Test Your Security Architecture Knowledge

Security Architecture and Models

• Security architecture and design entails the logical hardware, operating system, and software security components and how to implement them to architect, build, and evaluate the security of computer systems.

• Security architecture provides a view of the overall system architecture from a security point of view and how the system is put together to satisfy the security requirements.

• Layering separates processes and resources, adds modularity to the system, and is the separation of a complex task into multiple sub-tasks.

• The operating system is divided into a number of layers, and each layer is built on top of lower layers.

• Abstraction hides unnecessary details from the user, which adds to more security.

• A security domain is the list of objects a subject is allowed to access, and domains are groups of subjects and objects with similar security requirements.

• An OS should be able to enforce the security principals (CIA), and the proper design and building of a system is called "Security System Architecture."

• The ring model is a form of CPU hardware layering that separates and protects domains such as kernel mode and user mode from each other.

• An open system uses open hardware and standards using standard components from a variety of vendors, while a closed system uses proprietary hardware or software.

• Secure Hardware Architecture focuses on the physical computer hardware required to have a secure system.

• The central processing unit (CPU) is a microprocessor that contains a control unit (CU), an arithmetic logic unit (ALU), and registers, which are holding places for data and instructions.

• The operating system creates a virtual environment (virtual machine) for the application to work in and allots it a segment of virtual memory.Summary of "Secure Operating System and Software Architecture"

• There are four different operating states in which processes can work within.

• Secure OS and software architecture build upon the secure hardware providing a secure interface between hardware and applications.

• Operating systems provide memory, resource, and process management.

• An ordinary OS addresses several functions that involve computer security, including authentication of users and protection of memory.

• A trusted OS provides a set of security features together with an appropriate degree of assurance that the features have been assembled and implemented correctly.

• Security must be considered in every aspect of the trusted OS design.

• Trusted Computing Base (TCB) is the totality of protection mechanisms within a computer system responsible for enforcing a security policy.

• The Reference Monitor and the Security Kernel must satisfy three fundamental principles: completeness, isolation, and verifiability.

• Security Perimeter is the imaginary boundary that divides the trusted from the untrusted.

• Trusted functions may be privileged to modify kernel databases and bypass certain requirements of the security policy.

• The Reference Monitor is an abstract machine that mediates all access subjects have to objects.

• The Security Kernel implements the concept of reference monitor and enforces the reference monitor concept.Overview of IOS Kernel and Operating System

• IOS stands for Internetwork Operating System

• RMC refers to Remote Monitoring and Control

• IOS is a hardware-based operating system

• The IOS kernel is responsible for managing hardware resources

• The original IOS was based on a monolithic kernel design

• The new IOS uses a microkernel design

• IOS interfaces include ISOS and RMC interfaces

• The kernel implementation strategies vary based on the case

• The SCOMP system is an example of a kernelized system with a specialized operating system

• The SCOMP system uses a simple operating system on top of the kernel

• The simple operating system provides more user-friendly features

• The SCOMP system is a case of a new operating system implementation.