Term
| What are the 2 scopes of hardware security and trust? |
|
Definition
| Direct attacks on hardware, hardware support for system security |
|
|
Term
| What are the 2 scopes of direct attacks on hardware? |
|
Definition
| Security issues, trust issues |
|
|
Term
| What are 2 examples of security issues? |
|
Definition
|
|
Term
| What is an example of a trust issue? |
|
Definition
|
|
Term
| What is a countermeasure for security issues? |
|
Definition
|
|
Term
| What is a countermeasure for trust issues? |
|
Definition
|
|
Term
| What are the 2 scopes of hardware support for system security? |
|
Definition
| Trusted Execution Environment (TEE), protection of security-critical assets |
|
|
Term
| What are the major steps in the electronic hardware design and test flow? |
|
Definition
| Design spec., IC design house, fab, wafer test, assembly, pkg. test, PCB & sys. int., customer |
|
|
Term
| What are the stages in the IC life cycle? |
|
Definition
| IP vendor, SoC design house, foundry, deployment |
|
|
Term
| What are 2 attack vectors that can occur in the IP vendor stage of the IC life cycle? |
|
Definition
| Insert HW trojan, hidden backdoor |
|
|
Term
| What are 2 attack vectors that can occur in the SoC design house stage of the IC life cycle? |
|
Definition
| IP piracy (e.g. cloning), trojan in design (e.g. by tools) |
|
|
Term
| What are 3 attack vectors that can occur in the foundry stage of the IC life cycle? |
|
Definition
| Implant trojan, overproduction, cloning |
|
|
Term
| What are 4 attack vectors that can occur in the deployment state of the IC life cycle? |
|
Definition
| side-channel attacks, reverse engineering, scan-based attacks, IC counterfeiting |
|
|
Term
| What is a countermeasure against insertion of HW trojan and hidden backdoor? |
|
Definition
| Hardware IP trust verification |
|
|
Term
| What are 2 countermeasures against IP piracy? |
|
Definition
| Watermarking in IP, hardware obfuscation |
|
|
Term
| What is a countermeasure against trojan in design? |
|
Definition
| Hardware IP trust verification |
|
|
Term
| What is a countermeasure against trojan implantation? |
|
Definition
|
|
Term
| What is a countermeasure against overproduction and cloning? |
|
Definition
|
|
Term
| What is a countermeasure against side-channel attacks? |
|
Definition
| Side-channel resistant design |
|
|
Term
| What is a countermeasure against reverse engineering? |
|
Definition
|
|
Term
| What is a countermeasure against scan-based attacks? |
|
Definition
|
|
Term
| What is a countermeasure against IC counterfeiting? |
|
Definition
|
|
Term
| What 3 steps in the production of hardware can all be untrusted? |
|
Definition
| IP vendor, system integrator, manufacturer |
|
|
Term
| Why can IP vendor be untrusted? |
|
Definition
|
|
Term
| Why can system integrator be untrusted? |
|
Definition
|
|
Term
| Why can manufacturer be untrusted? |
|
Definition
| Untrusted foundry, IC trust, IC piracy (counterfeiting) |
|
|
Term
| What is the most prevalent hardware attack today? |
|
Definition
|
|
Term
| What are the stages of the supply chain? |
|
Definition
| Design, fabrication, assembly, distribution, lifetime, end of life/recycling |
|
|
Term
| What is a vulnerability in the design stage of the supply chain? |
|
Definition
|
|
Term
| What are 3 vulnerabilities in the fabrication stage of the supply chain? |
|
Definition
| Remarked, overproduction, out-of-spec/defective |
|
|
Term
| What is a vulnerability in the assembly stage of the supply chain? |
|
Definition
|
|
Term
| What are 3 vulnerabilities in the distribution stage of the supply chain? |
|
Definition
| Recycled, remarked, overproduction, out-of-spec/defective |
|
|
Term
| What are 3 vulnerabilities in the lifetime stage of the supply chain? |
|
Definition
| Recycled, remarked, defective |
|
|
Term
| What are 3 vulnerabilities in the end of life/recycling stage of the supply chain? |
|
Definition
| Recycled, remarked, out-of-spec/defective |
|
|
Term
1. Predict potential breaches and vulnerabilities.
2. Consider possible countermeasures or controls
3. Either actively pursue identifying a new breach, or wait for a breach to happen
4. Identify the breach and work out a protected system again
This is the typical cycle in _____ a _____ |
|
Definition
|
|
Term
| Definition: Weakness in the secure system |
|
Definition
|
|
Term
| Definition: Set of circumstances that has the potential to cause loss or harm |
|
Definition
|
|
Term
| Definition: The act of a human exploiting the vulnerability in the system |
|
Definition
|
|
Term
| What are the 3 aspects of computer security? |
|
Definition
| Confidentiality, integrity, availability |
|
|
Term
| Definition: The related assets are only accessed by authorized parties |
|
Definition
|
|
Term
| Definition: The asset is only modified by authorized parties |
|
Definition
|
|
Term
| Definition: The asset is accessible to authorized parties at appropriate times |
|
Definition
|
|
Term
| Definition: Control which principals have control to which resources. A fundamental security mechanism to guard against illegitimate behavior |
|
Definition
|
|
Term
| What are 3 examples of principals? |
|
Definition
| People, processes, machines |
|
|
Term
| From top to bottom, what are the 4 layers of access control? |
|
Definition
| Application, middleware, operating system, hardware |
|
|
Term
| The _____-_____ access control may express a rich and complex security policy. |
|
Definition
|
|
Term
| The applications running on _____ enforces a number of protection properties. |
|
Definition
|
|
Term
| What are 2 examples of applications running on middleware? |
|
Definition
| Database management system, bookkeeping package |
|
|
Term
| The middleware will use facilities provided by the underlying _____. |
|
Definition
|
|
Term
| OS access controls will usually rely on _____ features provided by the _____ or by _____ _____ _____ _____. |
|
Definition
| hardware, processor, associated memory management hardware |
|
|
Term
| _____ is a list of principals with similar functions. |
|
Definition
|
|
Term
| _____ is a fixed set of access permissions that one or more principals may assume for a period of time using some defined procedure. |
|
Definition
|
|
Term
| Describe the following: drwxrwxrwx Alice Accounts |
|
Definition
| Directory with owner Alice and group Accounts. Owner, group, and other all have read, write, and execute permission over the directory |
|
|
Term
| Describe the following: -rw-r----- Alice Accounts |
|
Definition
| File with owner Alice and group Accounts. Owner has read and write permission, group has read permission, and other has no permissions over the file |
|
|
Term
| In FreeBSD, files can be set to be _____-_____, _____, or _____ for _____, _____, or both. |
|
Definition
| append-only, immutable, undeletable, user, system |
|
|
Term
| ACLs contain only the names of users, not of programs, so there is no straightforward way to implement _____ _____ of (_____, _____, _____) |
|
Definition
| access triples, user, program, file |
|
|
Term
| The owner of a program can mark a program as suid. This enables it to run with the privilege of its _____ rather than the privilege of the _____ who has invoked it. |
|
Definition
|
|
Term
| Windows ACL: Rather than just RWX, there are separate attributes for take _____, _____ _____, and _____. |
|
Definition
| ownership, change permissions, delete |
|
|
Term
| Windows ACL: Attributes are not simply _____ or _____, as in Unix, but have _____ _____: you can set AccessDenied, AccessAllowed, or SystemAudit. |
|
Definition
|
|
Term
| Windows ACL has more _____ access control than Unix. |
|
Definition
|
|
Term
| Windows ACL: _____ is a principal, not a default or an absence of control, so _____ _____ means just prevent a file being generally accessible. |
|
Definition
| everyone, remove everyone |
|
|
Term
| OS works with _____, the smallest granularity! |
|
Definition
|
|
Term
| Definition: A restricted environment in which it has no access to the local hard disk, and is only allowed to communicate with the host it came from |
|
Definition
|
|
Term
| Definition: Carry a proof that applet doesn't do anything that contravenes the local security policy |
|
Definition
|
|
Term
| Reference monitor provides _____ protection |
|
Definition
|
|
Term
| Definition: Links access control with hardware |
|
Definition
|
|
Term
| Segment addressing: Two registers- a segment register that points to a _____ of _____, and another address register that points to a _____ within that _____ |
|
Definition
| segment, memory, location, segment |
|
|
Term
IBM mainframes had 2-state CPUs
Authorized: Allowed to access _____ _____
Non-authorized: Not allowed to access _____ _____ |
|
Definition
| segment registers, segment registers |
|
|
Term
| Definition: Introduced in Multics, an OS developed at MIT. Expresses differing levels of privilege. Adopted by Intel processors from 80286 onward |
|
Definition
|
|
Term
| Ring _____ programs had complete access to disk |
|
Definition
|
|
Term
| Supervisor states ran in ring _____ |
|
Definition
|
|
Term
| Rings of protection: User code at various _____ _____ levels |
|
Definition
|
|
Term
| Procedures cannot access objects in lower-level rings _____. _____ allow execution of code at a different privilege level |
|
Definition
|
|
Term
| ARM Processors: Usually _____-_____, _____-_____ processors. Attractive for embedded applications doing public key cryptography and/or signal processing |
|
Definition
|
|
Term
| Definition: An execution mode on some processors which enables execution of all instructions, including privileged instructions. It may also give access to a different address space, to memory management hardware, and to other peripherals. This is the mode in which the OS usually runs |
|
Definition
|
|
Term
| ARM Processors: Basic core contains separate banks of registers for _____ and _____ processes. _____-_____ puts the processor in supervisor mode and transfers control to a process at a fixed address |
|
Definition
| user, system, SW-interrupt |
|
|
Term
| ARM Processors: The core contains no _____ _____ |
|
Definition
|
|
Term
| ARM-based designs can have their hardware protection extensively _____ |
|
Definition
|
|
Term
| Definition: The switching of the CPU form one process or thread to another |
|
Definition
|
|
Term
| ARM Access Control: A system control _____ is available. Supports domains of processes that have _____ access rights. Shares the same _____ tables but that retain some _____ from each other. Enables fast _____ _____ |
|
Definition
| coprocessor, similar, translation, protection, context switching |
|
|
Term
| What is a popular method for an adversary to gain root privileges? |
|
Definition
| Stack smashing/buffer overflow |
|
|
Term
| This method works by placing a small integer, the value of which is randomly chosen at program start, in memory just before the stack return pointer. Most buffer overflows overwrite memory from lower to higher memory addresses, so in order to overwrite the return pointer (and thus take control of the process) the _____ value must also be overwritten |
|
Definition
|
|
Term
| To avoid stack smashing, use _____ next to important words/bytes. Prevents return addresses from being overwritten. Avoid control redirection based attacks |
|
Definition
|
|
Term
| Use _____ pointers to store richer info about pointers |
|
Definition
|
|
Term
| Stack smashing: Usually array accesses _____ _____ _____ is the problem! Make sure that array lengths are checked for _____ |
|
Definition
|
|
Term
| What are 2 methods to avoid stack smashing? |
|
Definition
|
|
Term
| Admin runs a _____ _____ _____ that will do some harm |
|
Definition
|
|
Term
Write games that checked occasionally whether the player was the system administrator. If yes, would create another admin account.
Write program that has the same name as a commonly used system utility (e.g., ls). Complain to administrator that something is wrong with this directory. When administrator types ls, damage is done!
What are these programs examples of? |
|
Definition
|
|
Term
| With "_____" in your path, if you ever changed directories into the attacker's trap directory and ran the ls command to get a directory listing, you'd run the evil Trojan horse! |
|
Definition
|
|
Term
| Information _____ is a leading security exploit |
|
Definition
|
|
Term
| What are the 2 sets of properties enforced by the Bell-LaPadula model of computer security? |
|
Definition
| No read up, no write down |
|
|
Term
| Information Flow Tracking: Mechanisms for _____ _____ and _____ to identify and prevent attacks |
|
Definition
| runtime checking, tracking |
|
|
Term
| The _____ _____ tool proceeds variable by variable until it has a complete list of all variables which are potentially influenced by outside input. If any of these variables is used to execute dangerous commands (such as direct commands to a SQL database or the host computer operating system), the taint checker warns that the program is using a potentially dangerous tainted variable. The computer programmer can then redesign the program to erect a safe wall around the dangerous input |
|
Definition
|
|
Term
| Taint- usually _____ bit field that tags a memory address with extra information |
|
Definition
|
|
Term
| Taints are _____ as values are copied or used in computation |
|
Definition
|
|
Term
| Unsafe uses of tainted data triggers _____. E.g.: In security apps, _____ on tainted address value denotes an attack! |
|
Definition
|
|
Term
| Taint challenges for _____ approach: Finds specific attacks, can be updated for new attacks. Large performance overheads. Problems with self modifying code, JIT compilation. Issues with multithreading |
|
Definition
|
|
Term
| Taint challenges for _____ approach: Faster than software based solutions. Limited to no programmability (Hardwired to one policy). Widens memory, buses etc. Solves some MultiProcessor issues. Very expensive (non-standard components) |
|
Definition
|
|
Term
| Hardware Support for Tainting: Programmability at runtime to follow any desired taint propagation _____. Ability to track _____ policies at the same time. Use _____ components whenever possible (Standard _____, _____, etc. Minimal changes to complex _____ CPU core). Support for _____ |
|
Definition
| policy, multiple, standard, memory, buses, OoO, multiprocessors |
|
|
Term
| Definition: An optimization technique used primarily to speed up computer programs by storing the results of expensive function calls and returning the cached result when the same inputs occur again |
|
Definition
|
|
Term
| FlexiTaint: Memoize recent outcomes of Fn in a small _____ _____ _____ (_____) |
|
Definition
| Taint Propagation Cache (TPC) |
|
|
Term
| FlexiTaint: What are 2 reasons by TPC access for every instruction is expensive? |
|
Definition
|
|
Term
FlexiTaint TPC Optimization:
ZERO input taint -> _____ output taint;
ELSE _____ _____ |
|
Definition
|
|
Term
FlexiTaint TPC Optimization:
IF Only one input taint -> _____ _____ output taint;
ELSE _____ _____ |
|
Definition
|
|
Term
| FlexiTaint: _____ Taint storage from data. Allows use of standard memory, buses, etc. |
|
Definition
|
|
Term
| Tainting done at the _____-_____ of the _____. OoO CPU engine largely unchanged |
|
Definition
|
|
Term
FlexiTaint Issues:
Definition: Taint information treated same as data |
|
Definition
|
|
Term
FlexiTaint Issues:
Definition: Key issue: atomicity of taint and data. E.g.: Same instruction can't access new data, old taint |
|
Definition
|
|
Term
| FlexiTaint Issues: OS issues like _____ _____ and _____ |
|
Definition
|
|
Term
Taint Propagation Schemes:
Definition: Taint buffer used by read(), recv(). All ops propagate taint from inputs to output. If Jump uses tainted value, RAISE EXCEPTION |
|
Definition
|
|
Term
Taint Propagation Schemes:
Definition: Taint address returned by malloc(). Add/Sub: If only one input is tainted, propagate. Add: Both inputs are tainted, RAISE EXCEPTION. Sub: Both inputs are tainted, remove taint. For other ops, propagate taints from inputs |
|
Definition
|
|
Term
| What are the two multi-structures of security? |
|
Definition
| Mutli-level, multi-lateral |
|
|
Term
What security model does the following diagram represent?
[image] |
|
Definition
|
|
Term
| Access control, consent and notification, persistence, attribution, information flow, aggregation control, and trusted computing base are components of _____ _____ |
|
Definition
|
|
Term
What security model does the following diagram represent?
[image] |
|
Definition
|
|
Term
| What are 2 popular techniques to enchance anonymity? |
|
Definition
| Randomization, obfuscation |
|
|
Term
| Definition: Adding noise with zero mean and a known variance to the data |
|
Definition
|
|
Term
| _____ _____ continuously shuffles memory as it is being accessed, thereby completely hiding what data is being accessed or even when it was previously accessed |
|
Definition
|
|
