Not all, but most technical information security controls are based on the hardware security capabilities that support and enable the security primitives upon which more elaborate and sophisticated security controls are implemented. What are “security primitives?” Think of a primitive as a building block, or a tool defined by some type. Often, the word “primitive” is associated with cryptography primitives, but in this case, we’re talking about the building blocks of keeping types of hardware security.
Related Product : Certified Information System Security Professional | CISSP
Depending on the platform, the types of hardware security primitives will vary. These can include:
- Memory protection
- Virtualization
- Trusted Platform Modules (TPM)
- Cryptographic modules
- Hardware Security Modules (HSM)
- Smartcards
As with all system capabilities, implementing instructions in hardware limits the flexibility of the system. Further, many systems (particularly in the IoT space) do not have the computational horsepower to implement sophisticated security capabilities controls while providing an acceptable level of performance. The security professional should be able to identify when tradeoffs between security and performance are being made, and integrate that information into the risk assessment process.
Memory Protection
The basic foundational security control on all systems that permit programs with different levels of security access to run at the same time is memory protection. This feature enables the operating system to load multiple programs into main memory at the same time and prevent one program from referencing memory not specifically assigned to it. If a program attempts to reference a memory address it is not permitted to access, the system blocks the access, suspends the program, and transfers control to the operating system. In most cases, the operating system will terminate the offending program.
Follow Us
https://www.facebook.com/INF0SAVVY
https://www.linkedin.com/company/14639279/admin/
