Shared Flashcard Set

Details

CISSP Security Architecture & Design
Chapter 3 Shon Harris CISSP
139
Computer Science
Not Applicable
09/11/2013

Additional Computer Science Flashcards

 


 

Cards

Term
ISO/IEC 42010:2007
Definition
ISO Standard that outlines the specifications of system architectures
Term
architecture description
Definition
A formal description & representation of a syste,. the components that make it up, the interactions &
Term
ISO/IEC/IEEE 42010
Definition
Updated version of ISO/IEC 42010:2007
Term
Architecture
Definition
Fundamental organization of a system embodied in its components , their relationships to eachother and to the enviornment
Term
Architectural description
Definition
collection of document types to convey an architecture in a formal manner
Term
stakeholder
Definition
individual, team, or organization with interests in, or concerns relative to a system
Term
view
Definition
representation of a whole system from the perspective of a related set of concerns
Term
viewpoint
Definition
Term
computer architecture
Definition
all the parts of the computer system that are necessary for it to function including the OS etc etc.
Term
CPU
Definition
Central Processing Unit
Term
Register
Definition
a temporary storage location
Term
arithmetic logic unit (ALU)
Definition
performs mathematical functions and logical operations on data
Term
control unit
Definition
manages and synchronizes the system while different applications code and OS system instructions are being executed
Term
General registers
Definition
hold variables and temporary results as the ALU works through execution steps
Term
special registers
(dedicated registers)
Definition
hold information such as the program counter, stack pointer, and program status word.
Term
program counter
Definition
a register that contains the memory address of the instruction to be fetched
Term
program status
Definition
holds different condition bits
Term
address bus
Definition
a hardwired connection to the RAM chips and the individual IO devices
Term
symmetric mode
Definition
a mode when the processors are handed work as needed
Term
asymmetric mode
Definition
a mode when a processor is in a dedicated state
Term
ISO/IEC 42010:2007
Definition
International standard that provides guidelines on how to create and maintain system architectures
Term
Process
Definition
A program loaded in memory within an operating system
Term
multiprogramming
Definition
interleaved execution of more than one program
Term
multitasking
Definition
simultaneous execution of more than one program or task by an OS
Term
cooperative multitasking
Definition
multitasking scheme used by older systems to allow for computer resource time slicing
Term
preemptive multitasking
Definition
multitasking scheduling scheme used by NEWER OS to allow for computer resource slicing. Used in newer, more stable OS
Term
process states
(ready, running, blocked)
Definition
processes can be in various activity levels
Read- waiting for input
Running- instruction being run
Blocked- process suspended
Term
interupts
Definition
values assigned to computer components to allow for efficient computer resource time slicing
Term
maskable interupt
Definition
interrupt value assigned to a noncritical OS activity
Term
nonmaskable interrupt
Definition
interrupt value assigned to a critical OS activity
Term
multithreading
Definition
application that can carry out multiple activities simultaneously by generating different instruction sets
Term
software deadlock
Definition
two processes cannot complete their activities because they are both waiting for system resources to be released
Term
process isolation
Definition
protection mechanism provided by OS that can be implemented as encapsulation
Term
dynamic link libraries
Definition
a set of subroutines that are shared by different applications and OS processes
Term
base registers
Definition
beginning of address space assigned to a process. Ensures a process does not make a request outside its assigned memory boundary
Term
limit registers
Definition
ending of address space assigned to a process
Term
hardware segmentation
Definition
physically mapping software to individual memory segments
Term
cache memory
Definition
fast and expensive memory type used by CPU to increase reading and writing
Term
absolute addresses
Definition
hardware addresses used by the cpu
Term
logical address
Definition
indirect addressing used by proceses within an OS. Memory manager carries this out
Term
stack
Definition
memory construct that is made up of individually addressable buffers. This is also how process communication takes place
Term
buffer overflow
Definition
too much data is put into the buffers. Common attack vector used by hackers to run malicious code
Term
ASLR
Definition
address space layout randomization
Term
ASLR
Definition
memory protection mechanism used by some OSs. addresses used by components or a process are randomize to make it harder for attachers
Term
data execution prevention
Definition
(DEP)
memory protection mechanism used by some OS. Mem Segments may be marked nonexecutable so that they cannot be misused
Term
garbage collector
Definition
a tool that marks unused memory segments as usable to ensure that an OS does not run out of memory
Term
virtual memory
Definition
combination of main memory (RAM) and secondary memory within an OS
Term
interrupt
Definition
software or hardware signal that indicates that system resources are needed for instruction processing
Term
instruction set
Definition
set of operations and commands that can be implemented by a particular CPU
Term
microarchitecture
Definition
specific design of a microprocessor which includes physical components.
Term
application programming interface
Definition
software interface that enables process-to-process interaction. A common way to provide access to standard routines to a set of software programs
Term
application programming interface
Definition
software interface that enables process-to-process interaction. A common way to provide access to standard routines to a set of software programs
Term
monolithic operating system architecture
Definition
all the code of an OS working in kernel mode in an adhoc or non modularized manner.
Term
data hiding
Definition
use of segregation in design decisions to protect software components from negatively interacting with eachother.
Term
microkernel architecture
Definition
reduced amount of code running in kernel mode carrying out critical OS functionality
Term
hybrid microkernel architecture
Definition
combination of monolithic and microkernel architectures.
Term
mode transition
Definition
when the CPU has to change from processing code in user mode to kernel mode. A protection measure that causes a performance hit.
Term
virtualization
Definition
creation of simulated enviornments that allow for central control and scalability
Term
hypervisor
Definition
central program used to manage virtual machines (guests) within a simulated enviornment (host)
Term
security policy
Definition
a strategic tool used to dictate how sensitive information and resources are to be managed and protected.
Term
trusted computing base
Definition
a collection of all the hardware, software, and firmware components within a system that provide security and enforce security policy.
Term
trusted path
Definition
trustworthy software channel that is used for communication between two processes that cannot be circumvented.
Term
security perimeter
Definition
mechanism used to delineate between the components within and outside of the trusted computing base.
Term
reference monitor
Definition
concept that defines a set of design requirements of a reference validation mechanism.
Term
security kernel
Definition
hardware, software and firmware components that fall within the TCB and implement and enforce the reference monitor concept.
Term
multilevel security policies
Definition
Policies that outline how a system can simultaneously process information at different classifications for users with different clearance levels
Term
Bell Lapadula model
Definition
first mathematical model of a multilevel security policy that defines the concept of a secure state and necessary modes of access.
Term
Bell Lapadula
Definition
a model that also ensures that information only flows in a manner that does not violate the system policy and is confidentiality focused.
Term
simple security rule
Definition
Bell Model Rule
Subject cannot read data at a higher security level
NO READ UP
Term
*-property rule
Definition
Bell Model
A subject cannot write to an object at a lower security level
NO WRITE DOWN
Term
strong star property rule
Definition
Bell Model
Subject can perform read and write functions only to the objects at its same security level
Term
Biba Model
Definition
a formal state transition model that describes a set of access control rules designed to ensure data integrity
Term
simple integrity axiom
Definition
biba model
subject cannot read data at a lower integrity level
NO READ DOWN
Term
*-integrity axiom
Definition
bell model
a subject cannot modify an object in a higher integrity level
NO WRITE UP
Term
clark wilson model
Definition
integrity model implemented to protect the integrity of data and ensures properly formatted transactions take place. has 3 goals of integrity
Term
1st rule of clark wilson
Definition
clark wilson rule
subjects can access objects only through authorized programs (access triple)
Term
2nd rule of clark wilson
Definition
clark wilson model
separation of duties is enforced
Term
3rd rule of clark wilson
Definition
clark wilson model
auditing is required
Term
information flow model
Definition
model in which information is restricted in its flow to only go to and from entities in a way that does not negate or violate the security policy
Term
non-interference model
Definition
A formal multi-level security model that states the commands and activities performed at one security level should not be seen by, or affect, subjects or objects at a different security level.
Term
brewer and nash model
Definition
security model that allows for dynamically changing access controls that protect against conflicts of interest. Also known as the chinese wall model
Term
graham-denning model
Definition
a security model that shows how subjects and objects should be created and deleted. Also addresses how to assign specific access rights.
Term
harrison-ruzzo-ullman model
Definition
security model that shows how a finite set of procedures can be available to edit the access rights of a subject.
Term
assurance evaluation criteria
Definition
a checklist and process of examining the security relevant parts of a system and assigning the system an assurance rating.
Term
TCSEC
Definition
Trusted Computer System Evaluation Criteria
Term
TCSEC
Definition
Also know as the Orange Book
Term
Orange Book
Definition
US DOD standard used to asses the effectiveness of the security controls built into a system. Replaced by the common criteria
Term
ITSEC
Definition
information technology security evaluation criteria
Term
ITSEC
Definition
european standard used to assess the effectiveness of security controls built into a system from functional and assurance perspectives.
Term
common criteria
Definition
international standard used to assess the effectiveness of the security controls built into a system from functional and assurance perspectives
Term
certification
Definition
a technical evaluation of the security components and their compliance to a predefined security policy for the purpose of accreditation.
Term
accreditation
Definition
the formal acceptance of the adequacy of a system's overall security by management.
Term
open system
Definition
A system design that is built upon accepted standards to allow for interoperability
Term
closed system
Definition
a system type that is built upon proprietary procedures, which inhibit interoperability capabilities.
Term
maintenance hooks
Definition
Code within software that provides a back door entry capability
Term
Tim-of-check/time-of-use
Definition
TOC/TOU
Term
TOC/TOU attack
Definition
when an attacker manipulates the "condition check" step and the "use" step within software to allow for unauthorized activity.
Term
race condition
Definition
When two or more processes attempt to carry out their activity on one resource at the same time. Unexpected behavior can be expected.
Term
lattice model
Definition
a model that provides an upper bound and a lower bound of authorized access for subjects
Term
common criteria
Definition
uses protection profiles, security targets and ratings (EAL1 to EAL7)
Term
Common criteria
Definition
combines sections of TCSEC, ITSEC, CTCPEC and the Federal Criteria
Term
ITSEC
Definition
Evaluates the assurance and functionality of a system's protection mechanism seperately.
Term
TCSEC
Definition
Evaluates assurance and functionality of a system and places them within one rating.
Term
Bell Lapadula
Definition
Security Model used mainly in military and govt. oriented systems.
Term
Biba and Clark Wilson
Definition
2 Security models that are used mainly in the commercial sector
Term
Accreditation
Definition
The final step in authorizing a system for use in an environment
Term
Maintenance hooks
Definition
a feature that enables code to be executed without the usual security checks
Term
International Use
Definition
The ITSEC was developed for
Term
Covert storage channel
Definition
a channel that enables a process to write data to a storage medium so another process can read it.
Term
covert timing channel
Definition
a channel that enables a process to relay information to another process by modulating its use of system resources.
Term
ISO/IEC 15408
Definition
International standard that is used as the basis for the evaluation of security properties of products under the CC framework.
Term
Process isolation
Definition
Ensures that multiple processes can run concurrently and the processes will not interfere with eachother
Term
Biba Model
Definition
Security model that address the first goal of integrity- which is to prevent unauthorized users from making modifications.
Term
Clark-Wilson model
Definition
security model that addresses all 3 integrity goals:
1. Prevent unauthorized users from making mods.
2. Prevent authorized users from making improper mods.
3.Maintain internal and external consistency.
Term
Swapping
Definition
Process of copying an entire process to or from disk
Term
static ram SRAM
Definition
expensive and fast memory that uses small latches called "Flip-Flops" to store bits.
Term
dynamic random access memory DRAM
Definition
Memory that stores bits in small capacitors and is slower and cheaper
Term
abstraction
Definition
A method that hides unnecessary details from a user
Term
Northbridge
Definition
CPU visual design that connects the CPU to RAM and Video Controller
Term
Southbridge
Definition
visual CPU design that connects Input/Output devices directly to CPU. slower
Term
Transparent Virtualization
Definition
"Full Virtualization"
Runs stock OS like windows and Ubuntu Linux. No changes to the guest OS are required.
Term
Paravirtualization
Definition
Virtualization that runs specially modified OS with modified Kernel system calls.
Term
ParaVirtualization
Definition
A more efficient virtualization option
Term
IaaS
Definition
Infrastructure as a service
cloud service
Linux server hosting
Term
PaaS
Definition
platform as a service
cloud computing
webservice hosting
Term
SaaS
Definition
software as a service
cloud computing
webmail
Term
Macro Virus
Definition
Type of virus written in macro language(ms office or excel)
Term
boot sector virus
Definition
virus that infects the boot sector of a pc. ensures that the virus loads at startup
Term
stealth virus
Definition
virus that hides itself from the OS and other protective software such as an antivirus software.
Term
polymorphic virus
Definition
virus that changes its signature upon infection of a new system.
evades signature based antivirus software.
Term
multipartite virus
Definition
virus that spreads via multiple sectors, also called multipart.
Term
EAL1
Definition
common criteria level
functionally tested
Term
eal2
Definition
common criteria
structurally tested
Term
eal3
Definition
common criteria
methodically tested and checked
Term
eal4
Definition
common criteria
methodically designed, tested, and reviewed
Term
eal5
Definition
common criteria
semiformally designed and tested
Term
eal6
Definition
common criteria
semiformally verified design and tested
Term
eal7
Definition
common criteria
formally verified design and tested
Term
verified protection
mandatory protection
discretionary protection
minimal security
Definition
TCSEC
Supporting users have an ad free experience!