CISSP – Security Architecture & Design 1
See ISO/IEC 42010:2007
Stakeholders of a System
- Users
- Operators
- Maintainers
- Developers
- Suppliers
Minimal Components
- Operating System
- Memory Chip
- Logic Cirquits
- Storage Devices
- Input and Output Devices
- Security Components
- Buses
- Networking Interfaces
- A central processing unit (CPU) is the electronic circuitry within a computer that carries out the instructions of a computer program by performing the basic arithmetic, logical, control and input/output (I/O) operations specified by the instructions.
- Arithmetic logic unit (ALU) Components of the CPU that carries out logic and mathematical functions
- Register Small, temporary memory storage integretet into the CPU
- Control Unit Part of the CPU that oversees the collection of instructions and data from memory
- General registers Temporary memory in the CPU as a "scratchpad" for ALUs
- Special registers Special Registers for Program counters, stack pointer
- Program counter Holds the memory address for the following instructions the CPU need to execute
- Stack Memory segment used by processes to comunicate instructions and data to each other
- Program status word Condition variable that indicates to the CPU what mode (kernel or user) instructions are carries out in
- User mode Protection mode that a CPU works within when carrying out less trusted processes
- Kernel mode Mode that a CPU works within when carrying out more trusted process instructions
- Address bus Physical connections between processing components and memory segments used to communicate the physical memory addresses been used
- Data bus Physical connections between processing components and memory segments used to communicate the data been used
- Symmetric mode multiprocessing When a computer has two or more CPUs and each CPU is been used in a load-balancing method
- Asymmetric mode multiprocessing When a computer has two or more CPUs where one CPU is assigned to a specific CPU
- Process Program loaded in memory within an operating system
- Multi-programming Interleaved execution of more that one process by a single operating system
- Multitasking Simultaneous execution of more that one process by a single operating system
- Cooperative Multitasking Scheduling scheme used by older operating systems to allow for computer resources time slicing. Processes had to much control over resources, which would allow for programs and systems to "hang"
- Preemptive multitasking Newer scheduling scheme
- Process states (ready, running, blocked)
- Interrupts Vaules assigned to computer component (hardware or software) to allow for efficient computer resources time slicing
- Maskable interrupt Interrupt value assigned to a noncritical operating system activity
- Nonmaskable interrupt Interrupt value assigned to a critical operating system activity
- Threat Instruction set generated by a process when it has a specific activity that needs doing.
- Multithreding Is if a process has multiple simultaneous threads working for it
- Software Deadlock Two processes can not complete there task because they are both waiting for resources the other processes holds
- Process isolation is a set of different hardware and software technologies designed to protect each process from other processes on the operating system
- Dynamic Link Library (DLL) A set of subroutines that are shared across applications
- Base register Begin of the address space assigned to a process
- Limit register Ending address space assigned to a process
- Thrashing When a computer spends more time moving data insted of processing
- ROM Nonvolatile memory
- Cache Memory Fast memory type that is used by the CPU
- Buffer Overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.
- Bounds Checking Ensure the inputted data are of an acceptable lenght
- Address space layout randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably jumping to, for example, a particular exploited function in memory, ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries.
- Data execution prevention (DEP) Memory protection mechanism used by operating systems. Memory segments are marked as non-executable.
- Garbage Collection (GC) is a form of automatic memory management. The garbage collector, or just collector, attempts to reclaim garbage, or memory occupied by objects that are no longer in use by the program.
- Ring Protection System
- Application Programming Interface (API) is a set of subroutine definitions, communication protocols, and tools for building software. In general terms, it is a set of clearly defined methods of communication among various components. A good API makes it easier to develop a computer program by providing all the building blocks, which are then put together by the programmer.
- A monolithic kernel is an operating system architecture where the entire operating system is working in kernel space. The monolithic model differs from other operating system architectures (such as the microkernel architecture) in that it alone defines a high-level virtual interface over computer hardware.
- Reference Monitor Concept that defines a set of design requirements of a reference validation mechanism (security kernel)
- Security Kernel Self-contained usually small collection of key security-related statements that (a) works as a part of an operating system to prevent unauthorized access to, or use of, the system and contains criteria that must be met before specified programs can be accessed.
State Machine Models
- In state machine model, the state of a machine is captured in order to verify the security of a system.
- A given state consists of all current permissions and all current instances of subjects accessing the objects. If the subject can access objects only by means that are concurrent with the security policy, the system is secure.
- The model is used to describe the behavior of a system to different inputs. It provides mathematical constructs that represents sets (subjects, objects) and sequences. When an object accepts an input, this modifies a state variable thus transiting to a different state.
Bell–LaPadula Model (BLP)
- Focus: Confidentiality
- No-Read-Up, No-Write-Down
- The Simple Security Property states that a subject at a given security level may not read an object at a higher security level.
- The * (star) Property states that a subject at a given security level may not write to any object at a lower security level.
- The Discretionary Security Property states that use of an access matrix to specify the discretionary access control.
Biba Integrity Model
- Focus: Integrity
- No-Read-Down, No-Write-Up
- The Simple Integrity Property states that a subject at a given level of integrity must not read data at a lower integrity level (read up).
- The * (star) Integrity Property states that a subject at a given level of integrity must not write to data at a higher level of integrity (write down).
- Invocation Property states that a process from below cannot request higher access; only with subjects at an equal or lower level.
Clark–Wilson Model
Focus: Integrity
1:05:00