CISSP Domain 3 Security Engineering – Part 1 – Security Architecture Cheat Sheet

Secure System Design Concepts

Layering

Layering separates hardware and software functionality into modular tiers. Examples include saving a file to disk, one layer is not directly affected by a change to another, drive writes has no effect on an application that saves the file. Another example is the OSI network model.

Abstraction

Abstraction hides unnecessary details from the user. Example, when a user double clicks to play a MP3, the user simple presses play. All the low level interactions involved in the processing behind the scenes are abstracted from the user.

Security Domains

A security domain is a list of objects a subject is allowed to access. Ex. Confidential, Secret and Top secret are security domains used by DoD. Ex. Modern OS – Kernel mode and user mode separates domains where users interactions in the user mode should not affect processes in the kernel mode.

Ring Model

The ring model is a form of CPU hardware layering that separates and protects domains (such as Kernel mode and user mode) from each other.

• Ring 0 : Kernel
• Ring 1: Other OS components that do not fit into Ring 0
• Ring 2: Device Drivers
• Ring 3: User Applications

Processes communicate between the rings via system calls, which allow processes to communicate with the kernel and provide a window between the rings.

While x86 CPUs have four rings – the usage is theoretical. Linux and Windows users rings 0 and 3 only opting for simplicity and speed. A new mode called hypervisor mode (informally called “ring -1” allows virtual guests to operate in ring 0 controlled by the hypervisor one ring below.

Open and closed System

An open system uses open hardware and standards. A closed system uses proprietary hardware or software. Ex. IBM PC is open system.

Secure Hardware Architecture

The system unit and motherboard

• System Unit – The computer case within it the motherboard, disk, power supply etc.
• Motherboard – Contains hardware CPU, memory slots, firmware, PCI slots

The Computer Bus

The computer bus is is the primary communication channel on the computer system. Communication between the CPU, memory, and input/output devices such as keyboard, mouse display etc. occur via the bus.

North Bridge and South Bridge

• North Bridge – Memory Controller Hub (MCH) connects CPU, RAM and Video Memory
• South Bridge – I/O Controller Hub (ICH) connects the input/output devices such as disk, CD drive, keyboard, mouse

The CPU

The central processing unit CPU is the brains of the computer, performs mathematical calculations, logical operations, accessing memory locations by address etc.

Arithmetic Logic and Control Unit

ALU performs mathematical calculations “it computes”. It is fed instructions by the control unit CU which acts as a traffic cop sending instructions to the ALU.

Fetch & Execute

CPUs fetch machine language instructions and execute them. The fetch and execute (fetch, decode, excecute FDX) process takes four steps:

1. Fetch Instruction
2. Decode Instruction
3. Execute Instruction
4. Write (save) result

These four steps take one clock cycle to complete

Pipelining

Pipeling combines multiple combines multiple steps into one combined process, allowing simultaneous fetch, decode, execute and write steps for different instructions increasing throughput.

Interrupts

An interrupt indicates that an asynchronous event has occurred. CPU interrupts are a form of hardware interrupt that cause the CPU to stop processing it’s current task, save the state and being processing a new request. When the new task is complete the CPU will complete the prior task.

Processes and Threads

• Process – Executable program and it’s associated data loaded and running in memory. States include:
  • New – A process being created
  • Ready – Process waiting to be executed by the CPU
  • Running – Process being executed by the CPU
  • Blocked – waiting for I/O
  • Terminate – A completed process
  • Zombie – A child process whose parent is terminated
• Heavy Weight Process – HWP is a task
• Threads – Parent process spawn lightweight process (LWP) – Able to share memory resulting in lower overhead compared to HWP

Multitasking and Multiprocessing

• Mutlitasking – allows multiple tasks (heavy weight processes) to run simultaneously on one CPU
• Multiprocessing – runs multiple process on multiple CPU. Symmetric multiprocessing SMP have one OS to manage all CPUs and Asymmetric Multiprocessing AMP have one OS image per CPU.
• Watchdog Timers – is designed to recover a system by rebooting after critical process hangs or crash. It reboots the system when it reaches 0, critical operating system processes continually reset the timer so it never reaches 0. If a critical process hangs or crash they no longer reset the timer which reaches – and the system reboots