Home>Blog>anakyst>Domain 3 – Security Engineering and Architecting
anakyst

Domain 3 – Security Engineering and Architecting

Multitasking – multitasking means handling two or more tasks simultaneously.

Multiprocessing – harnesses the power of more than one processor to complete the execution of a single application.

  • SMP – A single computer contains multiple processors that are treated equally and controlled by a single operating system, is called symmetric multiprocessing (SMP).
  • MPP – MPP systems house hundreds or even thousands of processors, each of which has its own operating system and memory/ bus resources.

Multithreading

  • Multiple tasks operate within a single process.
  • Multiple documents are opened at the same time in a word processing program.

Multiprogramming

  • Pseudo simultaneous execution of two tasks on a single processor coordinated by the operating system as a way to increase operational efficiency.  Typically associated with Mainframe processing, largely extinct.

Government Security Modes

  • Dedicated
  • System High
  • Compartment
  • Multilevel
  • Acronym – Data Security Causes Madness

Microprocessor Memory Design

The vulnerabilities, dubbed as “Meltdown” and “Spectre”, involve an architectural feature built into CPUs to enhance system performance. Remediation efforts could adversely impact performance, affecting software, apps and browsers. The vulnerabilities are known to be exploitable on servers, workstations, mobile devices, IoT environments and browsers.

In a much simpler time, microprocessors were designed to have their memory separated out into what is called “kernel space” and “user space”. In a 32-bit Intel environment, which is limited to four gigabytes of addressable space, the kernel space was regulated to the top one gigabyte of memory while the user space resided in the lower three gigabytes. While it might appear that applications running in the user space had visibility into the kernel space, permissions (theoretically) prevented direct access into the kernel’s memory.

The four gigabyte size restrictions for virtual memory were removed with the 64-bit Intel environment. Unlike the 32-bit architecture that always loaded the kernel in a known location in upper memory every time the system was booted, a kernel loading process called kernel address-space layout randomization (KASLR) was implemented. Each time the system boots, the kernel space is assigned a random location in the virtual address space. This makes attacking vulnerabilities in the kernel a little more difficult since the attacker does not know the specific location in memory to attack. However, applications running in the user space still have the same theoretical visibility, barring permissions, into the kernel space as the 32-bit architecture.

The processor has a “Translation Lookaside Buffer” (TLB) that is used for switching between user space and kernel space. By keeping the kernel space permanently mapped in the TLB, the kernel space TLB entries do not have to be flushed, which is a time-consuming operation. Without this design, for each context switch (which occurs at least twice for each system call), the TLB would be flushed and repopulated with the appropriate TLB entries (user space or kernel). Examples of the need for a context switch include system calls (i.e., disk read, write, or seek), system interrupts, or time slicing requirements.

So long as memory leaks from kernel space do not find their way into user space, an attacker would not be able to infer the kernel’s location. Unfortunately, such leaks do occur, either from software errors or the hardware itself.

The researchers discovered that user space instructions can be used to retrieve kernel memory due to processors’ use of “speculative execution” that will attempt to guess what code will be executed in the next few cycles and “pre-execute” it in an attempt to increase performance. At times, this may mean that multiple code segments are pre-executed at the same time until the correct one is needed. The other segments are then discarded.

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.