Computer Architecture and Security: Fundamentals of Designing Secure Computer Systems by Robert S. Ledley and Shuangbao Paul Wang


5956913fec29f63.jpeg Author Robert S. Ledley and Shuangbao Paul Wang
Isbn 978-1118168813
File size 9 Mb
Year 2013
Pages 343
Language English
File format PDF
Category security


 

Information Security Series The Wiley-HEP Information Security Series systematically introduces the fundamentals of information security design and application. The goals of the Series are:    to provide fundamental and emerging theories and techniques to stimulate more research in cryptology, algorithms, protocols, and architectures; to inspire professionals to understand the issues behind important security problems and the ideas behind the solutions; to give references and suggestions for additional reading and further study. The Series is a joint project between Wiley and Higher Education Press (HEP) of China. Publications consist of advanced textbooks for graduate students as well as researcher and practitioner references covering the key areas, including but not limited to: – – – – – – – Modern Cryptography Cryptographic Protocols and Network Security Protocols Computer Architecture and Security Database Security Multimedia Security Computer Forensics Intrusion Detection Lead Editors Songyuan Yan Moti Yung John Rief London, UK Columbia University, USA Duke University, USA Editorial Board Liz Bacon Kefei Chen Matthew Franklin Dieter Gollmann Yongfei Han Kwangjo Kim David Naccache Dingyi Pei Peter Wild University of Greenwich, UK Shanghai Jiaotong University, China University of California, USA Hamburg University of Technology, Germany Beijing University of Technology, China ONETS Wireless & Internet Security Tech. Co., Ltd. Singapore KAIST-ICC, Korea Ecole Normale Superieure, France Guangzhou University, China University of London, UK COMPUTER ARCHITECTURE AND SECURITY FUNDAMENTALS OF DESIGNING SECURE COMPUTER SYSTEMS Shuangbao (Paul) Wang George Mason University, USA Robert S. Ledley Georgetown University, USA This edition first published 2013 # 2013 Higher Education Press. All rights reserved. Published by John Wiley & Sons Singapore Pte. Ltd., 1 Fusionopolis Walk, #07-01 Solaris South Tower, Singapore 138628, under exclusive license by Higher Education Press in all media and all languages throughout the world excluding Mainland China and excluding Simplified and Traditional Chinese languages. For details of our global editorial offices, for customer services and for information about how to apply for permission to reuse the copyright material in this book please see our website at www.wiley.com. All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as expressly permitted by law, without either the prior written permission of the Publisher, or authorization through payment of the appropriate photocopy fee to the Copyright Clearance Center. Requests for permission should be addressed to the Publisher, John Wiley & Sons Singapore Pte. Ltd., 1 Fusionopolis Walk, #07-01 Solaris South Tower, Singapore 138628, tel: 65-66438000, fax: 65-66438008, email: [email protected] Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The Publisher is not associated with any product or vendor mentioned in this book. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold on the understanding that the Publisher is not engaged in rendering professional services. If professional advice or other expert assistance is required, the services of a competent professional should be sought. Library of Congress Cataloging-in-Publication Data Computer architecture and security : fundamentals of designing secure computer systems / Shuangbao (Paul) Wang, Robert S. Ledley. p. cm. Includes bibliographical references and index. ISBN 978-1-118-16881-3 (cloth) 1. Computer architecture. 2. Computer security. 3. System design. I. Wang, Shuangbao Paul. II. Ledley, Robert Steven. QA76.9.A73C6293 2012 005.8–dc23 2012027837 ISBN: 9781118168813 Set in 11/13 pt Times by Thomson Digital, Noida, India To our parents who care and educate us throughout our journey. In memory of Dr. Ledley, who pioneered Biomedical Computing. Contents About the Authors xv Preface xvii Acknowledgements xix 1 Introduction to Computer Architecture and Security 1.1 History of Computer Systems 1.1.1 Timeline of Computer History 1.1.2 Timeline of Internet History 1.1.3 Timeline of Computer Security History 1.2 John von Neumann Computer Architecture 1.3 Memory and Storage 1.4 Input/Output and Network Interface 1.5 Single CPU and Multiple CPU Systems 1.6 Overview of Computer Security 1.6.1 Confidentiality 1.6.2 Integrity 1.6.3 Availability 1.6.4 Threats 1.6.5 Firewalls 1.6.6 Hacking and Attacks 1.7 Security Problems in Neumann Architecture 1.8 Summary Exercises References 1 3 5 15 28 34 36 37 38 41 41 42 42 43 43 44 46 48 48 50 2 Digital Logic Design 2.1 Concept of Logic Unit 2.2 Logic Functions and Truth Tables 2.3 Boolean Algebra 2.4 Logic Circuit Design Process 51 51 52 54 55 Contents viii 2.5 2.6 2.7 2.8 Gates and Flip-Flops Hardware Security FPGA and VLSI 2.7.1 Design of an FPGA Biometric Security System 2.7.2 A RIFD Student Attendance System Summary Exercises References 3 Computer Memory and Storage 3.1 A One Bit Memory Circuit 3.2 Register, MAR, MDR and Main Memory 3.3 Cache Memory 3.4 Virtual Memory 3.4.1 Paged Virtual Memory 3.4.2 Segmented Virtual Memory 3.5 Non-Volatile Memory 3.6 External Memory 3.6.1 Hard Disk Drives 3.6.2 Tertiary Storage and Off-Line Storage 3.6.3 Serial Advanced Technology Attachment (SATA) 3.6.4 Small Computer System Interface (SCSI) 3.6.5 Serial Attached SCSI (SAS) 3.6.6 Network-Attached Storage (NAS) 3.6.7 Storage Area Network (SAN) 3.6.8 Cloud Storage 3.7 Memory Access Security 3.8 Summary Exercises References 4 Bus and Interconnection 4.1 System Bus 4.1.1 Address Bus 4.1.2 Data Bus 4.1.3 Control Bus 4.2 Parallel Bus and Serial Bus 4.2.1 Parallel Buses and Parallel Communication 4.2.2 Serial Bus and Serial Communication 4.3 Synchronous Bus and Asynchronous Bus  56 58 58 59 59 65 67 67 68 68 70 72 74 75 75 76 77 78 78 79 80 81 82 83 85 86 88 89 89 90 90 91 93 93 95 95 96 107 The star “” here means the content is a little bit more advanced. For teaching purpose, this content may be omitted for entry level students. Contents 4.4 4.5 4.6 4.7 4.8 5 ix Single Bus and Multiple Buses Interconnection Buses Security Considerations for Computer Buses A Dual-Bus Interface Design 4.7.1 Dual-Channel Architecture 4.7.2 Triple-Channel Architecture 4.7.3 A Dual-Bus Memory Interface Summary Exercises References I/O and Network Interface 5.1 Direct Memory Access 5.2 Interrupts 5.3 Programmed I/O 5.4 USB and IEEE 1394 5.4.1 USB Advantages 5.4.2 USB Architecture 5.4.3 USB Version History 5.4.4 USB Design and Architecture 5.4.5 USB Mass Storage 5.4.6 USB Interface Connectors 5.4.7 USB Connector Types 5.4.8 USB Power and Charging 5.4.9 IEEE 1394 5.5 Network Interface Card 5.5.1 Basic NIC Architecture 5.5.2 Data Transmission 5.6 Keyboard, Video and Mouse (KVM) Interfaces 5.6.1 Keyboards 5.6.2 Video Graphic Card 5.6.3 Mouses 5.7 Input/Output Security 5.7.1 Disable Certain Key Combinations 5.7.2 Anti-Glare Displays 5.7.3 Adding Password to Printer 5.7.4 Bootable USB Ports 5.7.5 Encrypting Hard Drives 5.8 Summary Exercises References 109 110 111 112 113 114 115 115 117 117 118 118 120 121 122 123 123 124 125 127 128 130 133 136 136 137 138 139 140 140 140 140 141 141 141 141 141 141 142 143 Contents x 6 Central Processing Unit 6.1 The Instruction Set 6.1.1 Instruction Classifications 6.1.2 Logic Instructions 6.1.3 Arithmetic Instructions 6.1.4 Intel 64/ 32 Instructions 6.2 Registers 6.2.1 General-Purpose Registers 6.2.2 Segment Registers 6.2.3 EFLAGS Register 6.3 The Program Counter and Flow Control 6.3.1 Intel Instruction Pointer 6.3.2 Interrupt and Exception 6.4 RISC Processors 6.4.1 History 6.4.2 Architecture and Programming 6.4.3 Performance 6.4.4 Advantages and Disadvantages 6.4.5 Applications 6.5 Pipelining 6.5.1 Different Types of Pipelines 6.5.2 Pipeline Performance Analysis 6.5.3 Data Hazard 6.6 CPU Security 6.7 Virtual CPU 6.8 Summary Exercises References 144 144 144 145 145 147 153 153 155 156 158 158 159 161 162 162 163 163 164 164 164 165 166 166 168 169 170 170 7 Advanced Computer Architecture 7.1 Multiprocessors 7.1.1 Multiprocessing 7.1.2 Cache 7.1.3 Hyper-Threading 7.1.4 Symmetric Multiprocessing 7.1.5 Multiprocessing Operating Systems 7.1.6 The Future of Multiprocessing 7.2 Parallel Processing 7.2.1 History of Parallel Processing 7.2.2 Flynn’s Taxonomy 7.2.3 Bit-Level Parallelism 172 172 172 173 174 175 175 176 177 177 178 178 Contents 7.3 7.4 7.5 7.6 7.7 7.8 xi 7.2.4 Instruction-Level Parallelism 7.2.5 Data-Level Parallelism 7.2.6 Task-Level Parallelism 7.2.7 Memory in Parallel Processing 7.2.8 Specialized Parallel Computers 7.2.9 The Future of Parallel Processing Ubiquitous Computing 7.3.1 Ubiquitous Computing Development 7.3.2 Basic forms of Ubiquitous Computing 7.3.3 Augmented Reality 7.3.4 Mobile Computing Grid, Distributed and Cloud Computing 7.4.1 Characteristics of Grid Computing 7.4.2 The Advantages and Disadvantages of Grid Computing 7.4.3 Distributed Computing 7.4.4 Distributed Systems 7.4.5 Parallel and Distributed Computing 7.4.6 Distributed Computing Architectures 7.4.7 Cloud Computing 7.4.8 Technical Aspects of Cloud Computing 7.4.9 Security Aspects of Cloud Computing 7.4.10 Ongoing and Future Elements in Cloud Computing 7.4.11 Adoption of Cloud Computing Industry Drivers Internet Computing 7.5.1 Internet Computing Concept and Model 7.5.2 Benefit of Internet Computing for Businesses 7.5.3 Examples of Internet Computing 7.5.4 Migrating Internet Computing Virtualization 7.6.1 Types of Virtualization 7.6.2 History of Virtualization 7.6.3 Virtualization Architecture 7.6.4 Virtual Machine Monitor 7.6.5 Examples of Virtual Machines Biocomputers 7.7.1 Biochemical Computers 7.7.2 Biomechanical Computers 7.7.3 Bioelectronic Computers Summary Exercises References 179 179 179 180 181 182 182 183 184 185 186 187 187 188 189 189 190 190 192 193 194 195 196 197 198 199 201 202 203 203 205 205 207 207 209 209 209 210 211 212 214 Contents xii 8 Assembly Language and Operating Systems 8.1 Assembly Language Basics 8.1.1 Numbering Systems 8.1.2 The Binary Numbering System and Base Conversions 8.1.3 The Hexadecimal Numbering System 8.1.4 Signed and Unsigned Numbers 8.2 Operation Code and Operands 8.3 Direct Addressing 8.4 Indirect Addressing 8.5 Stack and Buffer Overflow 8.5.1 Calling Procedures Using CALL and RET (Return) 8.5.2 Exploiting Stack Buffer Overflows 8.5.3 Stack Protection 8.6 FIFO and M/M/1 Problem 8.6.1 FIFO Data Structure 8.6.2 M/ M/ 1 Model 8.7 Kernel, Drivers and OS Security 8.7.1 Kernel 8.7.2 BIOS 8.7.3 Boot Loader 8.7.4 Device Drivers 8.8 Summary Exercises References 216 217 217 219 220 221 223 225 225 226 228 229 231 232 232 233 234 234 235 236 237 238 239 240 9 TCP/IP and Internet 9.1 Data Communications 9.1.1 Signal, Data, and Channels 9.1.2 Signal Encoding and Modulation 9.1.3 Shannon Theorem 9.2 TCP/IP Protocol 9.2.1 Network Topology 9.2.2 Transmission Control Protocol (TCP) 9.2.3 The User Datagram Protocol (UDP) 9.2.4 Internet Protocol (IP) 9.3 Network Switches 9.3.1 Layer 1 Hubs 9.3.2 Ethernet Switch 9.4 Routers 9.4.1 History of Routers 9.4.2 Architecture 9.4.3 Internet Protocol Version 4 (IPv4) 241 241 242 243 244 244 245 246 247 247 248 248 249 250 251 251 253 Contents 9.5 9.6 9.7 9.8 9.9 xiii 9.4.4 Internet Protocol Version 6 (IPv6) 9.4.5 Open Shortest Path First 9.4.6 Throughput and Delay Gateways Wireless Networks and Network Address Translation (NAT) 9.6.1 Wireless Networks 9.6.2 Wireless Protocols 9.6.3 WLAN Handshaking, War Driving, and WLAN Security 9.6.4 Security Measures to Reduce Wireless Attacks 9.6.5 The Future of Wireless Network 9.6.6 Network Address Translation 9.6.7 Environmental and Health Concerns Using Cellular and Wireless Devices Network Security 9.7.1 Introduction 9.7.2 Firewall Architecture 9.7.3 Constraint and Limitations of Firewall 9.7.4 Enterprise Firewalls Summary Exercises Virtual Cyber-Security Laboratory References 10 Design and Implementation: Modifying Neumann Architecture 10.1 Data Security in Computer Systems 10.1.1 Computer Security 10.1.2 Data Security and Data Bleaches 10.1.3 Researches in Architecture Security 10.2 Single-Bus View of Neumann Architecture 10.2.1 John von Neumann Computer Architecture 10.2.2 Modified Neumann Computer Architecture 10.2.3 Problems Exist in John Neumann Model 10.3 A Dual-Bus Solution 10.4 Bus Controller 10.4.1 Working Mechanism of the Bus Controller 10.4.2 Co-processor Board 10.5 Dual-Port Storage 10.6 Micro-Operating System 10.7 Summary Exercises 10.8 Projects References 254 254 256 257 258 258 260 261 263 263 264 265 267 268 271 273 274 275 276 277 278 280 280 281 282 283 284 284 285 286 286 288 288 289 292 292 293 294 295 295 xiv Contents Appendix A Digital Logic Simulators A.1 CEDAR Logic Simulator A.2 Logisim A.3 Digital Logic Simulator v0.4 A.4 Logicly 297 297 298 298 299 Appendix B Computer Security Tools B.1 Wireshark (Ethereal) B.2 Metasploit B.3 Nessus B.4 Aircrack B.5 Snort B.6 Cain and Abel B.7 BackTrack B.8 Netcat B.9 Tcpdump B.10 John the Ripper 300 300 300 301 301 301 302 302 302 302 303 Appendix C Patent Application: Intrusion-Free Computer Architecture for Information and Data Security C.1 Background of the Invention C.1.1 John von Neumann Computer Architecture Model C.1.2 Modified Neumann Computer Architecture C.1.3 Problems Existed in the John Neumann Model C.1.4 The Goal of the Invention C.2 Field of Invention C.3 Detailed Description of the Invention C.4 Claim 304 304 305 305 307 307 308 308 310 Index 313 About the Authors Shuangbao (Paul) Wang is the inventor of a secure computer system. He is the recipient of Link Fellowship Award in advanced simulation and training. He holds four patents; three of them have been transferred into industry and put into production. One of his students appeared in Time Magazine for doing his class project which he commercialized and still pursues. In addition, one of his published papers ranked the first place in Science Direct’s TOP 25 Hottest Articles. His research was awarded the Best Invention Award in Entrepreneurship Week USA at Mason. More recently, he received two university Technology Transfer Awards. Dr. Wang has extensive experience in academia, industry, and public services. He has held many posts, including professor, director, CEO, CIO/CTO and ranking positions in public services. He is currently a professor at George Mason University. Dr. Wang served as the Chief Information and Technology Officer at National Biomedical Research Foundation/Georgetown University Medical Center. Earlier, he was the director of the Institute of Information Science and Technology at Qingdao (ISTIQ) where he oversaw more than 120 faculty and staff, acquired 12 grants, won 18 academic awards and was the PI for over 15 grants/projects. Robert S. Ledley is the inventor of CT scanner and is a member of the National Academy of Science. He has numerous publications in Science and several books, and has hundreds of patents and grants. Dr. Ledley is the recipient of the National Medal of Technology that was awarded to him by President Clinton in 1997. He was admitted to the National Inventors Hall of Fame in 1990. Dr. Ledley has been the president of the National Biomedical Research Foundation since 1960. He is also a professor (emeritus) at Georgetown University. Dr. Ledley is the editor-in-chief of four international journals. He has testified before the House and was interviewed by the Smithsonian Institution. Preface This book provides the fundamentals of computer architecture and security. It covers a wide range of computer hardware, system software and data concepts from a security perspective. It is essential for computer and information security professionals to understand both hardware and software security solutions to thrive in the workplace. It features a careful, in-depth, and innovative introduction to modern computer systems and patent-pending technologies in computer security. In the past, computers were designed without security considerations. Later, firewalls were used to protect them from outside attacks. This textbook integrates security considerations into computer architecture in a way that it is immune from attacks. When necessary, the author creates simplified examples from patent-pending technologies that clearly explain architectural and implementation features. This book is intended for graduate and undergraduate students, engineers, and researchers who are interested in secure computer architecture and systems. This book is essential for anyone who needs to understand, design or implement a secure computer system. Studying computer architecture from a security perspective is a new area. There are many textbooks about computer architecture and many others about computer security. However, textbooks introducing computer architecture with security as the main theme are rare. This book introduces not only how to secure computer components (Memory, I/O, network interfaces and CPU) but also how to secure the entire computer system. The book proposes a new model that changes the Neumann architecture that has been the foundation of modern computers since 1945. The book includes the most recent patent-pending technology in computer architecture for security. It also incorporates experiences from the author’s recent award-winning teaching and research. This book also introduces the latest technologies, such as virtualization, cloud computing, Internet computing, ubiquitous computing, biocomputers and other advanced computer architectures, into the classroom in order to shorten the transition time from student to employee. xviii Preface This book has a unique style of presentation. It uses diagrams to explain important concepts. For many key elements, the book illustrates the actual digital circuits so that interested readers can actually build such circuits for testing purposes. The book can also be used as experiment material. The book also comes with a Wiley Companion Website (www.wiley.com/go/ wang/comp_arch) that provides lecture notes, further readings and updates for students. It also provides resources for instructors as well. In addition, the website lists hundreds of security tools that can be used to test computers for security problems. Students taking courses with this book can master security solutions in all aspects of designing modern computer systems. It introduces how to secure memory, buses, I/O and CPU. Moreover, the book explains how to secure computer architecture so that modern computers can be built on the new architecture free of data breaches. The concept of computers as stand-alone machines is fading away. Computers are now interconnected and in many cases coordinated to accomplish one task. Most current computer architecture textbooks still focus on the single computer model without addressing any security issues. Computer Architecture and Security provides readers with all of the components the traditional textbooks have, but also the latest development of computer technology. As security is a concern for most people, this book addresses the security issues in depth in all aspects of computer systems. Acknowledgements The authors would like to thank Dr. and Mrs. McQuivey for the thorough reviews and editions. Dr. Kyle Letimar provided tremendous help in editing and revising the book proposal. The authors would also like to acknowledge Ms. Anna Chen for her incredible help in preparing this manuscript.

Author Robert S. Ledley and Shuangbao Paul Wang Isbn 978-1118168813 File size 9 Mb Year 2013 Pages 343 Language English File format PDF Category Security Book Description: FacebookTwitterGoogle+TumblrDiggMySpaceShare The first book to introduce computer architecture for security and provide the tools to implement secure computer systems This book is geared for graduate students in computer architecture, communications, and information security, as well as engineers, researchers, security professionals, and middleware designers. This book provides the fundamentals of computer architecture for security. It covers a wide range of computer hardware, system software and data concepts from a security perspective. It is essential for computer science and security professionals to understand both hardware and software security solutions to survive in the workplace. Examination of memory, CPU architecture and system implementation Discussion of computer buses and a dual-port bus interface Examples cover a board spectrum of hardware and software systems Design and implementation of a patent-pending secure computer system Includes the latest patent-pending technologies in architecture security Placement of computers in a security fulfilled network environment Co-authored by the inventor of the modern Computed Tomography (CT) scanner Provides website for lecture notes, security tools and latest updates     Download (9 Mb) Network Security, Administration and Management Thinking Security: Stopping Next Year’s Hackers Essential Cybersecurity Science: Build, Test, and Evaluate Secure Systems A 21st Century Cyber-Physical Systems Education Hadoop Security: Protecting Your Big Data Platform Load more posts

Leave a Reply

Your email address will not be published. Required fields are marked *