CISC and RISC
Two forms of CPU design
- CISC – Complex Instruction Set Computer ie X86
- RISC – Reduced Instruction Set Computer ie ARM
Memory Addressing
Values maybe stored in multiple locations in memory, including CPU registers and in general RAM.
- Direct
- Indirect – pointer
- Register direct – CPU cache register direct
- Register indirect – CPU cache register pointer
Memory Protection
Memory protection prevents one process from affecting the CIA of another. This is a requirement for secure multiuser and multitasking systems.
Process Isolation
Process isolation is a logical control that attempts to prevent one process from interfering with another. This is common in modern OS such as Windows and Linux. MSDOS does not have this feature. Techniques include virtual memory, object encapsulation and time multiplexing.
Hardware Segmentation
Takes process isolation one step further by mapping processes to specific memory locations. This provides more security than logical process isolation alone.
Virtual Memory
Virtual memory provides address mapping between applications and hardware memory. Virtual memory provides many functions, including multitasking, allowing multiple processes to access the same shared library in memory, swapping and others.
Virtual memory does NOT equal to swapping
Swapping and Paging
Swapping uses virtual memory to copy contents in primary memory (RAM) to or from secondary memory. Swap space is a dedicated partition on disk used to extend the amount of available memory. If a kernel attempts to access a page stored in swap space, a page fault occurs and the page is swapped from disk to RAM. If RAM is used up, swap is consumed. If both are full “thrashing” occurs where large amounts of time is spent copying data between RAM and swap impacting availability.
BIOS
Contains code in firmware that is executed when powered on – POST power on self test. Once POST completes it locates the boot sector where the OS kernel is loaded and executes to boot the OS up.
WORM Storage
Write once ready many storage can only be written once and read many times. CDR, DVDR and some DLT drives support WORM.
Trusted Platform Module
AKA TPM chip is a processor that can provide additional security capabilities at the hardware level. It allows for hardware based cryptographic operations. Security functions can leverage the TPM chip for random number generation, symmetric/asymmetric and hashing algorithms and secure storage of cryptographic keys and message digests.
Common use case includes, ensuring boot integrity by checking for kernel mode root kits. It is commonly associated with full disk encryption by storing the keys that can be used to decrypt the hard drive.
Data execution prevention and address space layout randomization
One of the main goals when attempting to exploit software vulnerabilities is to achieve some form of code execution capability. Ie via Stack or heap based buffer overflow attack. There are two protections against memory corruption attacks:
- DEP – Data Execution Prevention – Enabled in hardware or software attempts to ensure that memory locations not pre-defined to contain executable content will not have the ability to have code executed
- ASLR – Address Space Location Randomization – Decrease likelihood of successful exploitation by making memory addresses employed by the system less preditable
Secure Operating System and Software Architecture
The Kernel
Heart of the OS and runs in ring 0. Provides interface between hardware and rest of OS. The boot sector contains the beginning of the software kernel machine code.
Monolithic Kernel
Compiled into one static executable and entire kernel runs in supervisor mode. All functionality are precompiled. If additional drivers are needed, a recompile is necessary.
Micro Kernel
Modular, and can add functionality via loadable kernel modules which can run in user mode (ring 3).
Reference Monitor
A core function of the kernel is running the reference monitor, which mediates access between subjects and objects. On a Mandatory Access Control (MAC) system, the reference monitor prevents a secret subject from reading a top secret object. It is always enabled and cannot be bypassed.
User and file permissions
Linux and Unix Permissions
