Security Vulnerabilities – Assess and Mitigate
Computer architecture is an engineering discipline concerned with the design
and construction of computing systems at a logical level.
A more complex system provides less assurances because there are more
areas of vulnerability
Execution Types: as processing power is increased, users demand more
advanced features to enable these systems to process info at greater rates
Multi-tasking
o Means handling 2 or more tasks at the same time
Multicore
o Most CPU's are multicore - instead of a single CPU or chip, it now
has 2, 4, 8, or dozens of independent execution cores that can
operate at the same time
Multi-processing
o 1 or more CPU harness the power of the more than one processor
to complete the execution of multithreaded application
Multi-programming
o Similar to multi-tasking - involves the pseudo-simultaneous
execution of 2 tasks on a single processor - a way to batch
multiple processes
Multi-threading
o Permits multiple concurrent tasks to be performed within a single
process
Processing Types - high security systems control the processing of
information assigned to various security levels, like classification levels of
unclassified, top secret, secret, confidential information - they must be
designed to do that function to maintain confidentiality and not accidently
disclose information
Single State - require the use of policy mechanisms to manage
information at different levels - one security level at a time
1
, Multi-State - systems capable of implementing a much higher level of
security - certified to handle multiple security levels at the same time -
uncommon
Protection Mechanisms - operates a runtime environment, if working, that
represents the combination of the operating system and whatever
applications may be active - can access files and other data based on
security permissions allowed
Protection Rings - organize code and components in an operating system into
concentric rings the deeper into the circle you go, the high priv level
associated with the code that occupies a specific ring
Essence of the ring model lies in priority, privilege, and memory
segmentation
For security - the ring model enables an operating system to protect and
insulate itself from users and applications - permits the enforcement of
boundaries between high priv operating components (kernel) and less priv
parts, like drivers and utilities
Process states - operating states are various forms of execution in which a
process may run
Ready - process is ready to resume or begin processing as soon as it is
scheduled for execution
Waiting - waiting for a resource - process is ready for continued
execution but is waiting for a device or request (an interrupt) to be
serviced before it can continue processing
Running - process executes on the CPU and keeps going until it is
finished or slice time expires or is blocked
Supervisory - used when the process must perform an action that
requires privileges that are greater than the problem states set of
2
Computer architecture is an engineering discipline concerned with the design
and construction of computing systems at a logical level.
A more complex system provides less assurances because there are more
areas of vulnerability
Execution Types: as processing power is increased, users demand more
advanced features to enable these systems to process info at greater rates
Multi-tasking
o Means handling 2 or more tasks at the same time
Multicore
o Most CPU's are multicore - instead of a single CPU or chip, it now
has 2, 4, 8, or dozens of independent execution cores that can
operate at the same time
Multi-processing
o 1 or more CPU harness the power of the more than one processor
to complete the execution of multithreaded application
Multi-programming
o Similar to multi-tasking - involves the pseudo-simultaneous
execution of 2 tasks on a single processor - a way to batch
multiple processes
Multi-threading
o Permits multiple concurrent tasks to be performed within a single
process
Processing Types - high security systems control the processing of
information assigned to various security levels, like classification levels of
unclassified, top secret, secret, confidential information - they must be
designed to do that function to maintain confidentiality and not accidently
disclose information
Single State - require the use of policy mechanisms to manage
information at different levels - one security level at a time
1
, Multi-State - systems capable of implementing a much higher level of
security - certified to handle multiple security levels at the same time -
uncommon
Protection Mechanisms - operates a runtime environment, if working, that
represents the combination of the operating system and whatever
applications may be active - can access files and other data based on
security permissions allowed
Protection Rings - organize code and components in an operating system into
concentric rings the deeper into the circle you go, the high priv level
associated with the code that occupies a specific ring
Essence of the ring model lies in priority, privilege, and memory
segmentation
For security - the ring model enables an operating system to protect and
insulate itself from users and applications - permits the enforcement of
boundaries between high priv operating components (kernel) and less priv
parts, like drivers and utilities
Process states - operating states are various forms of execution in which a
process may run
Ready - process is ready to resume or begin processing as soon as it is
scheduled for execution
Waiting - waiting for a resource - process is ready for continued
execution but is waiting for a device or request (an interrupt) to be
serviced before it can continue processing
Running - process executes on the CPU and keeps going until it is
finished or slice time expires or is blocked
Supervisory - used when the process must perform an action that
requires privileges that are greater than the problem states set of
2
