| . | . |
|---|---|
| PROCESS | - executable program and its associated data loaded/running in memory |
| - HWP - Heavy Weight Process = TASK | |
| - parent process can spawn additional children (threads) | |
| THREAD | - LWP - Light Weight Process, can share memory |
Process states
- NEW –> being created
- READY –> waiting to be exec’d by CPU
- RUNNING –> being exec’d by CPU
- BLOCKED –> waiting for i/o
- TERMINATE –> completed
| . | . | . |
|---|---|---|
| MULTITHREADING | CPU/single core can execute multiple processes/thread concurrently | divides CPU time among child processes (aka threads) |
| MULTIPROCESSING | computer using more than 1 CPU for a task | divide load among multiple CPUs |
| MULTITASKING | tasks sharing a common resource (1 CPU) | divide CPU time among multiple processes |
| MULTIPROGRAMMING | computer running more than one program at a time |
Memory protection –> prevents one process from affecting the CIA of another; used in multi-user/multitasking envs
Process isolation –> logical control that prevents one proc interferring w/ another
Hardware segmentation –> maps processes to specific memory locations
Virtual memory –> provides virt addr mapping btw apps and hw memory
SWAPPING –> moves entire processes from RAM to secondary memory (disk)
PAGING –> copies block from RAM (pri memory) from/to secondary memory (disk)
STORAGE
- primary –> info that is required by CPU, volatile
- secondary –> non-volatile memory used for long-term storage (HDD, CDROM)
Faraday cage –> block electromagnetic signals (radio, wireless, cellular, RFID tags)
Lockdown enclosure prevents theft of computer equipment
CONFINEMENT –> restricts a process to read/write from/to specific memory locations
BOUNDS –> limits of memory a process cannot exceed (read/write)
ISOLATION –> process running confined through the use of memory bounds
Describing vulnerabilitites
needs a common set of standards to provide a common language for describing/evaluating vulns.
SCAP - Security COntent Automation Protocol
- common framework, w/ several components
- Common Vulnerabilities and Exposures (CVE) - naming system for describing security vulnerabilities.
- Common Vulnerability Scoring System (CVSS) - standardized scoring system for describing the severity of security vulnerabilities.
- Common Configuration Enumeration (CCE) - naming system for system configuration issues.
- Common Platform Enumeration (CPE) - naming system for operating systems, applications, and devices.
- Extensible Configuration Checklist Description Format (XCCDF) - language for specifying security checklists.
- Open Vulnerability and Assessment Language (OVAL) - language for describing security testing procedures