Upload
aldous-turner
View
213
Download
0
Embed Size (px)
Citation preview
1 Copyright © 2014 M. E. Kabay. All rights reserved.
HardwareCSH6 Chapter 4
“Hardware Elements of Security”
Sy Bosworth & Stephen Cobb
2 Copyright © 2014 M. E. Kabay. All rights reserved.
Topics
Introduction Binary Design Parity Hardware Operations Interrupts Memory & Data Storage Time Natural Dangers Data Communications Cryptography Backup Recovery Microcomputers
3 Copyright © 2014 M. E. Kabay. All rights reserved.
Introduction
Other hardware-related chapters of CSH6:Ch 5 – Data Communications & Information
SecurityCh 6 – Network Topologies, Protocols, & DesignCh 22 – Physical Threats to the Information
InfrastructureCh 23 – Protecting the Information Infrastructure
4 Copyright © 2014 M. E. Kabay. All rights reserved.
Binary Design
Von Neumann ArchitectureJohn von Neumann, 1946Apply binary representation to computer
implementationElectrical/electronic systems could handle
high/low or on/off states to represent binary 0 and binary 1
Rapid switching = pulsesPulse characteristics
Ideally square wavesBut cope with sine waves and other
waveforms
5 Copyright © 2014 M. E. Kabay. All rights reserved.
Circuitry
Original 1940s computers used vacuum tubesRelatively large – room-sized
machines with power of later calculator-wristwatches
Consumed power & ran hotShort MTBF (mean time between failures)
Solid-state transistorsPatented in 1925 (Lilienfeld) & 1934 (Heil)
but never developedWilliam Shockley & colleagues at Bell Labs
developed effective transistors starting in 1947
6 Copyright © 2014 M. E. Kabay. All rights reserved.
Coding Convention for representing data Early codes include
Baudot (hence “baud rate”)Binary-coded decimal (BCD)Extended BDC (EBCDIC, used by IBM)American Standard Code for Information Interchange
(ASCII) Bits → bytes (8 bits/byte) → words (n bytes/word) Prefixes for length of numerical codes (B = bytes & b = bits)
KB = kilobyte (1024 bytes) (aka kibibyte!)MB = megabyte (1024 KB) (aka mebibyte)GB = gigabyte (1024 MB) (aka gibibyte)TB = terabyte (1024 GB ) (aka tebibyte)
7 Copyright © 2014 M. E. Kabay. All rights reserved.
Error-Detecting CodesError-detection systems started with parity bitsWrite additional bit into hardware storage (e.g.,
disk, RAM, data-comm, tape…)Even parity bit = 0 when sum of bits is evenOdd parity bit = 0 when sum of bits is oddRecompute parity bit when reading data backCheck to see if computed parity bit = recorded
parity bitExtensions led to
error-correcting codes; e.g.,Cyclical Redundancy
Checks (CRCs)Self-checking codes
8 Copyright © 2014 M. E. Kabay. All rights reserved.
Hardware Operations
Fundamentals ops: Input, Output, ProcessingTypical hardware-implemented error-handling
Read-after writeEchoOverflow errorsValidationReplication (e.g., RAID-1
arrays of disks)
9 Copyright © 2014 M. E. Kabay. All rights reserved.
Interrupts
Changes of state can allow operating system to examine its own integrity as well as integrity of data
Types of interruptsI/OSupervisor callsProgram checkMachine checkExternal
For a detailed computer engineering review,see “Investigating Interrupts” by Garth Wilsonhttp://tinyurl.com/42dqcuk (← q not g)
10 Copyright © 2014 M. E. Kabay. All rights reserved.
Memory & Data StorageMemory Hierarchy (of speed) CPU registers (architectural registers)
Nanosecond access time Main memory (primary memory, RAM)
Microsecond access time Secondary storage (disk, tape, flash memory …)
Millisecond access time – on disks, mostly due to head positioning
Hardware safeguardsHardware-locking devices can prevent accidental writeBad-sector compensationReformattingSMART (Self-Monitoring, Analysis, and Reporting
Technology)Head-withdrawal systems for hard-drives
11 Copyright © 2014 M. E. Kabay. All rights reserved.
Time
Synchronous processesOperate according to
strict rhythmIntrinsic frequency of hardwareSystem clock cyclesDefined # cycles= tickDefined # ticks may generate interrupt
Deviation from clock cycle may indicate error
Asynchronous processesNo particular rhythmE.g., keyboard inputs, packet streams
12 Copyright © 2014 M. E. Kabay. All rights reserved.
Natural Dangers
Power failureHeatHumidityWaterDirt, dustRadiation
May cause downtime
See CSH6 Chapters 22 & 23
13 Copyright © 2014 M. E. Kabay. All rights reserved.
Data Communications
DC hardware can be criticalTerminals must be protected to prevent
unauthorized accessWired facilities
Dial-up lines (increasingly rare)Leased linesDSL (Digital Subscriber Lines)Cable
Wireless
See CSH6 Chapters 5 & 33
14 Copyright © 2014 M. E. Kabay. All rights reserved.
Cryptography
Essential tool for information assurance Increasingly available in hardware
implementationsEncrypting disk drivesEncrypting data-communications
equipment (e.g., STU-III)
ROCSAFEhttp://tinyurl.com/qw36aa
ROCSAFE
Secure Telephone Unit III
See CSH6 Chapter 7
15 Copyright © 2014 M. E. Kabay. All rights reserved.
Backup
All systems may failTherefore all systems storing meaningful data
should be backed upDefinition: backup is independent copy of data
Thus must have at least 2 instantiations of dataThus cannot backup and then destroy original:
would have no backupBackup also includes operational components for
business continuityPeopleHardwarePower
See CSH6 Chapter 57
See CSH6 Chapter 58
16 Copyright © 2014 M. E. Kabay. All rights reserved.
Recovery
Effective recovery requires planning & testingBackups
Test backups at time of creationUse verification modeReads data back and compares with
originalTest backup restoration periodicallyKeep in mind that backup media may
deteriorate over timeArchives may become unreadablePlan for re-recording if necessary
See CSH6 Chapters 58 & 59
17 Copyright © 2014 M. E. Kabay. All rights reserved.
MicrocomputersGeneral threats to microcomputers
Small sizeEase of access (e.g., laptops)Widespread knowledgeStrong motivation to steal informationLots of opportunity
Specific threatsPhysical damageTheftBad electrical power & static
dischargeData communicationsMaintenance and repair
See also following slides
HP110 from c. 1982
18 Copyright © 2014 M. E. Kabay. All rights reserved.
Physical Damage
Susceptibility to shockDisk drives in particular
Damage from liquids and greaseSpilled beverages into keyboardsDirty fingers on connectors
Obstructed cooling ventsDirtBlockage
by papers, books, other equipment
19 Copyright © 2014 M. E. Kabay. All rights reserved.
TheftTheft of laptops → loss of
control over confidential dataConfidential data must
be encryptedPersonally identifiable
information (PII) in particular must be encrypted
Use whole-disk encryption for simplicity
Computer lo-jack systems available
http://www.absolute.com/products/lojack
20 Copyright © 2014 M. E. Kabay. All rights reserved.
Bad Electrical Power & Static DischargeReduce or eliminate use of
multiple-access to power outletsAdd voltage-regulators
Prevent spikes and brownoutsMany UPSs include voltage
regulationDon’t allow vacuum
cleaners (etc) on same circuit as computer systems
See Kabay (2009) “Preparing for the Next Solar Max”http://www.mekabay.com/infosecmgmt/solarmax.pdf
21 Copyright © 2014 M. E. Kabay. All rights reserved.
Data CommunicationsExplosion of interconnectivity
<1980 almost all computer networks were local
Simple terminals hardwired to mainframes Smart terminals with some local
processingIn 1980s LANs interconnected PCs locally
WANs and MANs implemented internetworking
Internet grew to 1.1M nodes by 19911990s saw explosion in size of Internet
.com TLD (top-level domain) opened ~1993WWW established early 1990s
22 Copyright © 2014 M. E. Kabay. All rights reserved.
Maintenance and Repair
Organizations must establish official program of maintenance and repair for PCsOn-site by employeesOn-site by contractorsOn-call repairCarry-in service to repair centersRemote repair using shipping
Have loaners on standby for immediate replacement of damaged units
Consider securityimplications
23 Copyright © 2014 M. E. Kabay. All rights reserved.
Now go and study