of access control between them. Processes need to know how to communicate only with each other's interfaces.
  52. state machine model
    deals with the different states a system can enter. If a system starts in a secure state, all transacion sna d and shutdown and fails securely
  53. Lattice Model
    lattic model provides an upper bound and lower bound of authorized access for subjects
  54. Information Flow security model
    Information Flow security model does not permit data to flow to an object in an insecure manner.
  55. Bell-Lapadula Model
    • Subject to object model - Objects you are able to access
    • Used to provide CONFIDENTIALITY
    • Used primarily in Military systems

    3 main rules used and enforced:

    • 1) Simple security rule (no read up) - Subject cannot read data at a higher level
    • 2) The Star-property rule (no write down) - Subject cannot write data to a lower level
    • 3) Strong star property rule - Subject with read/write – only at same level
  56. Biba Security Model
    • Deals Primarily with INTEGRITY
    • Two main rules used and enforced
    • 1) Star-integrity axiom (no write up) - Subject cannot write data to objects at higher level
    • 2) Simple integrity axiom (no read down) - Subject cannot read data from lower level

    Biba and Bell-LaPadula Model are informational flow models - Concerned with data flowing up or down levels
  57. Clark Wilson Model
    • Addresses all 3 integrity model goals
    • • Prevent unauthorized users from making modifications
    • • Prevent authorized users from making improper modifications (separation of duties)
    • • Maintain internal/external consistency (well-formed transaction)

    Dictacts that subjects can only access objects through applications

    clark wilson - it uses access triple, whic is subject-program-object
  58. dedicated security mode
    a system has only one level of data classification adn all users must have this level of clearance to be able to use the system.
  59. compartmented and multilevel security modes
    enable the system to process data classified at different classification levels
  60. Trust
    Trust - The system uses all of its protection mechanisms properly to process sensitive data for may types of users.

    Assurance - the level of confidence you have in this trust and that the protection mechanisms behave properly in all circumstances predicably.
  61. The Orange Book/ TCSEC
    Trusted Computer System Evaluation Criteria (TCSEC)

    Developed to evaluate systems built to be used mainly by the milatary.

    It was expanded to evalueate other types of products. deals maily with stand-alone systems, so a range of books were written to cover many other topics in security. These books are called the rainbow series
  62. ITSEC vs. TCSEC
    • ITSEC vs. TCSEC
    • ITSEC evaluations the assurancea dn functionality of a system's protection mechanisms seperately.

    TCSEC combines the two into one rating.
  63. The Orange book, D
    The system provides minimal protection and is used for systems that were evaluated but failed to meet the criteria of higher divisions.
  64. The Orange book, C & C2
    deals with discretionary protection (no security labels)

    C2 requires object reuse protection adn auditing
  65. Orange Book B1 & B2
    B1 - first rating that requires security lables.

    B2 - requries security labels for all subjects and devices, the existence of a trusted path, routine covert channel analysis, and the provision of sepearate administrator functionality
  66. The Common Criteria
    The Common Criteria was devleoped to provide globally recognized evaluation criteria and is in use today.

    It combines sections of the TCSEC, ITSEC, CTCPEC, and the Federal Criteria.

    Uses protection profiles and ratings from EAL1 to EAL7 (EAL7 - modeled assurance can be mathematically prove)
  67. Security Architecture Attacks

    Covert Channel - Timing and Storage
    Covert Channel - unintended communication path that transfers data in a way that violates the security policy.

    Timing & storage

    Timing - enables a process to relay information to another process by modulating its use of system resources

    storage - enables a process to write data to a storage medium so another process can read it
  68. Security Architecture Attacks

    A maitenance hook
    A maitenance hook is developed to let a programmer into the application quicly for maitenance. This should be removed before the appplciation goes into proedction .. security risk

    Countermeasures - code review and QA and unit testing
  69. TOC/TOU
    Time-of-check/time-of-use. This is a class of asynchronous attacks.

    • Countermeasures - Do not seperate tasks that can have their sequence altered
    • OS can apply software locks to items - check to see if the user is authorized before it opens a file
  70. Buffer Overflow
    I think I know this one
Card Set
Ch. 5 Security Architecture
Security Architecture