Computer Architecture and Security Fundamentals of Designing Secure Computer Systems

This book provides the fundamentals of computer architecture for security. It covers a wide range of computer hardware, system software and data concepts from a security perspective. It is essential for computer science and security professionals to understand both hardware and software security solutions to survive in the workplace.

• Examination of memory, CPU architecture and system implementation
• Discussion of computer buses and a dual-port bus interface
• Examples cover a board spectrum of hardware and software systems
• Design and implementation of a patent-pending secure computer system
• Includes the latest patent-pending technologies in architecture security
• Placement of computers in a security fulfilled network environment
• Co-authored by the inventor of the modern Computed Tomography (CT) scanner
• Provides website for lecture notes, security tools and latest updates

Robert S. Ledley is the inventor of CT scanner and is a member of the National Academy of Science (USA). He has numerous publications in Science and several books, and has hundreds of patents and grants. Dr. Ledley is the recipient of the National Medal of Technology (USA) that was awarded to him by President Clinton in 1997. He was admitted to the National Inventors Hall of Fame in 1990.

Dr. Ledley has been the president of the National Biomedical Research Foundation (USA) since 1960. He is also a professor (emeritus) at Georgetown University. Dr. Ledley is the editor-in-chief of four international journals. He has testified before the House and was interviewed by the Smithsonian Institution.

Preface xvii

Acknowledgements xix

1 Introduction to Computer Architecture and Security 1

1.1 History of Computer Systems 3

1.1.1 Timeline of Computer History 5

1.1.2 Timeline of Internet History 15

1.1.3 Timeline of Computer Security History 28

1.2 John von Neumann Computer Architecture 34

1.3 Memory and Storage 36

1.4 Input/Output and Network Interface 37

1.5 Single CPU and Multiple CPU Systems 38

1.6 Overview of Computer Security 41

1.6.1 Confidentiality 41

1.6.2 Integrity 42

1.6.3 Availability 42

1.6.4 Threats 43

1.6.5 Firewalls 43

1.6.6 Hacking and Attacks 44

1.7 Security Problems in Neumann Architecture 46

1.8 Summary 48

Exercises 48

References 50

2 Digital Logic Design 51

2.1 Concept of Logic Unit 51

2.2 Logic Functions and Truth Tables 52

2.3 Boolean Algebra 54

2.4 Logic Circuit Design Process 55

2.5 Gates and Flip-Flops 56

2.6 Hardware Security 58

2.7 FPGA and VLSI 58

2.7.1 Design of an FPGA Biometric Security System 59

2.7.2 A RIFD Student Attendance System 59

2.8 Summary 65

Exercises 67

References 67

3 Computer Memory and Storage 68

3.1 A One Bit Memory Circuit 68

3.2 Register, MAR, MDR and Main Memory 70

3.3 Cache Memory 72

3.4 Virtual Memory 74

3.4.1 Paged Virtual Memory 74

3.4.2 Segmented Virtual Memory 74

3.5 Non-Volatile Memory 76

3.6 External Memory 77

3.6.1 Hard Disk Drives 78

3.6.2 Tertiary Storage and Off-Line Storage 78

3.6.3 Serial Advanced Technology Attachment (SATA) 79

3.6.4 Small Computer System Interface (SCSI) 80

3.6.5 Serial Attached SCSI (SAS) 81

3.6.6 Network-Attached Storage (NAS) 82

3.6.7 Storage Area Network (SAN) 83

3.6.8 Cloud Storage 85

3.7 Memory Access Security 86

3.8 Summary 88

Exercises 89

References 89

4 Bus and Interconnection 90

4.1 System Bus 90

4.1.1 Address Bus 91

4.1.2 Data Bus 93

4.1.3 Control Bus 93

4.2 Parallel Bus and Serial Bus 95

4.2.1 Parallel Buses and Parallel Communication 95

4.2.2 Serial Bus and Serial Communication 96

4.3 Synchronous Bus and Asynchronous Bus 107

4.4 Single Bus and Multiple Buses 109

4.5 Interconnection Buses 110

4.6 Security Considerations for Computer Buses 111

4.7 A Dual-Bus Interface Design 112

4.7.1 Dual-Channel Architecture 113

4.7.2 Triple-Channel Architecture 114

4.7.3 A Dual-Bus Memory Interface 115

4.8 Summary 115

Exercises 117

References 117

5 I/O and Network Interface 118

5.1 Direct Memory Access 118

5.2 Interrupts 120

5.3 Programmed I/O 121

5.4 USB and IEEE 1394 122

5.4.1 USB Advantages 123

5.4.2 USB Architecture 123

5.4.3 USB Version History 124

5.4.4 USB Design and Architecture 125

5.4.5 USB Mass Storage 127

5.4.6 USB Interface Connectors 128

5.4.7 USB Connector Types 130

5.4.8 USB Power and Charging 133

5.4.9 IEEE 1394 136

5.5 Network Interface Card 136

5.5.1 Basic NIC Architecture 137

5.5.2 Data Transmission 138

5.6 Keyboard, Video and Mouse (KVM) Interfaces 139

5.6.1 Keyboards 140

5.6.2 Video Graphic Card 140

5.6.3 Mouses 140

5.7 Input/Output Security 140

5.7.1 Disable Certain Key Combinations 141

5.7.2 Anti-Glare Displays 141

5.7.3 Adding Password to Printer 141

5.7.4 Bootable USB Ports 141

5.7.5 Encrypting Hard Drives 141

5.8 Summary 141

Exercises 142

References 143

6 Central Processing Unit 144

6.1 The Instruction Set 144

6.1.1 Instruction Classifications 144

6.1.2 Logic Instructions 145

6.1.3 Arithmetic Instructions 145

6.1.4 Intel 64/32 Instructions 147

6.2 Registers 153

6.2.1 General-Purpose Registers 153

6.2.2 Segment Registers 155

6.2.3 EFLAGS Register 156

6.3 The Program Counter and Flow Control 158

6.3.1 Intel Instruction Pointer 158

6.3.2 Interrupt and Exception 159

6.4 RISC Processors 161

6.4.1 History 162

6.4.2 Architecture and Programming 162

6.4.3 Performance 163

6.4.4 Advantages and Disadvantages 163

6.4.5 Applications 164

6.5 Pipelining 164

6.5.1 Different Types of Pipelines 164

6.5.2 Pipeline Performance Analysis 165

6.5.3 Data Hazard 166

6.6 CPU Security 166

6.7 Virtual CPU 168

6.8 Summary 169

Exercises 170

References 170

7 Advanced Computer Architecture 172

7.1 Multiprocessors 172

7.1.1 Multiprocessing 172

7.1.2 Cache 173

7.1.3 Hyper-Threading 174

7.1.4 Symmetric Multiprocessing 175

7.1.5 Multiprocessing Operating Systems 175

7.1.6 The Future of Multiprocessing 176

7.2 Parallel Processing 177

7.2.1 History of Parallel Processing 177

7.2.2 Flynn’s Taxonomy 178

7.2.3 Bit-Level Parallelism 178

7.2.4 Instruction-Level Parallelism 179

7.2.5 Data-Level Parallelism 179

7.2.6 Task-Level Parallelism 179

7.2.7 Memory in Parallel Processing 180

7.2.8 Specialized Parallel Computers 181

7.2.9 The Future of Parallel Processing 182

7.3 Ubiquitous Computing 182

7.3.1 Ubiquitous Computing Development 183

7.3.2 Basic forms of Ubiquitous Computing 184

7.3.3 Augmented Reality 185

7.3.4 Mobile Computing 186

7.4 Grid, Distributed and Cloud Computing 187

7.4.1 Characteristics of Grid Computing 187

7.4.2 The Advantages and Disadvantages of Grid Computing 188

7.4.3 Distributed Computing 189

7.4.4 Distributed Systems 189

7.4.5 Parallel and Distributed Computing 190

7.4.6 Distributed Computing Architectures 190

7.4.7 Cloud Computing 192

7.4.8 Technical Aspects of Cloud Computing 193

7.4.9 Security Aspects of Cloud Computing 194

7.4.10 Ongoing and Future Elements in Cloud Computing 195

7.4.11 Adoption of Cloud Computing Industry Drivers 196

7.5 Internet Computing 197

7.5.1 Internet Computing Concept and Model 198

7.5.2 Benefit of Internet Computing for Businesses 199

7.5.3 Examples of Internet Computing 201

7.5.4 Migrating Internet Computing 202

7.6 Virtualization 203

7.6.1 Types of Virtualization 203

7.6.2 History of Virtualization 205

7.6.3 Virtualization Architecture 205

7.6.4 Virtual Machine Monitor 207

7.6.5 Examples of Virtual Machines 207

7.7 Biocomputers 209

7.7.1 Biochemical Computers 209

7.7.2 Biomechanical Computers 209

7.7.3 Bioelectronic Computers 210

7.8 Summary 211

Exercises 212

References 214

8 Assembly Language and Operating Systems 216

8.1 Assembly Language Basics 217

8.1.1 Numbering Systems 217

8.1.2 The Binary Numbering System and Base Conversions 219

8.1.3 The Hexadecimal Numbering System 220

8.1.4 Signed and Unsigned Numbers 221

8.2 Operation Code and Operands 223

8.3 Direct Addressing 225

8.4 Indirect Addressing 225

8.5 Stack and Buffer Overflow 226

8.5.1 Calling Procedures Using CALL and RET (Return) 228

8.5.2 Exploiting Stack Buffer Overflows 229

8.5.3 Stack Protection 231

8.6 FIFO and M/M/1 Problem 232

8.6.1 FIFO Data Structure 232

8.6.2 M/M/1 Model 233

8.7 Kernel, Drivers and OS Security 234

8.7.1 Kernel 234

8.7.2 BIOS 235

8.7.3 Boot Loader 236

8.7.4 Device Drivers 237

8.8 Summary 238

Exercises 239

References 240

9 TCP/IP and Internet 241

9.1 Data Communications 241

9.1.1 Signal, Data, and Channels 242

9.1.2 Signal Encoding and Modulation 243

9.1.3 Shannon Theorem 244

9.2 TCP/IP Protocol 244

9.2.1 Network Topology 245

9.2.2 Transmission Control Protocol (TCP) 246

9.2.3 The User Datagram Protocol (UDP) 247

9.2.4 Internet Protocol (IP) 247

9.3 Network Switches 248

9.3.1 Layer 1 Hubs 248

9.3.2 Ethernet Switch 249

9.4 Routers 250

9.4.1 History of Routers 251

9.4.2 Architecture 251

9.4.3 Internet Protocol Version 4 (IPv4) 253

9.4.4 Internet Protocol Version 6 (IPv6) 254

9.4.5 Open Shortest Path First 254

9.4.6 Throughput and Delay 256

9.5 Gateways 257

9.6 Wireless Networks and Network Address Translation (NAT) 258

9.6.1 Wireless Networks 258

9.6.2 Wireless Protocols 260

9.6.3 WLAN Handshaking, War Driving, and WLAN Security 261

9.6.4 Security Measures to Reduce Wireless Attacks 263

9.6.5 The Future of Wireless Network 263

9.6.6 Network Address Translation 264

9.6.7 Environmental and Health Concerns Using Cellular and Wireless Devices 265

9.7 Network Security 267

9.7.1 Introduction 268

9.7.2 Firewall Architecture 271

9.7.3 Constraint and Limitations of Firewall 273

9.7.4 Enterprise Firewalls 274

9.8 Summary 275

Exercises 276

9.9 Virtual Cyber-Security Laboratory 277

References 278

10 Design and Implementation: Modifying Neumann Architecture 280

10.1 Data Security in Computer Systems 280

10.1.1 Computer Security 281

10.1.2 Data Security and Data Bleaches 282

10.1.3 Researches in Architecture Security 283

10.2 Single-Bus View of Neumann Architecture 284

10.2.1 John von Neumann Computer Architecture 284

10.2.2 Modified Neumann Computer Architecture 285

10.2.3 Problems Exist in John Neumann Model 286

10.3 A Dual-Bus Solution 286

10.4 Bus Controller 288

10.4.1 Working Mechanism of the Bus Controller 288

10.4.2 Co-processor Board 289

10.5 Dual-Port Storage 292

10.6 Micro-Operating System 292

10.7 Summary 293

Exercises 294

10.8 Projects 295

References 295

Appendix A Digital Logic Simulators 297

A.1 CEDAR Logic Simulator 297

A.2 Logisim 298

A.3 Digital Logic Simulator v0.4 298

A.4 Logicly 299

Appendix B Computer Security Tools 300

B.1 Wireshark (Ethereal) 300

B.2 Metasploit 300

B.3 Nessus 301

B.4 Aircrack 301

B.5 Snort 301

B.6 Cain and Abel 302

B.7 BackTrack 302

B.8 Netcat 302

B.9 Tcpdump 302

B.10 John the Ripper 303

Appendix C Patent Application: Intrusion-Free Computer Architecture for Information and Data Security 304

C.1 Background of the Invention 304

C.1.1 John von Neumann Computer Architecture Model 305

C.1.2 Modified Neumann Computer Architecture 305

C.1.3 Problems Existed in the John Neumann Model 307

C.1.4 The Goal of the Invention 307

C.2 Field of Invention 308

C.3 Detailed Description of the Invention 308

C.4 Claim 310

Index 313

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.