CISSP Domain 3 Review / Mind Map (3 of 9) | Trusted Computing Base

hey I'm Rob Witcher and I'm here to help you pass the CISSP exam we're going to go through a review of the major topics related to the trusted computing base in domain 3 to understand how they interrelate and a guide your study needs this is the third of nine videos for domain 3 I've included links to the other mindmap videos in the description below the TCB the trusted computing base this is a topic that is prevalent on the exam and it's so much in day to day life honestly who's ever had a chat about the

TCB around the water cooler and well nowadays none of us are chatting around the water cooler in the office so who's chat about the TCB over zoom no one but it is an important topic so let's start with a good definition the TCB is the totality of protection mechanisms within a system or architecture that work together to enforce a security policy what is the totality you may be asking it means the whole of something so remember this the TCB comprises all of the protection mechanisms such as people processes and technology that are responsible for protecting

a system watch out for words like collection assembly taxonomy anything that means all of the protection mechanisms this is the TCB so the TCB is the collection of all the protection mechanisms and the rest of this mind map we're going to talk through some of these key mechanisms starting with the RMC the reference monitor concept the RMC is a really simple concept if we want to have security we have to control what subjects are allowed to access what objects and what specifically the subject can do with the object so what's a subject an active entity

subjects are things like people and processes that want to access objects we need to control to mediate a subjects access to an object this mediation can be all sorts of things it could be a physical lock on a door controlling which people which subjects can access a building the object or it could be the windows login prompt controlling if a user can access their computer or it could be the system kernel controlling which applications can access the network card this mediation is anything that is controlling a subjects access to an object now this mediation must

decide what subjects can access what objects how does it decide based on a set of rules we need to provide a set of rules that the mediation will make decisions based on that by the way is the functional of the control every control should also have an assurance aspect we need to know if the mediation is working correctly on an ongoing basis how do we get this assurance we vlog and monitor and the final piece of the RMC is what is being accessed the object an object is a passive entity the object is whatever is

being accessed by the subject so objects can be things like databases Word files buildings and even other processes and that is the RMC a subject accessing an object through some form of mediation that is based on a set of rules and all of this is logged and monitored to provide assurance that it is working correctly now there's an important part I want to highlight about the reference monitor concept it is just a concept to make it useful we need to implement it whenever you implement the reference monitor concept it is known as a security kernel

we use security kernels everywhere in security wherever we want to control the subjects access to an object we control that access with a security kernel thus you can find many examples of security kernels in Hardware firmware software everywhere to have security the RMC and its implementation the security kernel must satisfy three important principles the first principle is completeness which means a subject is never able to bypass the mediation for example there's no backdoors the second principle is isolation which means the rules use to control the mediation are tamper-proof the rules can only be changed by

someone who is authorized to do so just remember isolation means the rules are tamper proof and the third principle is verifiability which means that we are logging and monitoring to verify that the mediation is working correctly this is the assurance aspect okay now let's look at some hardware components within computer systems and some of these components will be components within the TCB starting with CPUs central processing units CPUs are the brains of computers CPUs fetch instructions decode them X cute them and store the results and these fetch two codes execute and store steps run millions

of times per second allowing us to run multiple complex applications simultaneously via multitasking all the operating system and application code and all the data in a system needs to be stored somewhere so let's talk about the different places that data can be stored and why there are two major categories of storage primary and secondary primary storage is super fast provides very little storage space and it's volatile examples of primary storage are the cache and registers built into the CPU and RAM random access memory all of these types of storage are extremely fast offer relatively little

storage space and our volatile what is volatile it means that when the power is turned off any data in volatile memory disappears into the ether it's gone secondary storage is basically the inverse it is much slower offers much more storage space and it is non-volatile examples of secondary storage are magnetic hard drives SSDs solid-state drives optical media like CDs and DVDs and tapes the last type of memory we'll talk about is not actually a type of memory rather it is a memory management technique as I mentioned RAM is relatively small whenever you load a program

open a new application then some or all of the application code and required data will be copied from the slow hard drive into the much faster Ram so the code and data can be quickly accessed by the CPU the problem is that because the amount of storage space in ram 8 gave 16 gigs 32 gigs is relatively small if you have too many programs open you can run out of RAM and you get a blue screen of death to avoid this problem the operating system will temporarily transfer some of the less frequently used data from

RAM back on to the hard drive this process is often referred to as paging or swapping and it essentially simulates having more RAM in a system than you actually have virtual memory let's now move on to talking about some of the major software components within a system we'll start with the operating system system of software that controls all the computer hardware and allows multiple programs to run examples of operating systems are Windows Mac OS Linux UNIX iOS Android etc etc the core of an operating system the central part that controls everything is known as the

system kernel make sure you don't confuse the system kernel the core of the operating system with the security kernel which is the implementation of the reference monitor concept firmware is software that provides low-level control of the underlying Hardware firmware is stored on the hardware typically in non-volatile memory such as ROM read-only memory middleware is like software glue middleware acts as a translator between different incompatible applications enabling interoperability and allowing incompatible applications to talk to each other by passing messages through the middleware the translator the next major topic is protection mechanisms the concepts and software techniques

that we use to secure systems and enforce security policies all our modern-day systems are multi tasking meaning that multiple applications can be running at the same time from a security perspective we must make sure that these processes are isolated that one application cannot interfere with another there are two major methods that we can use to achieve process isolation memory segmentation means that processes each application is given its own memory space and then a process is only allowed to access the data in its own memory space the memory has been segmented the second process isolation technique

is known as time division multiplexing which is just a really fancy way of saying that we give each process access to a resource like the CPU or the network card for a slice of time and then control is taken away from the first processing given to the second process we have isolated the processes by only allowing them to access a resource one at a time we talked about CPUs the brains of a computer system CPUs provide a couple of different levels of access to their functionality the lower privilege level is known as problem state it

is in this lower privilege level in most applications run they don't have full access to all the CPUs capabilities but enough for them to run and by the way why is it called problem state is the CPU having a rough day no problem state refers to what CPUs are meant to do solve problems so problem state is just the normal operating privilege levels for the CPU and this is why our application is tend to run the higher privileged level on a CPU is known as supervisory state or supervisor state the system kernel the core of

the operating system will typically run in supervisor state giving it full access to the CPUs capabilities speaking of operating systems there are two common privilege levels that applications processes code can run at the lower privileged level is known as user mode and most applications will run in this lower privileged level user mode restricts what system resources the applications can access both preventing direct access to Hardware and limiting the percentage of system resources that the application cans consume the higher privilege level is known as kernel mode and you can probably guess what runs in kernel mode

the system kernel kernel mode provides unrestricted access to the underlying hardware another way of thinking about how access to system resources is protected and defining different levels of trust or privilege is the ring protection model the idea is that the center ring rings 0 is where the greatest privilege is granted to system resources and thus ring 0 requires the greatest protection and access should be limited to the greatest extent possible each successive ring ring one ring to ring 3 each have less privilege ring 3 the outermost ring is where the least privilege is granted and

arraign 3 is where most applications will run don't worry about rings 2 and 1 as there is no consensus between different operating systems for exactly what these rings are used for so you won't get questions on them ring 0 the innermost ring is where the most privilege is granted do remember that ring 0 is where the system kernel runs and ring 0 is also where firmware resides applications need to store and retrieve data when they're run they will store this data in memory as we've already talked about there needs to be processed isolation controls in

place in the form of memory segmentation to ensure that one application cannot access another's application secure memory management is the idea of implementing a security kernel that mediates applications access to shared memory to ensure memory segmentation and prevent problems like buffer overflows and memory exhaustion data hiding is the idea that if an application is running at a lower privileged level then data at a higher privilege level will simply be hidden from the application the application can't try to access the higher security data because it doesn't even know it's there what security model does this sound

like the implementation of the bela pajela confidentiality model which i covered in the first video of domain 3 and i've linked to and the final protection mechanism that we'll cover here is the concept of defense-in-depth implementing multiple layers of security controls and having a complete control at each layer a combination of preventive detective and corrective controls such that a single failure at one layer does not expose or compromise the security of the asset we can use many of the protection mechanisms we have just discussed in combination to achieve defense in death and that is no

review of the trusted computing base within domain 3 covering the most critical concepts to know for the exam if you found this video helpful you can hit the thumbs up button and if you want to be notified when we release additional videos in this mind map series then please subscribe and hit the bow icon to get notifications I'll provide links to the other mindmap videos in the description below thanks very much for watching and all the best in your studies [Music]