• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/337

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

337 Cards in this Set

  • Front
  • Back
Define security policy
is a statement that outlines how entities access each other, what operations different entities can carry out, what level of protection is required for a system or software product, and what actions should be taken when these requirements are not met. The policy outlines the expectations that the hardware and software must meet to be considered in compliance.
Define security model
security policy dictates that all users must be identified, authenticated, and authorized before accessing network resources, the security model might lay out an access control matrix that should be constructed so it fulfills the requirements of the security policy.
What is the The central processing unit (CPU)
the brain of a computer. In the most general description possible, it fetches instructions from memory and executes them. Although a CPU is a piece of hardware, it has its own instruction sets (provided by the operating system) that are necessary to carry out its tasks.
what is Scalable Processor Architecture (SPARC
is a type of Reduced Instruction Set Computing (RISC) chip developed by Sun Microsystems. SunOS, Solaris, and some Unix operating systems have been developed to work on this type of processor.
What is the function of the control unit
Manages and synchronizes the system while different applications’ code and operating system instructions are being executed. The control unit is the component that fetches the code, interprets the code, and oversees the execution of the different instruction sets. It determines what application instructions get processed and in what priority and time slice.
define General registers
are used to hold variables and temporary results as the ALU works through its execution steps. The general registers are like the ALU’s scratch pad, which it uses while working.
what are Special registers
(dedicated registers) hold information such as the program counter, stack pointer, and program status word (PSW).
what is the program counter
the register that contains the memory address of the next instruction to be fetched. After that instruction is executed, the program counter is updated with the memory address of the next instruction set to be processed. It is similar to a boss and secretary relationship.
works as a traffic cop, indicating when instructions are sent to the processor
The control unit
Each process has its own stack what is the fuction of a stack
is a data structure in memory that the process can read from and write to in a last in, first out (LIFO) fashion. Let’s say you and I need to communicate through a stack. What I do is put all of the things I need to say to you in a stack of papers.
NOTE The traditional way of explaining how a stack works is to use the analogy of stacking up trays in a cafeteria. When people are done eating, they place their trays on a stack of other trays, and when the cafeteria employees need to get the trays for cleaning, they take the last tray placed on top and work down the stack. This analogy is used to explain how a stack works in the mode of “last in, first out.” The process being communicated to takes the last piece of data the requesting process laid down from the top of the stack and works down the stack.
NOTE The traditional way of explaining how a stack works is to use the analogy of stacking up trays in a cafeteria. When people are done eating, they place their trays on a stack of other trays, and when the cafeteria employees need to get the trays for cleaning, they take the last tray placed on top and work down the stack. This analogy is used to explain how a stack works in the mode of “last in, first out.” The process being communicated to takes the last piece of data the requesting process laid down from the top of the stack and works down the stack.
what is program status word (PSW)
holds different condition bits. One of the bits indicates whether the CPU should be working in user mode (also called problem state) or privileged mode (also called kernel or supervisor mode).

Note

The crux is to how operating systems protect themselves. They need to protect themselves from applications, utilities, and user activities if they are going to provide a stable and safe environment. One of these protection mechanisms is implemented through the use of these different execution modes. If the PSW has a bit value that indicates the instructions to be executed should be carried out in privileged mode, this means a trusted process (an operating system process) made the request and can have access to the functionality that is not available in user mode.
When an application needs the CPU to carry out its instructions, the CPU works what mode
user mode.
Note:

user mode has a lower privilege level, and many of the CPU’s instructions and functions are not available to the requesting application. The reason for the extra caution is that the developers of the operating system do not know who developed the application or how it is going to react, so the CPU works in a lower privileged mode when executing these types of instructions. By analogy, if you are expecting visitors who are bringing their two-year-old boy, you move all of the breakables that someone under three feet can reach. No one is ever sure what a two-year-old toddler is going to do, but it usually has to do with breaking something. An operating system and CPU are not sure what applications are going to attempt, which is why this code is executed in a lower privilege
Note:

The CPU is connected to an address bus, which is a hardwired connection to the RAM chips in the system and the individual input/output (I/O) devices. Memory is cut up into sections that have individual addresses associated with them. I/O devices (CD-ROM, USB device, hard drive, floppy drive, and so on) are also allocated specific unique addresses.
Some specialized computers have more than one CPU, for increased performance. An operating system must be developed specifically to be able to understand and work with more than one processor. If the computer system is configured to work in symmetric mode, this means the processors
are handed work as needed It is like a load-balancing environment. When a process needs instructions to be executed, a scheduler determines which processor is ready for more work and sends it on.
If a processor is going to be dedicated for a specific task or application, all other software would run on a different processor. For example, CPU 4 is dedicated to one application and its threads, while CPU 3 is used by the operating system. When a processor is dedicated as in this example, the system is working in mode
asymmetric mode.
if a computer computer has some type of time-sensitive application that needs its own personal processor what is the best mode to run in
asymmetric mode.
what is a process
is the set of instructions that is actually running. A program is not considered a process until it is loaded into memory and activated by the operating system. When a process is created, the operating system assigns resources to it, such as a memory segment, CPU time slot (interrupt), access to system application programming interfaces (APIs), and files to interact with. The collection of the instructions and the assigned resources is referred to as a process.
what is multiprogramming
means that more than one program (or process) can be loaded into memory at the same time. This is what allows you to run your antivirus software, word processor, personal firewall, and e-mail client all at the same time. Each of these applications runs as one or more processes.
NOTE
Many resources state that today’s operating systems provide multiprogramming and multitasking. This is true, in that multiprogramming just means more than one application can be loaded into memory at the same time.
note multiprogramming was replaced by multitasking, which means more than one application can be in memory at the same time and the operating system can deal with requests from these different applications simultaneously.
what is Cooperative multitasking
used in Windows 286, 3.x, and early Macintosh systems, required the processes to voluntarily release resources they were using. This was not necessarily a stable environment, because if a programmer did not write his code properly to release a resource when his application was done using it, the resource would be committed indefinitely to his application and thus be unavailable to other processes.
preemptive multitasking
used in Windows 9x, NT, 2000, XP, and in Unix systems, the operating system controls how long a process can use a resource. The system can suspend a process that is using the CPU and allow another process access to it through the use of time sharing.
Unix and Linux systems allow their processes to create new children processes, which is referred to as
forking
running state
CPU is executing its instructions and data
ready state
waiting to send instructions to the CPU
blocked state
waiting for input data, such as keystrokes from a user
NOTE Not all operating systems create and work in the process hierarchy like Unix and Linux systems. Windows systems do not fork new children processes, but instead create new threads that work within the same context of the parent process.
NOTE
he operating system keeps a process table, which has one entry per process. The table contains each individual process’s state, stack pointer, memory allocation, program counter, and status of open files in use. The reason the operating system documents all of this status information is that the CPU needs all of it loaded into its registers when it needs to interact with
How does a process know when it can communicate with the CPU
by using interrupts
note

An operating system fools us, and applications, into thinking it and the CPU are carrying out all tasks (operating system, applications, memory, I/O, and user activities) imultaneously. In fact, this is impossible. Most CPUs can do onlyone thing at a time. So the system has hardware and software interrupts. When a device needs to communicate with the CPU, it has to wait for its interrupt to be called upon.The same thing happens in software. Each process has an interrupt assigned to it. It is like pulling a number at a customer service department in a store. You can’t go up to the counter until your number has been called out.
NOTE

Some critical processes cannot afford to have their functionality interrupted by another process. The operating system is responsible for setting the priorities for the different processes. When one process needs to interrupt another process, the operating system compares the priority levels of the two processes to determine if this interruption should be allowed.
What are the two categories of interrupts
maskable and non-maskable
define maskableinterrupt
is assigned to an event that may not be overly important and the programmer can indicate that if that interrupt calls, the program does not stop what it is doing. This means the interrupt is ignored.
what are Non-maskable interrupts
can never be overridden by an application because the event that has this type of interrupt assigned to it is critical. As an example, the reset button would be assigned a non-maskable interrupt. This means that when this button is pushed, the CPU carries out its instructions right away.
define watchdog timer
an example of a critical process that must always do its thing.This process will reset the system with a warm boot if the operating system hangs and cannot recover itself. For example, if there is a memory management problem and the operating system hangs, the watchdog timer will reset the system. This is one mechanism that ensures the software provides more of a stable environment.
note

a process is a program in memory. More precisely, a process is the program’s instructions and all the resources assigned to the process by the operating system. It is just easier to group all of these instructions and resources together and control them as one entity, which is a process. When a process needs to send something to the CPU for processing, it generates a thread. A thread is made up of an individual instruction set and the data that must be worked on by the CPU.
note

A program that has been developed to carry out several different tasks at one time (display, print, interact with other programs) is capable of running several different threads simultaneously. An application with this capability is referred to as a multithreaded application.
Each thread shares the same resources of the process that created it. So, all the threads created by a word processor work in the same memory space and have access to all the same files and system resources.
An operating system can load more than one program in memory at one time.
Multiprogramming
An operating system can handle requests from several different processes loaded into memory at the same time.
Multitasking
An application has the ability to run multiple threads simultaneously.
Multithreading
The computer has more than one CPU.
Multiprocessing
To protect processes from each other, operating systems can implement
process isolation
Process isolation is necessary to ensure that processes do not “step on each other’s toes,” communicate in an insecure manner, or negatively affect each other’s productivity. Older operating systems did not enforce process isolation as well as systems do today. This is why in earlier operating systems, when one of your programs hung, all other programs, and sometimes the operating system itself, hung. With process isolation, if one process hangs for some reason, it will not affect the other software running.Different methods can be used to carry out process isolation give some examples:
• Encapsulation of objects

• Time multiplexing of shared resources

• Naming distinctions

• Virtual mapping
Note

When a process is encapsulated, no other process understands or interacts with its internal programming code. When process A needs to communicate with process B, process A just needs to know how to communicate with process B’s interface. An interface defines how communication must take place between two processes.
note:

Encapsulation provides data hiding, which means that outside software components will not know how a process works and will not be able to manipulate the process’s internal code. This is an integrity mechanism and enforces modularity in programming code.
what is Timemultiplexing
a technology that allows processes to use the same resources. As stated earlier, a CPU must be shared between many processes. Although it seems as though all applications are running (executing their instructions) simultaneously, the operating system is splitting up time shares between each process. Multiplexing means there are several data sources and the individual data pieces are piped into one communication channel. In this instance, the operating system is coordinating the different requests from the different processes and piping them through the one shared CPU.
what is naming distinctions
means that the different processes have their own name or identification value. Processes are usually assigned process identification (PID) values, which the operating system and other processes use to call upon them. If each process is isolated, that means each process has its own unique PID value.
what is virtual address space mapping
An application is written such that basically it thinks it is the only program running on an operating system. When an application needs memory to work with, it tells the operating system’s memory manager how much memory it needs. The operating system carves out that amount of memory and assigns it to the requesting application. The application uses its own address scheme, which usually starts at 0, but in reality, the application does not work in the physical address space it thinks it is working in. Rather, it works in the address space the memory manager assigns to it. The physical memory is the RAM chips in the system. Virtual address mapping allows the different processes to have their own memory space; the memory manager ensures no processes improperly interact with another process’s memory. This provides integrity and confidentiality.
The goals of memory management are to
• Provide an abstraction level for programmers

• Maximize performance with the limited amount of memory available

• Protect the operating system and applications loaded into memory
what is Abstraction
means that the details of something are hidden. Developers of applications do not know the amount or type of memory that will be available in each and every system their code will be loaded on.
The portion of the operating system that keeps track of how these different types of memory are used is called
the memory manager

Note:

Its jobs are to allocate and deallocate different memory segments, enforce access control to ensure processes are interacting only with their own memory segments, and swap memory contents from RAM to the hard drive.
The memory manager has five basic responsibilities:
Relocation
Protection
Sharing
Logical organization
Physical organization
• Swap contents from RAM to the hard drive as needed (explained later in the “Virtual Memory” section of this chapter)

• Provide pointers for applications if their instructions and memory segment have been moved to a different location in main memory
Relocation
• Limit processes to interact only with the memory segments assigned to them
• Provide access control to memory segments
Protection
• Use complex controls to ensure integrity and confidentiality when processes need to use the same shared memory segments
• Allow many users with different levels of access to interact with the same application running in one memory segment
Sharing
• Allow for the sharing of specific software modules, such as dynamic link library (DLL) procedures
Logical organization
• Segment the physical memory space for application and operating system
Physical organization

processes
A dynamic link library (DLL) is
a set of functions that applications can call upon to carry out different types of procedures. For example, the Windows operating system has a crypt32.dll that is used by the operating system and applications for cryptographic functions. Windows has a set of DLLs, which is just a library of functions to be called upon.
How can an operating system make sure a process only interacts with its memory segment
process creates a thread
base register
contains the beginning address that was assigned to the process
limit register
contains the ending address assigned to the process
note

The thread contains an address of where the instruction and data reside that need to be processed. The CPU compares this address to the base and limit registers to make sure the thread is not trying to access a memory segment outside of its bounds. So, the base register makes it impossible for a thread to reference a memory address below its allocated memory segment, and the limit register makes it impossible for a thread to reference a memory address above this segment.
note

Random access memory (RAM) is a type of temporary storage facility where data and program instructions can temporarily be held and altered. It is used for read/write activities by the operating system and applications. It is described as volatile because if the computer’s power supply is terminated, then all information within this type of memory is lost.
what are some Memory Protection Issues
• Every address reference is validated for protection.
• Two or more processes can share access to the same segment with potentially different access rights.
• Different instruction and data types can be assigned different levels of protection.
• Processes cannot generate an unpermitted address or gain access to an unpermitted segment.
All of these issues make it more difficult for memory management to be carried out properly in a constantly changing and complex system. Any time more complexity is introduced, it usually means more vulnerabilities can be exploited.
explain how dynamic RAM (DRAM) works
The data being held in the RAM memory cells must be continually and dynamically refreshed so your bits do not magically disappear. This activity of constantly refreshing takes time, which is why DRAM is slower than static RAM.
define Static RAM (SRAM)
does not require this continuous-refreshing nonsense; it uses a different technology, by holding bits in its memory cells without the use of capacitors, but it does require more transistors than DRAM. Since SRAM does not need to be refreshed, it is faster than DRAM, but because SRAM requires more transistors, it takes up more space on the RAM chip. Manufacturers cannot fit as many SRAM memory cells on a memory chip as they can DRAM memory cells, which is why SRAM is more expensive.
When a computer spends more time moving data from one small portion of memory to another than actually processing the data, it is referred to
as
thrashing

This causes the system to crawl in speed and your frustration level to increase.
Systems of a higher trust level may need to implement hardware segmentation of the memory used by different processes. This means
memory is separated physically instead of just logically. This adds another layer of protection to ensure that a lower-privileged process does not access and modify a higher-level process’s memory space.
note

Synchronous DRAM (SDRAM) Synchronizes itself with the system’s CPU and synchronizes signal input and output on the RAM chip. It coordinates its activities with the CPU clock so the timing of the CPU and the timing of the memory activities are synchronized. This increases the speed of transmitting and executing data.
note

Extended data out DRAM (EDO DRAM) Is faster than DRAM because DRAM can access only one block of data at a time, whereas EDO DRAM can capture the next block of data while the first block is being sent to the CPUfor processing. It has a type of “look ahead” feature that speeds up memory access.
note

Burst EDO DRAM (BEDO DRAM) Works like (and builds upon) EDO DRAM in that it can transmit data to the CPU as it carries out a read option, but it can send more data at once (burst). It reads and sends up to four memory addresses in a small number of clock cycles.
note

Double data rate SDRAM (DDR SDRAM) Carries out read operations on the rising and falling cycles of a clock pulse. So instead of carrying out one operation per clock cycle, it carries out two and thus can deliver twice the throughput of SDRAM. Basically, it doubles the speed of memory activities, when compared to SDRAM, with a smaller number of clock cycles.
The software that is stored within ROM is called
firmware
is a nonvolatile memory type
Read-only memory (ROM)
note

Read-only memory (ROM) is a nonvolatile memory type, meaning that when a computer’s power is turned off, the data are still held within the memory chips. When data are inserted into ROM memory chips, the data cannot be altered. Individual ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called firmware.
note

Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured. PROM can be programmed only one time because the voltage that is used to write bits into the memory cells actually burns out the fuses that connect the individual memory cells. The instructions are “burned into” PROM using a specialized PROM programmer device.
note

Erasable and programmable read-only memory (EPROM) can be erased, modified, and upgraded. EPROM holds data that can be electrically erased or written to. To erase the data on the memory chip, you need your handy-dandy ultraviolet (UV) light devicethat provides just the right level of energy. The EPROM chip has a quartz window, which is where you point the UV light. Although playing with UV light devices can be fun for the whole family, we have moved on to another type of ROM technology that does not require this type of activity.To erase an EPROM chip, you must remove the chip from the computer and wave your magic UV wand, which erases all of the data on the chip—not just portions of it. So someone invented electrically erasable programmable read-only memory (EEPROM), and we all put our UV light wands away for good.
note

Flash memory is a special type of memory that is used in digital cameras, BIOS chips, memory cards for laptops, and video game consoles. It is a solid-state technology, meaning it does not have moving parts and is used more as a type of hard drive than memory. Flash memory basically moves around different levels of voltages to indicate that a 1 or 0 must be held in a specific address. It acts as a ROM technology rather than a RAM technology. Its benefits over a regular hard drive are that it is smaller, faster, and lighter. So let’s deploy Flash memory everywhere and replace our hard drives! Maybe one day. Today it is relatively expensive compared to regular hard drives.
explain how dynamic RAM (DRAM) works
The data being held in the RAM memory cells must be continually and dynamically refreshed so your bits do not magically disappear. This activity of constantly refreshing takes time, which is why DRAM is slower than static RAM.
explain how dynamic RAM (DRAM) works
The data being held in the RAM memory cells must be continually and dynamically refreshed so your bits do not magically disappear. This activity of constantly refreshing takes time, which is why DRAM is slower than static RAM.
define Static RAM (SRAM)
does not require this continuous-refreshing nonsense; it uses a different technology, by holding bits in its memory cells without the use of capacitors, but it does require more transistors than DRAM. Since SRAM does not need to be refreshed, it is faster than DRAM, but because SRAM requires more transistors, it takes up more space on the RAM chip. Manufacturers cannot fit as many SRAM memory cells on a memory chip as they can DRAM memory cells, which is why SRAM is more expensive.
define Static RAM (SRAM)
does not require this continuous-refreshing nonsense; it uses a different technology, by holding bits in its memory cells without the use of capacitors, but it does require more transistors than DRAM. Since SRAM does not need to be refreshed, it is faster than DRAM, but because SRAM requires more transistors, it takes up more space on the RAM chip. Manufacturers cannot fit as many SRAM memory cells on a memory chip as they can DRAM memory cells, which is why SRAM is more expensive.
When a computer spends more time moving data from one small portion of memory to another than actually processing the data, it is referred to
as
thrashing

This causes the system to crawl in speed and your frustration level to increase.
When a computer spends more time moving data from one small portion of memory to another than actually processing the data, it is referred to
as
thrashing

This causes the system to crawl in speed and your frustration level to increase.
Systems of a higher trust level may need to implement hardware segmentation of the memory used by different processes. This means
memory is separated physically instead of just logically. This adds another layer of protection to ensure that a lower-privileged process does not access and modify a higher-level process’s memory space.
Systems of a higher trust level may need to implement hardware segmentation of the memory used by different processes. This means
memory is separated physically instead of just logically. This adds another layer of protection to ensure that a lower-privileged process does not access and modify a higher-level process’s memory space.
explain how dynamic RAM (DRAM) works
The data being held in the RAM memory cells must be continually and dynamically refreshed so your bits do not magically disappear. This activity of constantly refreshing takes time, which is why DRAM is slower than static RAM.
note

Synchronous DRAM (SDRAM) Synchronizes itself with the system’s CPU and synchronizes signal input and output on the RAM chip. It coordinates its activities with the CPU clock so the timing of the CPU and the timing of the memory activities are synchronized. This increases the speed of transmitting and executing data.
note

Extended data out DRAM (EDO DRAM) Is faster than DRAM because DRAM can access only one block of data at a time, whereas EDO DRAM can capture the next block of data while the first block is being sent to the CPUfor processing. It has a type of “look ahead” feature that speeds up memory access.
note

Synchronous DRAM (SDRAM) Synchronizes itself with the system’s CPU and synchronizes signal input and output on the RAM chip. It coordinates its activities with the CPU clock so the timing of the CPU and the timing of the memory activities are synchronized. This increases the speed of transmitting and executing data.
note

Extended data out DRAM (EDO DRAM) Is faster than DRAM because DRAM can access only one block of data at a time, whereas EDO DRAM can capture the next block of data while the first block is being sent to the CPUfor processing. It has a type of “look ahead” feature that speeds up memory access.
note

Burst EDO DRAM (BEDO DRAM) Works like (and builds upon) EDO DRAM in that it can transmit data to the CPU as it carries out a read option, but it can send more data at once (burst). It reads and sends up to four memory addresses in a small number of clock cycles.
note

Double data rate SDRAM (DDR SDRAM) Carries out read operations on the rising and falling cycles of a clock pulse. So instead of carrying out one operation per clock cycle, it carries out two and thus can deliver twice the throughput of SDRAM. Basically, it doubles the speed of memory activities, when compared to SDRAM, with a smaller number of clock cycles.
note

Burst EDO DRAM (BEDO DRAM) Works like (and builds upon) EDO DRAM in that it can transmit data to the CPU as it carries out a read option, but it can send more data at once (burst). It reads and sends up to four memory addresses in a small number of clock cycles.
note

Double data rate SDRAM (DDR SDRAM) Carries out read operations on the rising and falling cycles of a clock pulse. So instead of carrying out one operation per clock cycle, it carries out two and thus can deliver twice the throughput of SDRAM. Basically, it doubles the speed of memory activities, when compared to SDRAM, with a smaller number of clock cycles.
define Static RAM (SRAM)
does not require this continuous-refreshing nonsense; it uses a different technology, by holding bits in its memory cells without the use of capacitors, but it does require more transistors than DRAM. Since SRAM does not need to be refreshed, it is faster than DRAM, but because SRAM requires more transistors, it takes up more space on the RAM chip. Manufacturers cannot fit as many SRAM memory cells on a memory chip as they can DRAM memory cells, which is why SRAM is more expensive.
explain how dynamic RAM (DRAM) works
The data being held in the RAM memory cells must be continually and dynamically refreshed so your bits do not magically disappear. This activity of constantly refreshing takes time, which is why DRAM is slower than static RAM.
The software that is stored within ROM is called
firmware
When a computer spends more time moving data from one small portion of memory to another than actually processing the data, it is referred to
as
thrashing

This causes the system to crawl in speed and your frustration level to increase.
The software that is stored within ROM is called
firmware
define Static RAM (SRAM)
does not require this continuous-refreshing nonsense; it uses a different technology, by holding bits in its memory cells without the use of capacitors, but it does require more transistors than DRAM. Since SRAM does not need to be refreshed, it is faster than DRAM, but because SRAM requires more transistors, it takes up more space on the RAM chip. Manufacturers cannot fit as many SRAM memory cells on a memory chip as they can DRAM memory cells, which is why SRAM is more expensive.
is a nonvolatile memory type
Read-only memory (ROM)
When a computer spends more time moving data from one small portion of memory to another than actually processing the data, it is referred to
as
thrashing

This causes the system to crawl in speed and your frustration level to increase.
Systems of a higher trust level may need to implement hardware segmentation of the memory used by different processes. This means
memory is separated physically instead of just logically. This adds another layer of protection to ensure that a lower-privileged process does not access and modify a higher-level process’s memory space.
note

Read-only memory (ROM) is a nonvolatile memory type, meaning that when a computer’s power is turned off, the data are still held within the memory chips. When data are inserted into ROM memory chips, the data cannot be altered. Individual ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called firmware.
note

Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured. PROM can be programmed only one time because the voltage that is used to write bits into the memory cells actually burns out the fuses that connect the individual memory cells. The instructions are “burned into” PROM using a specialized PROM programmer device.
note

Synchronous DRAM (SDRAM) Synchronizes itself with the system’s CPU and synchronizes signal input and output on the RAM chip. It coordinates its activities with the CPU clock so the timing of the CPU and the timing of the memory activities are synchronized. This increases the speed of transmitting and executing data.
note

Extended data out DRAM (EDO DRAM) Is faster than DRAM because DRAM can access only one block of data at a time, whereas EDO DRAM can capture the next block of data while the first block is being sent to the CPUfor processing. It has a type of “look ahead” feature that speeds up memory access.
Systems of a higher trust level may need to implement hardware segmentation of the memory used by different processes. This means
memory is separated physically instead of just logically. This adds another layer of protection to ensure that a lower-privileged process does not access and modify a higher-level process’s memory space.
is a nonvolatile memory type
Read-only memory (ROM)
note

Read-only memory (ROM) is a nonvolatile memory type, meaning that when a computer’s power is turned off, the data are still held within the memory chips. When data are inserted into ROM memory chips, the data cannot be altered. Individual ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called firmware.
note

Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured. PROM can be programmed only one time because the voltage that is used to write bits into the memory cells actually burns out the fuses that connect the individual memory cells. The instructions are “burned into” PROM using a specialized PROM programmer device.
note

Synchronous DRAM (SDRAM) Synchronizes itself with the system’s CPU and synchronizes signal input and output on the RAM chip. It coordinates its activities with the CPU clock so the timing of the CPU and the timing of the memory activities are synchronized. This increases the speed of transmitting and executing data.
note

Extended data out DRAM (EDO DRAM) Is faster than DRAM because DRAM can access only one block of data at a time, whereas EDO DRAM can capture the next block of data while the first block is being sent to the CPUfor processing. It has a type of “look ahead” feature that speeds up memory access.
note

Erasable and programmable read-only memory (EPROM) can be erased, modified, and upgraded. EPROM holds data that can be electrically erased or written to. To erase the data on the memory chip, you need your handy-dandy ultraviolet (UV) light devicethat provides just the right level of energy. The EPROM chip has a quartz window, which is where you point the UV light. Although playing with UV light devices can be fun for the whole family, we have moved on to another type of ROM technology that does not require this type of activity.To erase an EPROM chip, you must remove the chip from the computer and wave your magic UV wand, which erases all of the data on the chip—not just portions of it. So someone invented electrically erasable programmable read-only memory (EEPROM), and we all put our UV light wands away for good.
note

Flash memory is a special type of memory that is used in digital cameras, BIOS chips, memory cards for laptops, and video game consoles. It is a solid-state technology, meaning it does not have moving parts and is used more as a type of hard drive than memory. Flash memory basically moves around different levels of voltages to indicate that a 1 or 0 must be held in a specific address. It acts as a ROM technology rather than a RAM technology. Its benefits over a regular hard drive are that it is smaller, faster, and lighter. So let’s deploy Flash memory everywhere and replace our hard drives! Maybe one day. Today it is relatively expensive compared to regular hard drives.
note

Burst EDO DRAM (BEDO DRAM) Works like (and builds upon) EDO DRAM in that it can transmit data to the CPU as it carries out a read option, but it can send more data at once (burst). It reads and sends up to four memory addresses in a small number of clock cycles.
note

Double data rate SDRAM (DDR SDRAM) Carries out read operations on the rising and falling cycles of a clock pulse. So instead of carrying out one operation per clock cycle, it carries out two and thus can deliver twice the throughput of SDRAM. Basically, it doubles the speed of memory activities, when compared to SDRAM, with a smaller number of clock cycles.
note

Erasable and programmable read-only memory (EPROM) can be erased, modified, and upgraded. EPROM holds data that can be electrically erased or written to. To erase the data on the memory chip, you need your handy-dandy ultraviolet (UV) light devicethat provides just the right level of energy. The EPROM chip has a quartz window, which is where you point the UV light. Although playing with UV light devices can be fun for the whole family, we have moved on to another type of ROM technology that does not require this type of activity.To erase an EPROM chip, you must remove the chip from the computer and wave your magic UV wand, which erases all of the data on the chip—not just portions of it. So someone invented electrically erasable programmable read-only memory (EEPROM), and we all put our UV light wands away for good.
note

Flash memory is a special type of memory that is used in digital cameras, BIOS chips, memory cards for laptops, and video game consoles. It is a solid-state technology, meaning it does not have moving parts and is used more as a type of hard drive than memory. Flash memory basically moves around different levels of voltages to indicate that a 1 or 0 must be held in a specific address. It acts as a ROM technology rather than a RAM technology. Its benefits over a regular hard drive are that it is smaller, faster, and lighter. So let’s deploy Flash memory everywhere and replace our hard drives! Maybe one day. Today it is relatively expensive compared to regular hard drives.
The software that is stored within ROM is called
firmware
is a nonvolatile memory type
Read-only memory (ROM)
note

Burst EDO DRAM (BEDO DRAM) Works like (and builds upon) EDO DRAM in that it can transmit data to the CPU as it carries out a read option, but it can send more data at once (burst). It reads and sends up to four memory addresses in a small number of clock cycles.
note

Double data rate SDRAM (DDR SDRAM) Carries out read operations on the rising and falling cycles of a clock pulse. So instead of carrying out one operation per clock cycle, it carries out two and thus can deliver twice the throughput of SDRAM. Basically, it doubles the speed of memory activities, when compared to SDRAM, with a smaller number of clock cycles.
explain how dynamic RAM (DRAM) works
The data being held in the RAM memory cells must be continually and dynamically refreshed so your bits do not magically disappear. This activity of constantly refreshing takes time, which is why DRAM is slower than static RAM.
The software that is stored within ROM is called
firmware
note

Read-only memory (ROM) is a nonvolatile memory type, meaning that when a computer’s power is turned off, the data are still held within the memory chips. When data are inserted into ROM memory chips, the data cannot be altered. Individual ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called firmware.
note

Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured. PROM can be programmed only one time because the voltage that is used to write bits into the memory cells actually burns out the fuses that connect the individual memory cells. The instructions are “burned into” PROM using a specialized PROM programmer device.
define Static RAM (SRAM)
does not require this continuous-refreshing nonsense; it uses a different technology, by holding bits in its memory cells without the use of capacitors, but it does require more transistors than DRAM. Since SRAM does not need to be refreshed, it is faster than DRAM, but because SRAM requires more transistors, it takes up more space on the RAM chip. Manufacturers cannot fit as many SRAM memory cells on a memory chip as they can DRAM memory cells, which is why SRAM is more expensive.
note

Erasable and programmable read-only memory (EPROM) can be erased, modified, and upgraded. EPROM holds data that can be electrically erased or written to. To erase the data on the memory chip, you need your handy-dandy ultraviolet (UV) light devicethat provides just the right level of energy. The EPROM chip has a quartz window, which is where you point the UV light. Although playing with UV light devices can be fun for the whole family, we have moved on to another type of ROM technology that does not require this type of activity.To erase an EPROM chip, you must remove the chip from the computer and wave your magic UV wand, which erases all of the data on the chip—not just portions of it. So someone invented electrically erasable programmable read-only memory (EEPROM), and we all put our UV light wands away for good.
note

Flash memory is a special type of memory that is used in digital cameras, BIOS chips, memory cards for laptops, and video game consoles. It is a solid-state technology, meaning it does not have moving parts and is used more as a type of hard drive than memory. Flash memory basically moves around different levels of voltages to indicate that a 1 or 0 must be held in a specific address. It acts as a ROM technology rather than a RAM technology. Its benefits over a regular hard drive are that it is smaller, faster, and lighter. So let’s deploy Flash memory everywhere and replace our hard drives! Maybe one day. Today it is relatively expensive compared to regular hard drives.
When a computer spends more time moving data from one small portion of memory to another than actually processing the data, it is referred to
as
thrashing

This causes the system to crawl in speed and your frustration level to increase.
is a nonvolatile memory type
Read-only memory (ROM)
Systems of a higher trust level may need to implement hardware segmentation of the memory used by different processes. This means
memory is separated physically instead of just logically. This adds another layer of protection to ensure that a lower-privileged process does not access and modify a higher-level process’s memory space.
note

Read-only memory (ROM) is a nonvolatile memory type, meaning that when a computer’s power is turned off, the data are still held within the memory chips. When data are inserted into ROM memory chips, the data cannot be altered. Individual ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called firmware.
note

Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured. PROM can be programmed only one time because the voltage that is used to write bits into the memory cells actually burns out the fuses that connect the individual memory cells. The instructions are “burned into” PROM using a specialized PROM programmer device.
explain how dynamic RAM (DRAM) works
The data being held in the RAM memory cells must be continually and dynamically refreshed so your bits do not magically disappear. This activity of constantly refreshing takes time, which is why DRAM is slower than static RAM.
explain how dynamic RAM (DRAM) works
The data being held in the RAM memory cells must be continually and dynamically refreshed so your bits do not magically disappear. This activity of constantly refreshing takes time, which is why DRAM is slower than static RAM.
note

Erasable and programmable read-only memory (EPROM) can be erased, modified, and upgraded. EPROM holds data that can be electrically erased or written to. To erase the data on the memory chip, you need your handy-dandy ultraviolet (UV) light devicethat provides just the right level of energy. The EPROM chip has a quartz window, which is where you point the UV light. Although playing with UV light devices can be fun for the whole family, we have moved on to another type of ROM technology that does not require this type of activity.To erase an EPROM chip, you must remove the chip from the computer and wave your magic UV wand, which erases all of the data on the chip—not just portions of it. So someone invented electrically erasable programmable read-only memory (EEPROM), and we all put our UV light wands away for good.
note

Flash memory is a special type of memory that is used in digital cameras, BIOS chips, memory cards for laptops, and video game consoles. It is a solid-state technology, meaning it does not have moving parts and is used more as a type of hard drive than memory. Flash memory basically moves around different levels of voltages to indicate that a 1 or 0 must be held in a specific address. It acts as a ROM technology rather than a RAM technology. Its benefits over a regular hard drive are that it is smaller, faster, and lighter. So let’s deploy Flash memory everywhere and replace our hard drives! Maybe one day. Today it is relatively expensive compared to regular hard drives.
define Static RAM (SRAM)
does not require this continuous-refreshing nonsense; it uses a different technology, by holding bits in its memory cells without the use of capacitors, but it does require more transistors than DRAM. Since SRAM does not need to be refreshed, it is faster than DRAM, but because SRAM requires more transistors, it takes up more space on the RAM chip. Manufacturers cannot fit as many SRAM memory cells on a memory chip as they can DRAM memory cells, which is why SRAM is more expensive.
note

Synchronous DRAM (SDRAM) Synchronizes itself with the system’s CPU and synchronizes signal input and output on the RAM chip. It coordinates its activities with the CPU clock so the timing of the CPU and the timing of the memory activities are synchronized. This increases the speed of transmitting and executing data.
note

Extended data out DRAM (EDO DRAM) Is faster than DRAM because DRAM can access only one block of data at a time, whereas EDO DRAM can capture the next block of data while the first block is being sent to the CPUfor processing. It has a type of “look ahead” feature that speeds up memory access.
define Static RAM (SRAM)
does not require this continuous-refreshing nonsense; it uses a different technology, by holding bits in its memory cells without the use of capacitors, but it does require more transistors than DRAM. Since SRAM does not need to be refreshed, it is faster than DRAM, but because SRAM requires more transistors, it takes up more space on the RAM chip. Manufacturers cannot fit as many SRAM memory cells on a memory chip as they can DRAM memory cells, which is why SRAM is more expensive.
When a computer spends more time moving data from one small portion of memory to another than actually processing the data, it is referred to
as
thrashing

This causes the system to crawl in speed and your frustration level to increase.
When a computer spends more time moving data from one small portion of memory to another than actually processing the data, it is referred to
as
thrashing

This causes the system to crawl in speed and your frustration level to increase.
Systems of a higher trust level may need to implement hardware segmentation of the memory used by different processes. This means
memory is separated physically instead of just logically. This adds another layer of protection to ensure that a lower-privileged process does not access and modify a higher-level process’s memory space.
note

Burst EDO DRAM (BEDO DRAM) Works like (and builds upon) EDO DRAM in that it can transmit data to the CPU as it carries out a read option, but it can send more data at once (burst). It reads and sends up to four memory addresses in a small number of clock cycles.
note

Double data rate SDRAM (DDR SDRAM) Carries out read operations on the rising and falling cycles of a clock pulse. So instead of carrying out one operation per clock cycle, it carries out two and thus can deliver twice the throughput of SDRAM. Basically, it doubles the speed of memory activities, when compared to SDRAM, with a smaller number of clock cycles.
Systems of a higher trust level may need to implement hardware segmentation of the memory used by different processes. This means
memory is separated physically instead of just logically. This adds another layer of protection to ensure that a lower-privileged process does not access and modify a higher-level process’s memory space.
note

Synchronous DRAM (SDRAM) Synchronizes itself with the system’s CPU and synchronizes signal input and output on the RAM chip. It coordinates its activities with the CPU clock so the timing of the CPU and the timing of the memory activities are synchronized. This increases the speed of transmitting and executing data.
note

Extended data out DRAM (EDO DRAM) Is faster than DRAM because DRAM can access only one block of data at a time, whereas EDO DRAM can capture the next block of data while the first block is being sent to the CPUfor processing. It has a type of “look ahead” feature that speeds up memory access.
The software that is stored within ROM is called
firmware
note

Synchronous DRAM (SDRAM) Synchronizes itself with the system’s CPU and synchronizes signal input and output on the RAM chip. It coordinates its activities with the CPU clock so the timing of the CPU and the timing of the memory activities are synchronized. This increases the speed of transmitting and executing data.
note

Extended data out DRAM (EDO DRAM) Is faster than DRAM because DRAM can access only one block of data at a time, whereas EDO DRAM can capture the next block of data while the first block is being sent to the CPUfor processing. It has a type of “look ahead” feature that speeds up memory access.
is a nonvolatile memory type
Read-only memory (ROM)
note

Burst EDO DRAM (BEDO DRAM) Works like (and builds upon) EDO DRAM in that it can transmit data to the CPU as it carries out a read option, but it can send more data at once (burst). It reads and sends up to four memory addresses in a small number of clock cycles.
note

Double data rate SDRAM (DDR SDRAM) Carries out read operations on the rising and falling cycles of a clock pulse. So instead of carrying out one operation per clock cycle, it carries out two and thus can deliver twice the throughput of SDRAM. Basically, it doubles the speed of memory activities, when compared to SDRAM, with a smaller number of clock cycles.
note

Burst EDO DRAM (BEDO DRAM) Works like (and builds upon) EDO DRAM in that it can transmit data to the CPU as it carries out a read option, but it can send more data at once (burst). It reads and sends up to four memory addresses in a small number of clock cycles.
note

Double data rate SDRAM (DDR SDRAM) Carries out read operations on the rising and falling cycles of a clock pulse. So instead of carrying out one operation per clock cycle, it carries out two and thus can deliver twice the throughput of SDRAM. Basically, it doubles the speed of memory activities, when compared to SDRAM, with a smaller number of clock cycles.
The software that is stored within ROM is called
firmware
note

Read-only memory (ROM) is a nonvolatile memory type, meaning that when a computer’s power is turned off, the data are still held within the memory chips. When data are inserted into ROM memory chips, the data cannot be altered. Individual ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called firmware.
note

Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured. PROM can be programmed only one time because the voltage that is used to write bits into the memory cells actually burns out the fuses that connect the individual memory cells. The instructions are “burned into” PROM using a specialized PROM programmer device.
The software that is stored within ROM is called
firmware
is a nonvolatile memory type
Read-only memory (ROM)
note

Erasable and programmable read-only memory (EPROM) can be erased, modified, and upgraded. EPROM holds data that can be electrically erased or written to. To erase the data on the memory chip, you need your handy-dandy ultraviolet (UV) light devicethat provides just the right level of energy. The EPROM chip has a quartz window, which is where you point the UV light. Although playing with UV light devices can be fun for the whole family, we have moved on to another type of ROM technology that does not require this type of activity.To erase an EPROM chip, you must remove the chip from the computer and wave your magic UV wand, which erases all of the data on the chip—not just portions of it. So someone invented electrically erasable programmable read-only memory (EEPROM), and we all put our UV light wands away for good.
note

Flash memory is a special type of memory that is used in digital cameras, BIOS chips, memory cards for laptops, and video game consoles. It is a solid-state technology, meaning it does not have moving parts and is used more as a type of hard drive than memory. Flash memory basically moves around different levels of voltages to indicate that a 1 or 0 must be held in a specific address. It acts as a ROM technology rather than a RAM technology. Its benefits over a regular hard drive are that it is smaller, faster, and lighter. So let’s deploy Flash memory everywhere and replace our hard drives! Maybe one day. Today it is relatively expensive compared to regular hard drives.
is a nonvolatile memory type
Read-only memory (ROM)
note

Read-only memory (ROM) is a nonvolatile memory type, meaning that when a computer’s power is turned off, the data are still held within the memory chips. When data are inserted into ROM memory chips, the data cannot be altered. Individual ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called firmware.
note

Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured. PROM can be programmed only one time because the voltage that is used to write bits into the memory cells actually burns out the fuses that connect the individual memory cells. The instructions are “burned into” PROM using a specialized PROM programmer device.
note

Read-only memory (ROM) is a nonvolatile memory type, meaning that when a computer’s power is turned off, the data are still held within the memory chips. When data are inserted into ROM memory chips, the data cannot be altered. Individual ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called firmware.
note

Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured. PROM can be programmed only one time because the voltage that is used to write bits into the memory cells actually burns out the fuses that connect the individual memory cells. The instructions are “burned into” PROM using a specialized PROM programmer device.
note

Erasable and programmable read-only memory (EPROM) can be erased, modified, and upgraded. EPROM holds data that can be electrically erased or written to. To erase the data on the memory chip, you need your handy-dandy ultraviolet (UV) light devicethat provides just the right level of energy. The EPROM chip has a quartz window, which is where you point the UV light. Although playing with UV light devices can be fun for the whole family, we have moved on to another type of ROM technology that does not require this type of activity.To erase an EPROM chip, you must remove the chip from the computer and wave your magic UV wand, which erases all of the data on the chip—not just portions of it. So someone invented electrically erasable programmable read-only memory (EEPROM), and we all put our UV light wands away for good.
note

Flash memory is a special type of memory that is used in digital cameras, BIOS chips, memory cards for laptops, and video game consoles. It is a solid-state technology, meaning it does not have moving parts and is used more as a type of hard drive than memory. Flash memory basically moves around different levels of voltages to indicate that a 1 or 0 must be held in a specific address. It acts as a ROM technology rather than a RAM technology. Its benefits over a regular hard drive are that it is smaller, faster, and lighter. So let’s deploy Flash memory everywhere and replace our hard drives! Maybe one day. Today it is relatively expensive compared to regular hard drives.
note

Erasable and programmable read-only memory (EPROM) can be erased, modified, and upgraded. EPROM holds data that can be electrically erased or written to. To erase the data on the memory chip, you need your handy-dandy ultraviolet (UV) light devicethat provides just the right level of energy. The EPROM chip has a quartz window, which is where you point the UV light. Although playing with UV light devices can be fun for the whole family, we have moved on to another type of ROM technology that does not require this type of activity.To erase an EPROM chip, you must remove the chip from the computer and wave your magic UV wand, which erases all of the data on the chip—not just portions of it. So someone invented electrically erasable programmable read-only memory (EEPROM), and we all put our UV light wands away for good.
note

Flash memory is a special type of memory that is used in digital cameras, BIOS chips, memory cards for laptops, and video game consoles. It is a solid-state technology, meaning it does not have moving parts and is used more as a type of hard drive than memory. Flash memory basically moves around different levels of voltages to indicate that a 1 or 0 must be held in a specific address. It acts as a ROM technology rather than a RAM technology. Its benefits over a regular hard drive are that it is smaller, faster, and lighter. So let’s deploy Flash memory everywhere and replace our hard drives! Maybe one day. Today it is relatively expensive compared to regular hard drives.
• Limit processes to interact only with the memory segments assigned to them
• Provide access control to memory segments
Protection
• Use complex controls to ensure integrity and confidentiality when processes need to use the same shared memory segments
• Allow many users with different levels of access to interact with the same application running in one memory segment
Sharing
• Allow for the sharing of specific software modules, such as dynamic link library (DLL) procedures
Logical organization
• Segment the physical memory space for application and operating system
Physical organization

processes
A dynamic link library (DLL) is
a set of functions that applications can call upon to carry out different types of procedures. For example, the Windows operating system has a crypt32.dll that is used by the operating system and applications for cryptographic functions. Windows has a set of DLLs, which is just a library of functions to be called upon.
How can an operating system make sure a process only interacts with its memory segment
process creates a thread
base register
contains the beginning address that was assigned to the process
limit register
contains the ending address assigned to the process
note

The thread contains an address of where the instruction and data reside that need to be processed. The CPU compares this address to the base and limit registers to make sure the thread is not trying to access a memory segment outside of its bounds. So, the base register makes it impossible for a thread to reference a memory address below its allocated memory segment, and the limit register makes it impossible for a thread to reference a memory address above this segment.
note

Random access memory (RAM) is a type of temporary storage facility where data and program instructions can temporarily be held and altered. It is used for read/write activities by the operating system and applications. It is described as volatile because if the computer’s power supply is terminated, then all information within this type of memory is lost.
what are some Memory Protection Issues
• Every address reference is validated for protection.
• Two or more processes can share access to the same segment with potentially different access rights.
• Different instruction and data types can be assigned different levels of protection.
• Processes cannot generate an unpermitted address or gain access to an unpermitted segment.
All of these issues make it more difficult for memory management to be carried out properly in a constantly changing and complex system. Any time more complexity is introduced, it usually means more vulnerabilities can be exploited.
explain how dynamic RAM (DRAM) works
The data being held in the RAM memory cells must be continually and dynamically refreshed so your bits do not magically disappear. This activity of constantly refreshing takes time, which is why DRAM is slower than static RAM.
what is Static RAM (SRAM) .
does not require this continuous-refreshing nonsense; it uses a different technology, by holding bits in its memory cells without the use of capacitors, but it does require more transistors than DRAM. Since SRAM does not need to be refreshed, it is faster than DRAM, but because SRAM requires more transistors, it takes up more space on the RAM chip. Manufacturers cannot fit as many SRAM memory cells on a memory chip as they can DRAM memory cells, which is why SRAM is more expensive
When a computer spends more time moving data from one small portion of memory to another than actually processing the data, it is referred to as
thrashing

This causes the system to crawl in speed and your frustration level to increase.
note

Systems of a higher trust level may need to implement hardware segmentation of the memory used by different processes. This means memory is separated physically instead of just logically. This adds another layer of protection to ensure that a lower-privileged process does not access and modify a higher-level process’s memory space.
note

Synchronous DRAM (SDRAM) Synchronizes itself with the system’s CPU and synchronizes signal input and output on the RAM chip. It coordinates its activities with the CPU clock so the timing of the CPU and the timing of the memory activities are synchronized. This increases the speed of transmitting and executing data.
note

Extended data out DRAM (EDO DRAM) Is faster than DRAM because DRAM can access only one block of data at a time, whereas EDO DRAM can capture the next block of data while the first block is being sent to the CPUfor processing. It has a type of “look ahead” feature that speeds up memory access.
note

Burst EDO DRAM (BEDO DRAM) Works like (and builds upon) EDO DRAM in that it can transmit data to the CPU as it carries out a read option, but it can send more data at once (burst). It reads and sends up to four memory addresses in a small number of clock cycles.
note

Double data rate SDRAM (DDR SDRAM) Carries out read operations on the rising and falling cycles of a clock pulse. So instead of carrying out one
operation per clock cycle, it carries out two and thus can deliver twice the throughput of SDRAM. Basically, it doubles the speed of memory activities,
when compared to SDRAM, with a smaller number of clock cycles.
note Read-only memory (ROM) is a nonvolatile memory type, meaning that when a computer’s power is turned off, the data are still held within the memory chips. When data are inserted into ROM memory chips, the data cannot be altered. Individual ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called firmware.
note

Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured. PROM can be programmed only one time because the voltage that is used to write bits into the memory cells actually burns out the fuses that connect the individual memory cells. The instructions are “burned into” PROM using a specialized PROM programmer device. Erasable and programmable read-only memory (EPROM) can be erased, modified, and upgraded. EPROM holds data that can be electrically erased or written to. To erase the data on the memory chip, you need your handy-dandy ultraviolet (UV) light devicethat provides just the right level of energy. The EPROM chip has a quartz window, which is where you point the UV light. Although playing with UV light devices can be fun for the whole family, we have moved on to another type of ROM technology that does not require this type of activity.
note

To erase an EPROM chip, you must remove the chip from the computer and wave
your magic UV wand, which erases all of the data on the chip—not just portions of it.
So someone invented electrically erasable programmable read-only memory (EEPROM),
and we all put our UV light wands away for good.
Flash memory is a special type of memory that is used in digital cameras, BIOS chips, memory cards for laptops, and video game consoles. It is a solid-state technology,
meaning it does not have moving parts and is used more as a type of hard drive than memory. Flash memory basically moves around different levels of voltages to indicate that a 1 or 0 must be held in a specific address. It acts as a ROM technology rather than a RAM technology. Its benefits over a regular hard drive are that it is smaller, faster, and lighter. So let’s deploy Flash memory everywhere and replace our hard drives! Maybe one day. Today it is relatively expensive compared to regular hard drives.
note

Cache memory is a type of memory used for high-speed writing and reading activities.
When the system assumes (through its programmatic logic) that it will need to
access specific information many times throughout its processing activities, it will store the information in cache memory so it is easily and quickly accessible. Data in cache can be accessed much more quickly than data stored in real memory. Therefore, any
information needed by the CPU very quickly, and very often, is usually stored in cache memory, thereby improving the overall speed of the computer system.
The physical memory addresses that the CPU uses are called
absolute addresses
The indexed memory addresses that software uses are referred to as
logical addresses
what are relative addresses
a known address with an offset value applied. As explained previously, an application does not “know” it is sharing memory with other
applications. When the program needs a memory segment to work with, it tells the memory manager how much memory it needs.
Memory leaks can be caused by
operating systems, applications, and
software drivers.
Two main countermeasures can protect against memory leaks
-developing better code that releases memory properly

-using a garbage collector
software that runs an algorithm to identify unused committed memory and then tells the operating system to mark that memory as available. is called a
garbage collector

Different types of garbage collectors work with different operating systems, programming languages, and algorithms.
note

Secondary storage is considered nonvolatile storage media and includes such things as the computer’s hard drive, floppy disks, and CD-ROMs. When RAM and secondary storage are combined, the result is virtual memory. The system uses hard drive space to
extend its RAM memory space.
note

Swap space is the reserved hard drive space used to extend RAM capabilities. Windows systems use the pagefile.sys file to reserve this space.
how does virtual memory paging work
When a system fills up its volatile memory space, it writes data from memory onto the hard drive. When a program requests access to this data, it is brought from the hard drive back into memory in specific units, called pages.
NOTE

If a program, file, or data are encrypted and saved on the hard drive, they will be decrypted when used by the controlling program. While these unencrypted data are sitting in RAM, the system could write out the data to the swap space on the hard drive, in their unencrypted state. Attackers have figured out how to gain access to this space in unauthorized manners.
Note

The operating system has several protection mechanisms to ensure processes do not negatively affect each other or the critical components of the system itself. One has already been mentioned: memory protection. Another security mechanism the system uses is protection rings.
NOTE The actual ring architecture used by a system is dictated by the processor and the operating system. The hardware chip (processor) is constructed to provide a certain number of rings, and the operating system must be developed to also work in this ring structure. This is one reason why an operating system platform may work with an Intel chip but not an Alpha chip, for example. They have different architectures and ways to interpret instruction sets.
NOTE

Protection rings support the , , confidentiality, integrity, and availability requirements of multitasking operating systems. The most commonly used architecture provides four protection rings.
what operates at Ring 0
Operating system kernel
what operates at Ring 1
Remaining parts of the operating system
what operates at Ring 2
I/O drivers and utilities
what operates at Ring 3
Applications and user activity
what rings operate in Supervisor/ Privileged mode
Rings 0-2
what rings operate in User mode or problem state Mode
Rings 3
Note

Protection rings provide an intermediate layer between subjects and objects, and are used for access control when a subject tries to access an object. The ring determines the access level to sensitive system resources. The lower the number, the greater the amount of privilege given to the process that runs within that ring.
Note

A monolithic operating system architecture is commonly referred to as “The Big Mess” because of its lack of structure. The operating system is mainly made up of various procedures that can call upon each other in a haphazard manner. In these types of systems, modules of code can call upon each other as needed. The communication between the different modules is not as structured and controlled as in a layered architecture, and data hiding is not provided. MS-DOS is an example of a monolithic operating system.
define a layered operating system
separates system functionality into hierarchical layers. For example, a system that followed a layered architecture was, strangely enough, called THE (Technische Hogeschool Eindhoven) multiprogramming system.
what are the five layers of functionality
Layer 0 controlled access to the processor and provided multiprogramming functionality:
layer 1 carried out memory management;
layer 2 provided interprocess communication;
layer 3 dealt with I/O devices;
layer 4 was where the applications resided.
Layer 5 was the user layer and not implemented directly by THE. The processes at the different layers each had interfaces to be used by processes in layers below and above them.
what is data hiding
which means that instructions and data (packaged up as procedures) at the various layers do not have direct access to the instructions and data at any other layers. Each procedure at each layer has access only to its own data and a set of functions that it requires to carry out its own tasks.
note

A monolithic operating system provides only one layer of security. In a layered system, each layer should provide its own security and access control. If one layer contains the necessary security mechanisms to make security decisions for all the other layers, then that one layer knows too much about (and has access to) too many objects at the different layers. This directly violates the data-hiding concept.
NOTE

Do not confuse client/server operating system architecture with client/server network architecture, which is the traditional association for “client/server.” In a network, an application works in a client/server model because it provides distributed computing capabilities. The client portion of the application resides on the workstations, and the server portion is usually a back-end database or server.
NOTE

The goal of a client/server architecture is to move as much code as possible from having to work in kernel mode (privileged mode) so the system has a leaner kernel, referred to as the microkernel.
note

A domain is defined as a set of objects that a subject is able to access. This domain can be all the resources a user can access, all the files available to a program, the memory segments available to a process, or the services and processes available to an application.A subject needs to be able to access and use objects (resources) to perform tasks, and the domain defines which objects are available to the subject and which objects are untouchable and therefore unusable by the subject.
NOTE

Remember that a thread is a portion of a process. When the thread is generated, it shares the same domain (resources) as its process. A process that resides in a privileged domain needs to be able to execute its instructions and process its data with the assurance that programs in a different domain cannot negatively affect its environment. This is referred to as an execution domain. Because processes in a privileged domain have access to sensitive resources, the environment must be protected from rogue program code or unexpected activities resulting from programs in other domains.
NOTE

Although academically monolithic, layered, and client/server architectures describe how an operating system is constructed, these terms have morphed to describe mainly how the kernel is built. What this means is that in the industry, and on the CISSP exam, when you see the term “monolithic system,” it is actually referring to the fact that all of the code that makes up the kernel runs in kernel (privileged mode).
NOTE

Layering and data hiding provide protection to data and processes by implementing layers of abstraction. Access to sensitive processes and data can only take place through properly formatted requests that are sent to system APIs. This means the communication that takes place between the different layers of trust only happens through well-defined interfaces.Creating and maintaining these different layers helps protect data from other processes that are not authorized to access it.
NOTE

If a process does not have an interface with which to communicate to another process at another layer, it cannot have access to its data.
NOTE

The protection ring architecture allows for processes to run in either kernel or user mode.
NOTE

Processes with a higher trust level (that is, they work in a lower number protection ring) have a larger domain than processes with lower trust levels.
NOTE

Execution (protection) domains allow for the isolation of process activity, which provides protection and system stability.
NOTE

Monolithic systems have all kernel activities running in supervisory mode, whereas microkernels have only a small subset of kernel activities running in this privileged mode. All other kernel activities run in user mode. Most modern operating systems take a hybrid approach between monolithic and microkernel in design.
what is thunking
When a 16-bit application needs to interact with the operating system, it has been developed to make system calls and interact with the computer’s memory in a way that would only work within a 16-bit operating system—not a 32-bit system. So, the virtual machine simulates a 16-bit operating system, and when the application makes a request, the operating system converts the 16-bit request into a 32-bit requestand reacts to the request appropriately. When the system sends a reply to this request, it changes the 32-bit reply into a 16-bit reply so the application understands it.
NOTE

Virtual machines can be used to consolidate the workloads of several underutilized servers to fewer machines, perhaps a single machine (server consolidation). Related benefits are savings on hardware, environmental costs, management, and administration of the server infrastructure.
NOTE

The need to run legacy applications is served well by virtual machines. A legacy application might simply not run on newer hardware and/or operating systems. Even if it does, if may under-utilize the server, so it makes sense to consolidate several applications. This may be difficult without virtualization because such applications are usually not written to coexist within a single execution environment.
NOTE

Virtual machines can be used to provide secure, isolated sandboxes for running untrusted applications. You could even create such an execution environment dynamically—on the fly—as you download something from the Internet and run it. Virtualization is an important concept in building secure computing platforms.
NOTE

Virtual machines can be used to create operating systems, or execution environments with resource limits, and given the right schedulers, resource guarantees. Partitioning usually goes hand-in-hand with quality of service in the creation of QoS-enabled operating systems.
NOTE

Virtualization can make tasks such as system migration, backup, and recovery easier and more manageable.
NOTE


Virtualization on commodity hardware has been popular in co-located hosting. Many of the above benefits make such hosting secure, cost-effective, and appealing in general.
NOTE

Virtual machines are great tools for research and academic experiments. Since they provide isolation, they are safer to work with. They encapsulate the entire state of a running system: you can save the state, examine it, modify it, reload it, and so on.
NOTE

Virtual machines can isolate what they run, so they provide fault and error containment. You can inject faults proactively into software to study its subsequent behavior.
NOTE

Virtual machines allow for powerful debugging and performance monitoring. You can put such tools in the virtual machine monitor, for example. Operating systems can be debugged without losing productivity, or setting up more complicated debugging scenarios.
NOTE

Virtual machines can be used to run multiple operating systems simultaneously: different versions, or even entirely different systems, which can be on hot standby. Some such systems may be hard or impossible to run on newer real hardware.
NOTE

Virtual machines can provide the illusion of hardware, or hardware configuration that you do not have (such as SCSI devices or multiple processors). Virtualization can also be used to simulate networks of independent computers.
NOTE

When an I/O device has completed whatever task was asked of it, it needs to inform the CPU that the necessary data are now in memory for processing. The device’s controller sends a signal down a bus, which is detected by the interrupt controller. (This is what it means to use an interrupt.
Why Does Video Cards Need to Have Its Own RAM
The RAM on a video card is really just a type of buffer. The application or operating system writes the pixel values into this RAM space instead of writing to the system’s RAM. The pixel values are then displayed to the user on the monitor screen. Graphic-intensive games work better with video cards with a lot of RAM, because storing this display information on the system’s RAM takes too long for the read and write procedures. This results in delayed reactions between the user’s interaction commands and what is displayed on the screen.
Operating systems can carry out software I/O procedures in various ways.
• Programmed I/O
• Interrupt-driven I/O
• I/O using DMA
• Premapped I/O
• Fully mapped I/O
what is Programmable I/O
this means the CPU sends data to an I/O device and polls the device to see if it is ready to accept more data. If the device is not ready to accept more data, the CPU wastes time by waiting
for the device to become ready. For example, the CPU would send a byte of data (a character) to the printer and then ask the printer if it is ready for another byte. The CPU sends the text to be printed one byte at a time. This is a very slow way of working and
wastes precious CPU time. So the smart people figured out a better way: interrupt driven I/O.
what is Interrupt-Driven I/O
If an operating system is using interrupt-driven I/O, this means the CPU sends a character over to the printer and then goes and works on another process’s request. When the printer is done printing the first character, it sends an
interrupt to the CPU. The CPU stops what it is doing, sends another character to the printer, and moves to another job.
what is Direct memory access (DMA)
is a way of transferring data between I/O devices and the system’s memory without using the CPU. This speeds up data transfer rates significantly. When used in I/O activities, the DMA controller feeds the characters
to the printer without bothering the CPU. This method is sometimes referred to as unmapped I/O.
what is Premapped I/O
Premapped I/O and fully mapped I/O (described next) do not pertain to performance, as do the earlier methods, but provide two approaches that can directly affect security. In a premapped I/O system, the CPU sends the physical memory
address of the requesting process to the I/O device, and the I/O device is trusted enough to interact with the contents of memory directly. So the CPU does not control the interactions between the I/O device and memory. The operating system trusts the device to behave properly.
what is Fully Mapped I/O
Under fully mapped I/O, the operating system does not fully trust the I/O device. The physical address is not given to the I/O device. Instead, the device works purely with logical addresses and works on behalf (under the security
context) of the requesting process. So the operating system does not trust the device to interact with memory directly. The operating system does not trust the process or device and acts as the broker to control how they communicate with each other.
what is trusted computing base (TCB)
The TCB is defined as the total combination of protection mechanisms within a computer system. The TCB includes hardware, software, and firmware. These are part of the TCB because the system is sure these components will enforce the security policy and not violate it. The term “trusted computing base,” which originated from the Orange Book, does not address the level of security a system provides, but rather the level of trust a system provides, albeit in a security sense. This is because no computer system can be totally secure. The TCB does not address only operating system components, because a computer system is not made up of only an operating system. The TCB addresses hardware, software components, and firmware.
what is trusted path
is a communication channel between the user, or program, and the kernel. The TCB provides protection resources to ensure this channel cannot be compromised in any way.
what is trusted shell
means that someone who is working in that shell cannot “bust out of it,” and other processes cannot “bust into it.”
NOTE

The processes within the TCB are the components that protect the system overall. So the developers of the operating system must make sure these processes have their own execution domain. This means they reside in ring 0, their instructions are executed in privileged state, and no less trusted processes can directly interact with them. The developers need to ensure the operating system maintains an isolated execution domain, so their processes cannot be compromised or tampered with. The resources that the TCB processes use must also be isolated, so tight access control can be provided and all access requests and operations can be properly
audited. So basically, the operating system tells all the other processes they cannot play with the TCB processes and that they cannot play with the TCB’s resources.
Note

The four basic functions of the TCB are process activation, execution domain switching, memory protection, and I/O operations.
what is Process activation
deals with the activities that must take place when a process is going to have its instructions and data processed by the CPU. As described earlier, the CPU fills its registers with information about the requesting process (program counter, base and limit addresses, user or privileged mode, and so on). A process is “activated” when its interrupt is called upon, enabling it to interact with the CPU. A process is “deactivated” when its instructions are completely executed by the CPU or when another process with a higher priority calls upon the CPU.
what is Execution domain switching
takes place when a process needs to call upon a process in a higher protection ring. As explained earlier, less trusted processes run in user mode and cannot carry out activities such as communicating with hardware or directly sending requests to the kernel. Therefore, a process running in user mode (ring 3) must make a request to an operating system service, which works in ring 1. The less trusted process will have its information loaded into the CPU’s registers and then when the
CPU sees that an operating system service has been called, it switches domains and security context. This means the information of the operating system service process is loaded into the CPU’s registers and the CPU carries out those instructions in privileged
mode. So, execution domain switching refers to when the CPU has to go from executing instructions in user mode to privileged mode and back. All of this must happen properly or a less trusted process might be executed in privileged mode and have direct access to system resources.
define security perimeter
is a boundary that divides the trusted from the untrusted. For the system to stay in a secure and trusted state, precise communication standards must be developed to ensure that when a component within the TCB needs to communicate
with a component outside the TCB, the communication cannot expose the system to unexpected security compromises. This type of communication is handled and controlled through interfaces.
NOTE

The TCB and security perimeter are not physical entities, but conceptual constructs used by system developers to delineate between trusted and untrusted components.
NOTE The reference monitor is a concept in which an abstract machine mediates all access to objects by subjects. The security kernel is the hardware, firmware, and software of a TCB that implements this concept. The TCB is the totality of protection mechanisms within a computer system that work together to enforce a security policy. The TCB contains the security kernel
and all other security protection mechanisms.
The reference monitor
is an abstract machine that mediates all access subjects have to objects, both to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification. For a system to achieve a higher level of trust, it must require subjects (programs, users, or processes)
to be fully authorized prior to accessing an object (file, program, or resource). A subject must not be allowed to use a requested resource until the subject has proven it has been granted access privileges to use the requested object. The reference monitor is an access control concept, not an actual physical component, which is why it is normally referred to as the “reference monitor concept” or an “abstract machine.”
what is the security kernel
is made up of hardware, software, and firmware components that fall within the TCB, and it implements and enforces the reference monitor concept. The security kernel mediates all access and functions between subjects and objects. The
security kernel is the core of the TCB and is the most commonly used approach to building trusted computing systems.
The security kernel has three main requirements:
• It must provide isolation for the processes carrying out the reference monitor concept, and the processes must be tamperproof.
• It must be invoked for every access attempt and must be impossible to circumvent. Thus, the security kernel must be implemented in a complete and foolproof way.
• It must be small enough to be tested and verified in a complete and comprehensive manner.
what are multilevel security policies
Security policies that prevent information from flowing from a high security level to a lower security level. These types of policies permit a subject to access an object only if the subject’s security level is higher than or equal to the object’s classification.
what is Least Privilege
Once resources and processes are isolated properly, least privilege needs to be enforced. This means that a process has no more privileges than necessary to be able to fulfill its functions. Only processes that need to carry out critical system functions should be allowed to, and other, less privileged processes should call upon the more privileged processes to carry out these types of activities when necessary. This type of indirect activity protects the system from poorly written or misbehaving code. Processes should
possess a level of privilege only as long as they really need it. If a process needs to have its status elevated so it can interact directly with a system resource, as soon as its tasks are complete, the process’s status should be dropped to a lower privilege to ensure that
another mechanism cannot use it to adversely affect the system.

As an example of least privilege access control, the system backup program may have read access on the files, but it does not need to be able to modify the files. Similarly, the restore program would be allowed to write files to the disk, but not to read them.
explain the function of Security Models
An important concept in the design and analysis of secure systems is the security model, because it incorporates the security policy that should be enforced in the system. A model is a symbolic representation of a policy. It maps the desires of the policy makers into a set of rules that a computer system must follow.
explain state machine models
to verify the security of a system, the state is used, which means that all current permissions and all current instances of subjects accessing objects must be captured. Maintaining the state of a system deals with each subject’s association with objects. If the subjects can access objects only by means that are concurrent with the security policy, the system is secure. State machines have provided a basis for important security models. A state of a system is a snapshot of a system at
one moment of time. Many activities can alter this state, which are referred to as state transitions.
NOTE

A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data with different classifications.
NOTE

The Bell-LaPadula model is a state machine model that enforces the confidentiality aspects of access control. A matrix and security levels are used to determine if subjects can access different objects. The subject’s clearance is compared to the object’s classification and then specific rules are applied to control how subject-to-object interactions can take place.
NOTE

The Bell-LaPadula model is a subject-to-object model. An example would be how you (subject) could read a data element (object) from a specific database and write data into that database. The Bell-LaPadula model focuses on ensuring that subjects are properly
authenticated—by having the necessary security clearance, need to know, and formal access approval—before accessing an object.
NOTE

The Three main rules used and enforced in the Bell-LaPadula model:

-the simple security rule

-the *-property (star property) rule

-the strong star property rule.
define the simple security rule
states that a subject at a given security level cannot read data that reside at a higher security level. For example, if Bob is given the security clearance of secret, this rule states he cannot read data classified as top secret. If the organization wanted Bob to be able to read top-secret data, it would have given him that clearance in the first place.
define The *-property rule
(star property rule) states that a subject in a given security level cannot write information to a lower security level. The simple security rule is referred to as the “no read up” rule, and the *-property rule is referred to as the “no write down”
define the strong star property rule
states that a subject that has read and write capabilities can only perform those functions at the same security level, nothing
higher and nothing lower. So, for a subject to be able to read and write to an object, the clearance and classification must be equal.
NOTE

In access control terms, the word dominate means to be higher than or equal to. So if you see a statement such as “A subject can only perform a read operation if the access class of the subject dominates the access class of an object,” this just means the subject must have a clearance that is higher than or equal to the object. In the Bell-LaPadula model, this is referred to as
the dominance relation, which is the relationship of the subject’s clearance to the object’s classification.
NOTE

Ensuring that information does not flow from a higher security level to a lower level is referred to as controlling unauthorized downgrading of information, which would take place through a “write down” operation. An actual compromise occurs if and when a user at a lower security level reads this data.
subjects and objects cannot change their security levels once they have been instantiated (created) is an example of what principle
tranquility principle
Discretionary Security Property (ds-property),
the Bell-LaPadula rule. This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions at its own discretion. These permissions are stored in an access matrix. This just means that mandatory and discretionary access control mechanisms can be implemented in one operating system.
NOTE

The Biba model was developed after the Bell-LaPadula model. It is a state machine model and is very similar to the Bell-LaPadula model. Biba addresses the integrity of data within applications. The Bell-LaPadula model uses a lattice of security levels (top
secret, secret, sensitive, and so on). These security levels were developed mainly to ensure that sensitive data were only available to authorized individuals. The Biba model is not concerned with security levels and confidentiality, so it does not base access decisions
upon this type of lattice. The Biba model uses a lattice of integrity levels
NOTE

The main rules of the Biba model that you need to understand are:

•*-integrity axiom
• Simple integrity axiom
• Invocation property
*-integrity axiom
A subject cannot write data to an object at a higher
integrity level (referred to as “no write up”).
Simple integrity axiom
A subject cannot read data from a lower integrity level (referred to as “no read down”).
Invocation property
A subject cannot request service (invoke) to subjects of
higher integrity.
written for the U.S. government, and the government is very paranoid about leakage of its secret information. In its model, a user cannot write to a lower level because that user might let out some secrets. Similarly, a user at a lower level cannot read anything at a higher level because that user might learn some secrets.However, not everyone is so worried about confidentiality and has such big important
secrets to protect.
Bell-LaPadula model
NOTE

The commercial industry is more concerned about the integrity of its data. An accounting firm is more worried about keeping its numbers straight and making sure decimal points are not dropped or extra zeroes are not added in a process carried out by an application. The accounting firm is more concerned about the integrity of these data and is usually under little threat of someone trying to steal these numbers, so the firm would use software that employs the Biba model. Of course, the accounting firm does not look for the name Biba on the back of a product or make sure it is in the design of its application. Which model to use is something that was decided upon and implemented when the application was being designed. The assurance ratings are what consumers use to determine if a system is right for them.
NOTE

The Bell-LaPadula model is used to provide confidentiality. The Biba model is used to provide integrity. The Bell-LaPadula and Biba models are informational flow models because they are most concerned about data flowing from one level to another. Bell-LaPadula uses security levels, and Biba uses integrity levels. It is important for CISSP test takers to know the rules of Biba and Bell-LaPadula. Their rules sound very similar: simple and * rules—one writing one way and one reading another way. A tip for how to remember them is that if the word “simple” is used, the rule is talking about reading. If the rule uses * or “star,” it is talking
about writing. So now you just need to remember the reading and writing directions per model.
what is access triple
subject (user),
program (TP)
object (CDI)
what is an example of how access triple is used
First, a user must authenticate to a program, which is acting as a front end for the database, and then the program will control what the user can and cannot do to the information in the database. A user cannot modify CDI without using a TP.
define The Clark-Wilson model
outlines how to incorporate
separation of duties into the architecture of an application. This is a countermeasure to potential fraudulent activities. The model provides the rules that the developers must follow to properly implement and enforce separation of duties through software procedures.
the three main goals of integrity models:
• Prevent unauthorized users from making modifications

• Prevent authorized users from making improper modifications (separation of duties)

• Maintain internal and external consistency (well-formed transaction)
of the three main goals of integrity models The Clark-Wilson model enforces which
Clark-Wilson addresses each of the goals in its model
of the three main goals of integrity models The Biba model enforces which
Biba only addresses the first goal. which is

• Prevent unauthorized users from making modifications
the Clark-Wilson model enforces the three goals of integrity by using what
- access triple (subject, software [TP], object)

-separation of duties

-auditing


Clark-Wilson enforces integrity by using well-formed transactions (through access triple) and
separation of user duties.
Information is compartmentalized based on what two factors
classification and need to know.

Your clearance has to dominate the object’s classification and your security profile must contain one of the categories listed in the object’s label, which enforces need to know.
A covert channel
is a way for an entity to receive information in an unauthorized manner. It is an information flow that is not controlled by a security mechanism. This type of information path was not developed for communication; thus, the system does not properly protect this path, because the developers never envisioned information being passed in this way. Receiving information in this manner clearly violates the system’s security policy.
Covert channels are of two types:
storage and timing.
define covert storage channel
processes are able to communicate through some type of storage space on the system. For example, System A is infected with a Trojan horse that has installed software that will be able to communicate to another process in a limited way. System A has a very sensitive file (File 2) that is of great interest to a particular attacker. The software the Trojan horse installed is able to read this file and it needs to send the contents of the file to the attacker, which can only happen one bit at a time.
define overt channel
is a channel of communication that was developed specifically for communication purposes. Processes should be communicating through overt channels, not covert channels.
define covert timing channel
one process relays information to another by modulating its use of system resources. The two processes that are communicating to each other are using the same shared resource, which is time. So in our example, Process A is a piece of nefarious software that was installed via a Trojan horse. In a multitasked system, each process is offered access to interact with the CPU. When this function is offered to Process A, it rejects it—which indicates a 1 to the attacker. The next time Process A is offered access to the CPU, it uses it, which indicates a 0 to the attacker. Think of this as a type of Morse code, but using some type of system resource.
NOTE In the Orange Book, covert channels in operating systems are not addressed until security level B2 and above because these are the systems that would be holding data sensitive enough for others to go through all the necessary trouble to access data in this fashion.
Note

Multilevel security properties can be expressed in many ways, one being noninterference. This concept is implemented to ensure any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level. This
type of model does not concern itself with the flow of data, but rather with what a subject knows about the state of the system. So if an entity at a higher security level performs an action, it cannot change the state for the entity at the lower level. If a lower-level entity was aware of a certain activity that took place by an entity at a higher level and the state of the system changed for this lower-level entity, the entity might be able to deduce too much information about the activities of the higher state, which in turn is a way of leaking information. Users at a lower security level should not be aware of the commands executed by users at a higher level and should not be affected by those commands in any way.
occurs when someone has access to some type of information and infer or guess something that he does not have the clearance level or authority to know.
inference attack
define lattice model
A lattice is a mathematical construct that is built upon the notion of a group. The most
common definition of the lattice model is “a structure consisting of a finite partially
ordered set together with least upper and greatest lower bound operators on the set.”
called the Chinese Wall model
Brewer and Nash model
define Brewer and Nash model
was created to provide access controls that can change dynamically depending upon a user’s previous actions. The main goal of the model is to protect against conflicts of interest by users’ access attempts.
give an example of how brewer and nash is enforced
For example, if a large marketing company provides marketing promotions and materials for two banks, an employee working on a project for Bank A should not look at the information the marketing company has on its other bank customer, Bank B. Such action could create a conflict of interest because the banks are competitors. If the marketing company’s project manager for the Bank A project could view information on Bank B’s new marketing campaign, he may try to trump its promotion to please his more direct customer. The marketing company would get a bad reputation if it allowed its internal employees to behave so irresponsibly. This marketing company could implement a product that tracks the different marketing representatives’ access activities and disallows certain access requests that would present this type of conflict of interest. These access controls change dynamically depending upon the user’s authorizations, activities, and previous access requests. The Chinese Wall model is also based on an information flow model. No information can flow between subjects and objects in a way that would result in a conflict of interest. The model states that a subject can write to an object if, and only if, the subject cannot read another object that is in a different dataset.
Note

Bell-LaPadula and Biba don’t define how the security and integrity ratings are defined and modified, nor do they provide a way to delegate or transfer access
rights.
Note

The Graham-Denning model addresses how security and integrity ratings are defined and modified, and defines a set of basic
rights in terms of commands that a specific subject can execute on an object.
Graham-Denning model has eight primitive protection rights, or rules of how functionally should take place securely, what are they :
• How to securely create an object
• How to securely create a subject
• How to securely delete an object
• How to securely delete a subject
• How to securely provide the read access right
• How to securely provide the grant access right
• How to securely provide the delete access right
• How to securely provide transfer access rights

These things may sound insignificant, but when you’re building a secure system,
they are critical.
what is The Harrison-Ruzzo-Ullman Model
The Harrison-Ruzzo-Ullman (HRU) model deals with access rights of subjects and the integrity of those rights. A subject can carry out only a finite set of operations on an object. Since security loves simplicity, it is easier for a system to allow or disallow authorization
of operations if one command is restricted to a single operation. For example, if a subject sent command X, which only required the operation of Y, this is pretty straightforward and allows the system to allow or disallow this operation to take place. But, if a subject sent a command M, and to fulfill that command, operations N, B, W, and P had to be carried out, then there is much more complexity for the system to decide if this command should be authorized.
This confidentiality model describes the allowable information flows and formalizes the military security policy. It is the first mathematical model of a multilevel security policy that defines the concept of a secure state and necessary modes of access.
The Bell-LaPadula Model
The simple security rule
A subject cannot read data at a higher security
level (no read up)
The *-property rule
A subject cannot write data to an object at a lower security level (no write down).
The strong star property rule
A subject can perform read and write functions only to the objects at its same security level.
This model protects the integrity of the information within a system and the activities that take place. It addresses the first goal of integrity.
The Biba Model
A subject cannot read data at a lower integrity level (no read down).
The simple integrity axiom
A subject cannot modify an object in a higher integrity level (no write up).
The *-integrity axiom
This integrity model is implemented to protect the integrity of data and to ensure that properly formatted transactions take
place. It addresses all three goals of integrity.

• Subjects can access objects only through authorized programs (access triple).

• Separation of duties is enforced.

• Auditing is required.
The Clark-Wilson Model
This is a model in which access decisions are based on objects’ ACLs and subjects’ capability tables
The Access Control Matrix Model
This is a model in which information is restricted in its flow to only go to and from entities in a way that does not negate the security policy.
The Information Flow Model
This model states that commands and activities performed at one security level should not be seen by, or affect,
subjects or objects at a different security level.
The Noninterference Model
This model allows for dynamically changing access controls that protect against conflicts of interest. Also known as the
Chinese Wall model.
The Brewer and Nash Model
This model shows how subjects and objects
should be created and deleted. It also addresses how to assign specific access
rights.
The Graham-Denning Model
Several things come into play when determining the mode the operating system
should be working in:
• The types of users who will be directly or indirectly connecting to the system

• The type of data (classification levels, compartments, and categories)processed on the system

• The clearance levels, need to know, and formal access approvals the users will Have
what is dedicated security mode
all users have a clearance for, and a formal need to know about, all data processed within the system. All users have been given formal access approval for all information on the system and have signed Nondisclosure agreements (NDAs) pertaining to this information. The system can handle a single classification level of information. Many military systems have been designed to handle only one level of security, which works in dedicated security mode. This requires everyone who uses the system to have the highest level of clearance required by any and all data on the system. If a system holds top-secret data, only users with that clearance can use the system. Other military systems work with multiple security levels, which is done by compartmentalizing the data. These types of systems can support users with high and low clearances simultaneously.
what is system high-security mode
when all users have a security clearance to access the information but not necessarily a need to know for all the information
processed on the system. So, unlike in the dedicated security mode, in which all users have a need to know pertaining to all data on the system, in system high-security mode, all users have a need to know pertaining to some of the data. This mode also requires all users to have the highest level of clearance required by any and all data on the system. However, even though a user has the necessary security level to access an object, the user may still be restricted if he does not have a need to know pertaining to that specific object.
what is compartmented security mode
when all users have the clearance to access all the information processed by the system in a system high-security
configuration, but might not have the need to know and formal access approval. This means that if the system is holding secret and top-secret data, all users must have at least a top-secret clearance to gain access to this system. This is how compartmented
and multilevel security modes are different. Both modes require the user to have a valid need to know, NDA, and formal approval, but compartmented security mode requires the user to have a clearance that dominates (above or equal to) any and all data on the
system, whereas multilevel security mode just requires the user to have clearance to access the data she will be working with. In compartmented security mode, users are restricted from accessing some information because they do not need to access it to perform the functions of their jobs and they have not been given formal approval to access it. This would be enforced by having
on all objects security labels that reflect the sensitivity (classification level, classification category, and handling procedures) of the information. In this mode, users can access a compartment, of data only, enforced by mandatory access controls.
define Compartmented mode workstations (CMWs)
enable users to process multiple compartments of data at the same time, if they have the necessary clearance.
what is multilevel security mode
A system is operating in multilevel security mode when it permits two or more classification levels of information to be processed at the same time when not all of the users have the clearance or formal approval to access all the information being processed by the system. So all users must have formal approval, NDA, need to know, and the necessary clearance to access the data that they need to carry out their jobs. In this mode, the user cannot access all of the data on the system, only what she is cleared to access. The Bell-LaPadula model is an example of a multilevel security model because it handles multiple information classifications at a number of different security levels within one system simultaneously.
Note

Guards are Software and hardware that allow the exchange of data between trusted (high assurance) and less trusted (low assurance) systems and environments. Let’s say you are working on a MAC system (working in dedicated security mode of secret) and you need
the system to communicate with a MAC database (working in multilevel security mode, which goes up to top secret). These two systems provide different levels of protection.
Note

As previously stated, if a system with lower assurance could directly communicate with a system of higher assurance, then security vulnerabilities and compromises could be introduced. So, a software guard can be implemented, which is really just a front-end product that allows interconnectivity between systems working at different security levels. (The various types of guards available can carry out filtering, processing requests, data blocking, and data sanitization.) Or a hardware guard can be implemented, which is a system with two NICs connecting the two systems that need to communicate. The
guard is an add-on piece that provides a level of strict access control between different systems.
when All users must have:

• Proper clearance for all information on the system
• Formal access approval for all information on the system
• A signed NDA for all information on the system
• A valid need to know for all information on the system
• All users can access all data.

they are in what mode of operation
Dedicated Security Mode
when All users must have:

• Proper clearance for all information on the system
• Formal access approval for all information on the system
• A signed NDA for all information on the system
• A valid need to know for some information on the system
• All users can access some data, based on their need to know.

they are in what mode of operation
System High-Security Mode
when All users must have:

• Proper clearance for the highest level of data classification on the system
• Formal access approval for all information they will access on the system
• A signed NDA for all information they will access on the system
• A valid need to know for some of the information on the system
• All users can access some data, based on their need to know and formal
access approval.

they are in what mode of operation
Compartmented Security Mode
when All users must have:

• Proper clearance for all information they will access on the system
• Formal access approval for all information they will access on the system
• A signed NDA for all information they will access on the system
• A valid need to know for some of the information on the system
• All users can access some data, based on their need to know, clearance,
and formal access approval.

they are in what mode of operation
Multilevel Security Mode
NOTE

Assurance and trust are similar in nature, but slightly different with regard to product ratings. In a trusted system, all protection mechanisms work together to process sensitive data for many types of uses, and will provide the necessary level of protection
per classification level. Assurance looks at the same issues but in more depth and detail. Systems that provide higher levels of assurance have been tested extensively and have had their designs thoroughly inspected, their development stages reviewed, and their technical specifications and test plans evaluated. You can buy a car and you can trust it, but you have a much deeper sense of assurance of that trust if you know how the car was built, what it was built with, who built it, what tests it was put through, and how it performed in many different situations.
Note

A security evaluation examines the security-relevant parts of a system, meaning the TCB, access control mechanisms, reference monitor, kernel, and protection mechanisms. The relationship and interaction between these components are also evaluated. There
are different methods of evaluating and assigning assurance levels to systems. Two reasons explain why more than one type of assurance evaluation process exists: methods and ideologies have evolved over time, and various parts of the world look at computer security differently and rate some aspects of security differently. Each method will be explained and compared.
The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which is used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book with which is called
the Orange Book.
TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: A, B,C and D with out going into detail what are the definitions of each category
A. Verified protection

B. Mandatory protection

C. Discretionary protection

D. Minimal security
The TCSEC criteria include four main topics—security policy, accountability, assurance, and documentation—but these actually break down into seven different areas:

mnemonic: CALL SID
• Continuous protection
• Accountability
• Life-cycle
• Labels
• Security policy
• Identification
• Documentation
define Continuous protection
• The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
define Accountability
• Audit data must be captured and protected to enforce
accountability.
define Life-cycle assurance
• Software, hardware, and firmware must be able to
be tested individually to ensure that each enforces the security policy in an
effective manner throughout their lifetimes.
define Labels
Access control labels must be associated properly with objects.
define Security policy
The policy must be explicit and well defined and enforced by
the mechanisms within the system.
define Identification
Individual subjects must be uniquely identified.
define Documentation
Documentation must be provided, including test, design, and specification documents, user guides, and manuals.
Note

Division D: Minimal Protection

There is only one class in Division D. It is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Note

Division C: Discretionary Protection

The C rating category has two individual assurance ratings within it, which are described
next. The higher the number of the assurance rating, the greater the protection.
define C1: Discretionary Security Protection
Discretionary access control is based on individuals and/or groups. It requires a separation of users and information, and
identification and authentication of individual entities. Some type of access control is necessary so users can ensure their data will not be accessed and corrupted by others. The system architecture must supply a protected execution domain so privileged system
processes are not adversely affected by lower-privileged processes. There must be specific ways of validating the system’s operational integrity. The documentation requirements include design documentation, which shows that the system was built to include protection mechanisms, test documentation (test plan and results), a facility manual (so companies know how to install and configure the system correctly), and user manuals. The type of environment that would require this rating is one in which users are
processing information at the same sensitivity level; thus, strict access control and auditing measures are not required. It would be a trusted environment with low security concerns.
define C2: Controlled Access Protection
Users need to be identified individually to provide more precise access control and auditing functionality. Logical access control
mechanisms are used to enforce authentication and the uniqueness of each individual’s identification. Security-relevant events are audited, and these records must be protected from unauthorized modification. The architecture must provide resource, or object,
isolation so proper protection can be applied to the resource and any actions taken upon it can be properly audited. The object reuse concept must also be invoked, meaning that any medium holding data must not contain any remnants of information after
it is released for another subject to use. If a subject uses a segment of memory, that memory space must not hold any information after the subject is done using it. The same is true for storage media, objects being populated, and temporary files being created—
all data must be efficiently erased once the subject is done with that medium.
Note Division B: Mandatory Protection

Mandatory access control is enforced by the use of security labels. The architecture is based on the Bell-LaPadula security model, and evidence of reference monitor enforcement must be available.
NOTE

Security labels are not required until security rating B; thus, C2 does not require security labels but B1 does.
define B1: Labeled Security
Each data object must contain a classification label and each subject must have a clearance label. When a subject attempts to access an object, the system must compare the subject’s and object’s security labels to ensure the requested actions are acceptable. Data leaving the system must also contain an accurate security label. The security policy is based on an informal statement, and the design specifications are reviewed and verified. This security rating is intended for environments that require systems to handle
classified data.
define B2: Structured Protection
The security policy is clearly defined and documented, and the system design and implementation are subjected to more thorough review and testing procedures. This class requires more stringent authentication mechanisms and well-defined interfaces among layers. Subjects and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place, which means the subject communicates directly with the application or operating system, and no trapdoors exist. There is no way to circumvent or compromise this communication channel. Operator and administration functions are separated within the system to provide more trusted and protected operational functionality. Distinct address spaces must be provided to isolate processes, and a covert channel analysis is conducted. This class adds assurance by adding requirements to the design of the system. The type of environment that would require B2 systems is one that processes sensitive data that require a higher degree of security. This type of environment would require systems that are relatively resistant to penetration and compromise.
define B3: Security Domains
In this class, more granularity is provided in each protection mechanism, and the programming code that is not necessary to support the security policy is excluded. The design and implementation should not provide too much complexity, because as the complexity of a system increases, so must the skill level of the individuals who need to test, maintain, and configure it; thus, the overall security
can be threatened. The reference monitor components must be small enough to test properly and be tamperproof. The security administrator role is clearly defined, and the system must be able to recover from failures without its security level being compromised. When the system starts up and loads its operating system and components, it must be done in an initial secure state to ensure that any weakness of the system cannot be taken advantage of in this slice of time.
Note

Division A: Verified Protection

Formal methods are used to ensure that all subjects and objects are controlled with the necessary discretionary and mandatory access controls. The design, development, implementation, and documentation are looked at in a formal and detailed way. The security mechanisms between B3 and A1 are not very different, but the way the system
was designed and developed is evaluated in a much more structured and stringent procedure.
NOTE TCSEC addresses confidentiality, but not integrity. Functionality of the security mechanisms and the assurance of those mechanisms are not evaluated separately, but rather are combined and rated as a whole.
define A1: Verified Design
The architecture and protection features are not much different from systems that achieve a B3 rating, but the assurance of an A1 system is higher than a B3 system because of the formality in the way the A1 system was designed, the way the specifications were developed, and the level of detail in the verification techniques. Formal techniques are used to prove the equivalence between the TCB specifications and the security policy model. A more stringent change configuration is put in place with the development of an A1 system, and the overall design can be verified. In many cases, even the way in which the system is delivered to the customer is under scrutiny to ensure there is no way of compromising the system before it reaches its destination. The type of environment that would require A1 systems is the most secure of secured environments. This type of environment deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication, restrictions, and auditing.
summarizes the troubling issues that security
practitioners have expressed about the Orange Book:
• It looks specifically at the operating system and not at other issues like networking, databases, and so on.

• It focuses mainly on one attribute of security—confidentiality—and not on integrity and availability.

• It works with government classifications and not the protection classifications commercial industries use.

• It has a relatively small number of ratings, which means many different aspects of security are not evaluated and rated independently.


The Orange Book places great emphasis on controlling which users can access a system and virtually ignores controlling what those users do with the information once they are authorized. Authorized users can, and usually do, cause more damage to data
than outside attackers.
Note

Assurance is derived comparing how things actually work to a theory of how things should work. Assurance is also derived by testing configurations in many different scenarios, evaluating engineering practices, and validating and verifying security claims.by
Note

The Information Technology Security Evaluation Criteria (ITSEC) was the first attempt at establishing a single standard for evaluating security attributes of computer systems and products by many European countries.
ITSEC evaluates two main attributes of a system’s protection mechanisms:
functionality and assurance.

NOTE

When the functionality of a
system’s protection mechanisms is being evaluated, the services that are provided to the subjects (access control mechanisms,
auditing, authentication, and so on) are examined and measured.
Under the Common Criteria model, an evaluation is carried out on a product and
it is assigned an
Evaluation Assurance Level (EAL)
The Common Criteria has seven assurance levels.
• EAL1
• EAL2
• EAL3
• EAL4
• EAL5
• EAL6
• EAL7

The range is from EAL1, where functionality testing takes place, to EAL7, where thorough testing is performed and the system design is verified.
What is EAL1
Functionally tested
What is EAL2
Structurally tested
What is EAL3
Methodically tested and checked
What is EAL4
Methodically designed, tested, and reviewed
What is EAL5
Semiformally designed and tested
EAL6
Semiformally verified design and tested
What is EAL7
Formally verified design and tested
define formally verified
this means a system is based on a model that can be mathematically proven.
A protection profile contains the following five sections:
• Descriptive elements
• Rationale
• Functional requirements
Development assurance requirements
• Evaluation assurance requirements
define Descriptive elements
Provides the name of the profile and a description of the security problem to be solved.
define Rationale
Justifies the profile and gives a more detailed description of the real-world problem to be solved. The environment, usage assumptions, and threats are illustrated along with guidance on the security policies that can be supported by products and systems that conform to this profile.
define Functional requirements
Establishes a protection boundary, meaning the threats or compromises within this boundary to be countered. The product or system must enforce the boundary established in this section.
define Development assurance requirements
Identifies the specific requirements the product or system must meet during the development phases, from design to implementation.
define Evaluation assurance requirements
Establishes the type and intensity of the evaluation.
When a product is assigned an assurance rating, this means
it has the potential of providing this level of protection. The customer has to properly configure the product to actually obtain this level of security. The vendor should provide the necessary configuration documentation, and it is up to the customer to keep the product properly configured at all times.
Certification is
the comprehensive technical evaluation of the security components and their compliance for the purpose of accreditation. A certification process may use safeguard evaluation, risk analysis, verification, testing, and auditing techniques to assess the appropriateness of a specific system.
The goal of a certification process is to
ensure that a system, product, or network is right for the customer’s purposes. Customers will rely upon a product for slightly different reasons, and environments will have various threat levels. So a particular product is not necessarily the best fit for every single customer out there.
Accreditation is
the formal acceptance of the adequacy of a system’s overall security and functionality by management. The certification information is presented to management, or the responsible body, and it is up to management to ask questions, review the reports and findings, and decide whether to accept the product and whether any corrective action needs to take place. Once satisfied with the systems overall security as presented, management makes a formal accreditation statement. By doing this, management is stating it understands the level of protection the system will provide in its current environment and understands the security risks associated with installing and maintaining this system.
is a technical review that assesses the security
mechanisms and evaluates their effectiveness.
Certification
is management’s
official acceptance of the information in the certification process findings.
Accreditation
Note

Systems described as open are built upon standards, protocols, and interfaces that have published specifications, which enable third-party vendors to develop add-on components and devices. This type of architecture provides interoperability between products created by different vendors. This interoperability is provided by all the vendors involved who follow specific standards and provide interfaces that enable each system to easily communicate with other systems and allow add-ons to hook into the system easily.
Note

Systems referred to as closed use an architecture that does not follow industry standards. Interoperability and standard interfaces are not employed to enable easy communication between different types of systems and add-on features. Closed systems are
proprietary, meaning the system can only communicate with like systems A closed architecture can provide more security to the system because it does not have as many doorways in, and it operates in a more secluded environment than open environments.
is a high-level design that works as a framework. The architecture lays out what needs to be in place to ensure that the system’s security policy and protection level are met
security architecture.
what is enterprise security architecture
defines the information security strategy that consists of layers of policy, standards, solutions, and procedures and the way they are linked across an enterprise strategically, tactically, and operationally. This is different from the infrastructure architecture. Infrastructure is the underlying technology and hardware needed to support the enterprise security architecture.
a two-dimensional model that uses six basic communication interrogatives (What, How, Where, Who, When, and Why) intersecting with different levels (Planner, Owner, Designer, Builder, Implementer, and Worker) to give a
holistic view of the enterprise. This framework was developed in the 1980s and is based on the principles of classical business architecture that contain rules that govern an ordered set of relationships.
The Zachman framework
what is Strategic alignment
means the business drivers and the regulatory and legal requirements are being met by the security architecture. The current security posture must be understood. This means an enterprise risk assessment was carried out so the company could understand its current threats and their ability to deal with these threats. There should be a consensus regarding the vulnerabilities and threats within the organization. It also means an acceptable risk level was set based on the company’s risk tolerance. Great, but what does this really mean? Well, strategic alignment means, “What assets do we have to protect?,” “How well are our security initiatives tied to business needs?,” “What is the definition of ‘enough security’?,” and “Is senior management on board with all of this?”
Business enablement means
the core business processes are integrated into the security operating model—they are standards-based and follow a risk tolerance–based criteria.
Security effectiveness deals with
metrics, meeting service level agreement (SLA) requirements, return on investment (ROI), meeting set baselines, and providing management with a dashboard or balanced scorecard system. These are ways to determine how useful the current security solutions and architecture as a whole are performing.
An enterprise security foundation cannot be built without established
security zones


This provides boundaries based on trust and specifies what actually needs to be protected. This will allow protection and risk management to be carried out in a standardized manner across the enterprise.
maintenance hooks
are a type of backdoor. They are instructions within software that only the developer knows about and can invoke, and which give the developer easy access to the code. They allow the developer to view and edit the code without having to go through regular access controls. The maintenance hook is usually initiated by a random sequence of keystrokes that provides access into the software without having to go through normal access control and security checks and mechanisms. all maintenance hooks need to be removed from software before it goes into production
maintenance hooks Countermeasures
Because maintenance hooks are usually inserted by programmers, they are the ones who usually have to take them out before the programs go into production. Code reviews and unit and quality assurance testing should always be on the lookout for backdoors, in case the programmer overlooked extracting them. when a vendor finds out a backdoor exists in its product, it usually develops and releases a patch to reduce this vulnerability. Because most vendors sell their software without including the associated source code, it may be very difficult for companies who have purchased software to identify backdoors.
what are some preventive measures against backdoors
• Use a host intrusion detection system to watch for any attackers using backdoors into the system.

• Use file system encryption to protect sensitive information.

• Implement auditing to detect any type of backdoor use.
what are Time-of-Check/Time-of-Use Attacks
A time-of-check/time-of-use (TOC/TOU) attack deals with the sequence of steps a system uses to complete a task. This type of attack takes advantage of the dependency on the timing of events that take place in a multitasking operating system.

An example of a TOC/TOU attack is if process 1 validates the authorization of a user to open a noncritical text file and process 2 carries out the open command. If the attacker can change out this noncritical text file with a password file while process 1 is carrying out its task, she has just obtained access to this critical file. (It is a flaw within the code that allows this type of compromise to take place.)
TOC/TOU attack is also referred to as
an asynchronous attack

Asynchronous describes a process in which the timing of each step may vary. The attack gets in between these steps and modifies something. Race conditions are also considered TOC/TOU attacks by some in the industry.
what is a race condition
is when two different processes need to carry out their tasks on one resource. The processes need to follow the correct sequence. Process 1 needs to carry out its work before process 2 accesses the same resource and carries out its tasks. If process 2 goes before process 1, the outcome could be very different. If an attacker can manipulate the processes so process 2 does its task first, she can control the outcome of the processing procedure. Let’s say process 1’s instructions are to add 3 to a value and process
2’s instructions are to divide by 15. If process 2 carries out its tasks before process 1, the outcome would be different. So if an attacker can make process 2 do its work before process 1, she can control the result.
is when an attacker jumps in between two tasks and modifies something to control the result.
TOC/TOU attack
an attack in which an attacker makes processes execute out of sequence to control the result
A race condition
Countermeasures to TOC/TOU attacks
To avoid TOC/TOU attacks, it is best if the operating system can apply software locks to the items it will use when it is carrying out its “checking” tasks. So if a user requests access to a file, while the system is validating this user’s authorization, it should put a software lock on the file being requested. This ensures the file cannot be deleted and replaced with another file. Applying locks can be carried out easily on files, but it is more challenging to apply locks to database components and table entries to provide this type of protection.
Countermeasures to race conditions attacks
It would take a dedicated attacker with great precision to perform these types of attacks, but it is possible and has been done. To protect against race condition attacks, it is best to not split up critical tasks that can have their sequence altered. This means the system should use atomic operations where only one system call is used to check authentication and then grant access in one task. This would not give the processor the opportunity to switch to another process in between two tasks.
define buffer overflow
takes place when too much data are accepted as input to an application or operating system.
Countermeasures to Buffer Over Flow
Buffer overflows are in the source code of various applications and operating systems. They have been around since programmers started developing software. This means it is very difficult for a user to identify and fix them. When a buffer overflow is identified, the vendor usually sends out a patch. So keeping systems current on updates, hotfixes, and patches is usually the best countermeasure. Some products installed on systems can also watch for input values that might result in buffer overflows. But the best countermeasure is proper programming. This means use bounds checking. If an input value is only supposed to be nine characters, then the application should only accept nine characters and no more. Some languages are more susceptible to buffer overflows than others.