![Page 1: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/1.jpg)
Security Architecture and Design
Chapter 4Part 1
Pages 297 to 319
![Page 2: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/2.jpg)
Bugs and Flaws
• Security Bug– Vulnerability in the software
• Security Flaw– Vulnerability in the architecture or design
• About 50%-50%
![Page 3: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/3.jpg)
Today’s Environment
• Security bug and flaws account for the majority of compromises
• We are better at protecting the perimeter with Firewalls, IPS, etc.
• More demands for functionality has made software more complex
• As complexity increases security decreases
![Page 4: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/4.jpg)
Approaches
• Bake Security In from the start– From Architecture to Design to Implementation to
Testing– Correct approach
• Bolt Security on at the end– Often not enough time– Much harder to do
![Page 5: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/5.jpg)
Security
• “The security that a product provides must be evaluated based upon the availability, integrity, and confidentiality that it claims to provide.”
• Need to really understand how technology works to determine the proper level of security that is truly in place.
![Page 6: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/6.jpg)
Waterfall Model
• Architect the system• Write Specification Requirements• Design• Implement = code• Test• Deploy
![Page 7: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/7.jpg)
System Architecture
• Conceptually understand the system structure and behavior and its relationship to its environment
• Outline the main goals the system must achieve
• Big picture
![Page 8: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/8.jpg)
System Architecture
• Architectural Description for a software intensive system– ISO/IEC/IEEEE 42010
• Security needs to be considered while architecting the system
![Page 9: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/9.jpg)
Stakeholder
• Stakeholder – Individual, team, or organization with interest in the system
• View – representation of the system from a particular perspective
• “The architect needs to capture the goals that the system is supposed to accomplish for each stakeholder.”
![Page 10: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/10.jpg)
Computer Architecture
• Computer hardware• Operating system• Network
![Page 11: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/11.jpg)
Computers
![Page 12: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/12.jpg)
Buses
• Most systems today have 64-bit address and data buses
![Page 13: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/13.jpg)
CPU
![Page 14: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/14.jpg)
Registers
• PC (Program Counter) – address of next instruction
• General Registers – Hold data• Special Registers– SP (Stack pointer)– PSW (Program Status Word)• Bit of negative result • Bit for Zero result
![Page 15: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/15.jpg)
PSW
• Bit for mode– User mode (where applications run)– Privileged (Kernel, Supervisor) mode for Operating
System• I/O
![Page 16: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/16.jpg)
Stack Pointer
• Local Variables• Return Address• Parameters• Local Variable• Return Address• Parameters
![Page 17: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/17.jpg)
Multicore Processor
![Page 18: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/18.jpg)
Multiprocessing (See page 311)
![Page 19: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/19.jpg)
Process
• Program loaded in memory• Multiprogramming OS – more than one
process (program) can be loaded in memory (See page 319)
• Preemptive multitasking – time sharing
![Page 20: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/20.jpg)
Figure 4-6 on Page 314
![Page 21: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/21.jpg)
Process Table
![Page 22: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/22.jpg)
Interrupts
• Timer• Device – When a device needs to
communicate with the CPU – Disk completed I/O operation
![Page 23: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/23.jpg)
Interrupts
![Page 24: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/24.jpg)
Threads
• Instructions generated by a process when it has a specific activity that needs to be carried out by the operating system.
• Microsoft Word– Open a file– Print a document– Save a file
![Page 25: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/25.jpg)
Mulithreading
![Page 26: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/26.jpg)
Code Injection Attack
• Attacker injects instructions into a running process.
• Keylogger, send out malware, • If running at privilege mode• OWASP Top Ten– https://
www.owasp.org/index.php/Top_10_2013-Top_10– A9 Using Components with Known Vulnerabilities
![Page 27: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/27.jpg)
Process Scheduling
• Responsibility of the operating system• Process priorities– Low priority background process– High priority process hogging the system
resources• Denial of Services attack
![Page 28: Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319](https://reader035.vdocuments.us/reader035/viewer/2022070412/5697bf7d1a28abf838c84bcc/html5/thumbnails/28.jpg)
Software Deadlock
• A has resources 1 and requests 2• B has resource 2 and requests 1