Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
89 Cards in this Set
- Front
- Back
|
Organization of the fundamental elements comprising the computer
Main components CPU – Central Processing Unit Memory Input / Output devices |
Computer Architecture
|
|
|
is a framework for enterprise architecture, which provides a formal and highly structured way of viewing and defining an enterprise
|
Zachman Framework
|
|
|
is a framework and methodology for Enterprise Security Architecture and Service Management. It was developed independently from the Zachman Framework, but has a similar structure
|
SABSA (Sherwood Applied Business Security Architecture)
|
|
|
OSI second part, about secure communications, not an implementation
|
ISO 7498-2:1989
|
|
|
systems and software engineering; practice for architectural description of sotware intensice systems
|
ISO/IEC 42010:2007
|
|
|
is a reference model to organize the enterprise architecture (EA) and systems architecture into complementary and consistent views
|
Department of Defense Architecture Framework (DoDAF)
|
|
|
cpu is either idle because there is no input or its waiting for anothr process to run
|
ready state
|
|
|
cpu is executing
|
running
|
|
|
unable to run until an external event occurs, waiting for input
|
blocked
|
|
|
is a hardware interrupt that may be ignored by setting a bit in an interrupt mask register's (IMR) bit-mask
|
masked/inerruptable
|
|
|
is a device that modulates an analog carrier signal to encode digital information, and also demodulates such a carrier signal to decode the transmitted information
|
Modem
|
|
|
is a computer hardware component designed to allow computers to communicate over a computer network
|
network interface controller (NIC)
|
|
|
is a network card which connects to a radio-based computer network
|
wireless network interface controller (WNIC)
|
|
|
a term sometimes used to denote the fixed, usually rather small, programs that internally control various electronic devices
|
firmware
|
|
|
permits multiple concurrent tasks to be performed within a single process
|
Multithreading
|
|
|
the apparent simultaneous performance of two or more tasks by a computer's central processing unit
|
multitasking
|
|
|
simultaneous execution if two or more programs by a computer; parallel processing by two or more processors of a multiprocessor
|
multiprocessing
|
|
|
computer with two or more processors having common access to main storage
|
multiprocessor
|
|
|
two processors on a single chip
|
multi core
|
|
|
standards-based interfaces
|
open systems
|
|
|
proprietary interfaces
|
closed systems
|
|
|
processing at two levels is permitted through some form of user authentication and authorization
|
multilevel systems
|
|
|
a single purpose computer typically program to perform a dedicated function
|
embedded systems
|
|
|
a software based architecture that provides translation or communication services for applications
|
middleware
|
|
|
very high-speed storage structures built into the CPU chip set and often used to stire timing and state information
|
registers
|
|
|
a very fast memory directory on the CPU chip body; not upgradeable
|
cache
|
|
|
the programmer does not know where the program will be placed in memory
|
relocation
|
|
|
processes should not be able to reference memory locations in another process without permission
|
protection
|
|
|
allows several processes to accesses the same portion of memory
|
sharing
|
|
|
references to a memory location that is independent on of the current assignment of data to memory
|
logical memory addressing
|
|
|
address expressed as a location relative to a known point
|
relative memory addressing
|
|
|
the absolute address or actual location
|
physical memory addressing
|
|
|
memory reference, different data classes, users can share access, and users cannot generate addresses
|
memory protection benefits
|
|
|
extends apparent memory; paging includes - splitting physical memory, spillting programs (processes), allocating the required number page files, swapping
|
virtual memory
|
|
|
mimic the architecture of the actual system system, provided by the operating system
|
virtual maachines
|
|
|
a simple, cost effective solution to the challenge of having limited hard drive space spread across many devices on the client network
|
nas
|
|
|
is a complex, expensive solution to offer large capacity storage for servers over high speed (usually fiber links)
|
san
|
|
|
a server chassis housing multiple thin modular electronic circuit boards
|
blade server
|
|
|
a global mesh of collaborative services; more flexible architecture, integration of existing applications, improved data intergration - must have high bandwith and availability
|
SOA Service Oriented Architecture
|
|
|
to much data in preallocated space
|
buffer overflow
|
|
|
based on the Honeywell Multics Operating System architecture, portrayed by a set of concentric numbered rings
|
ring protection
|
|
|
processes that operate at different layers within a system which must communicate through interfaces
|
layering
|
|
|
means the outside software components will not know how a process works and not be able to manipulate internal code
|
data hidiing
|
|
|
improves...
object's integrity, prevents interaction, independent states, allows independent states |
process isolation
|
|
|
encapsulation of objects, time multiplexing if shared resources, naming distinctions, and virtual mapping
|
process isolation methods
|
|
|
enforces securtiy policy
Monitors: process activation, execute domain switching, memory protection, input/output operations |
trusted computing base
|
|
|
abstract machine concept - must be tamperproof, always invoked, & verifiable
|
reference monitor concept
|
|
|
the hardware, firmware and software elements of a Trusted Computing Base the implement the reference monitor - Checks every process - Enforces least privilege - Verify acceptable
|
security kernel
|
|
|
active entities - includes users, programs, processes, logon identifiers
|
subjects
|
|
|
passive entities - inlcudes files, programs, instructions, data, hardware
|
objects
|
|
|
hierarchial state machine model, three fundamental modes, secure state, defines access rules; formed the basis for TCSEC Orange Book; addresses confidentiality, information flow, & non-interference
|
Bell-LaPadula Confidentiality Model
|
|
|
if you have read access you can only read at your classification level and below it; you cannot read data at a higher level
|
simple security model
|
|
|
a subject at a given security level must not write to any object at a lower security level (no write-down).
|
Bell LaPadula Star Property
|
|
|
subjects may write to objects with only a matching security level
|
Bell LaPadula Strong * Property
|
|
|
a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity.
|
Biba Integrity Model
|
|
|
states that a subject at a given level of integrity may not read an object at a lower integrity level (no read down).
|
Biba Simple Integrity Axiom
|
|
|
states that a subject at a given level of integrity must not write to any object at a higher level of integrity (no write up)
|
Biba * (star) Integrity Axiom
|
|
|
retricts the abilty of a user to request a service or execute a process which resides at a higher level of integrity than the user
|
Biba Invocation Property
|
|
|
addresses all three integrity goals; defines well-formed transactions; seperation of duties
|
Clark and Wilson Integrity Model
|
|
|
maintain external and internal consistency, prevents authorized people from making unathurorized modification, prevents unauthorized person from making unauthorized modification
|
triple access
|
|
|
states that a subject at a given level of integrity may not read an object at a lower integrity level (no read down).
|
Clark Wilson Simple Integrity Axiom
|
|
|
states that a subject at a given level of integrity must not write to any object at a higher level of integrity (no write up).
|
Clark Wilson * (star) Integrity Axiom
|
|
|
flow model used to detect covert channels; how data goes and moves
|
Information Flow Model
|
|
|
model which isolates processes
|
non-interfernec model
|
|
|
variablely defined states model
|
graham-denning model
|
|
|
model proven that every possible combination of rules cannot break into an insecure state
|
harrison-ruzzo-ullman result
|
|
|
This security model, also known as the Chinese wall model, was designed to provide controls that mitigate conflict of interest in commercial organizations, and is built upon an information flow model; Chinesse Wall
|
brewer nash model
|
|
|
stars write simple people read
|
star & simple properties
|
|
|
don't drink and drive or you'll smash into the wall; introduced the idea of mutual exclusivity
|
Brewer-Nash Model
|
|
|
evaluates confidentiality USA centric; establishes different levels
|
TCSEC (Orange Book)
|
|
|
evaluates availabilty, functionality, & integrity
|
ITSEC
|
|
|
normal established level (secure) in Orange Book
|
Orange Book C2
|
|
|
origins, ISO, documents, EAL 1-7, PP, TOE, ST
|
Common Criteria
|
|
|
what the consumer wants; general set of security requirements
|
Protection Profile
|
|
|
the piece of equipment; a set of software, firmware and/or hardware to be evaluated
|
Target of Evaluation (TOE)
|
|
|
what the product will do; contains IT objectives and requirements of a specific TOE
|
Security Target
|
|
|
normal evaluated standard
|
EAL 4
|
|
|
a measure of the confidentiality, integrity, and availibilty that a system provides
|
Evaluation Assurance Level
|
|
|
framework about security management
|
ISO27001
|
|
|
framework about managing the quality or process;deliverables
|
ITIL
|
|
|
framework about indentifying and managing risk finance/fraud
|
COSO
|
|
|
framework about maturing these process; five levels of security; bottom level unreliable/initial
|
CMMI.
|
|
|
CMMI level procedure induced
|
CMMI 2
|
|
|
CMMI level project characterized for organization
|
CMMI 3
|
|
|
CMMI level process measured and controlled
|
CMMI 4
|
|
|
CMMI level focuses on continuous process improvement
|
CMMI 5
|
|
|
in software engineering and organizational development is a process improvement approach that provides organizations with the essential elements for effective process improvement. It can be used to guide process improvement across a project, a division, or an entire organization
|
Capability Maturity Model Integration (CMMI)
|
|
|
framework which identifies a business problem and then finds a solution;
|
SABSA
|
|
|
security target; pp
|
pp
|
