Chapter 13

Computer architecture

is an engineering discipline concerned

with the design and construction of computing
systems at a logical level.

Computer architecture courses delve into

the design of central processing unit (CPU)
components, memory devices, device
communications, and similar topics at the bit level,
defining processing paths for individual logic
devices that make simple 0 or 1 decisions.
 The term hardware encompasses any
tangible part of a computer that you can
actually reach out and touch, from the
keyboard and monitor to its CPU(s), storage
media, and memory chips.
 The central processing unit (CPU), generally
called the processor, is the computers nerve
center it is the chip, or chips in a
multiprocessor system, that governs all major
operations and either directly performs or
coordinates the complex symphony of
calculations that allows a to perform its
intended tasks.
 When a computer is running, it
operates a runtime environment that represents
the combination of the operating system and
whatever applications may be active. When
running, the computer also has the capability
to access files and other data as the users
security permissions allow.
1. PROTECTION RINGS
In the commonly used four-ring model, protection rings segregate the
operating system into kernel, components, and drivers in rings 02 and applications and
programs run at ring 3.

Ring 0: OS Kernel/Memory (Resident

Components)
Ring 1: Other OS Components
Ring 2: Drivers, Protocols, etc.
Ring 3: User-Level Programs and
Applications
Rings 0 2 run in supervisory or
privileged mode.
Ring 3 runs in user mode.
2. PROCESS STATES
Also known as operating states, process states
are various forms of execution in which a process may
run. Where the operating system is concerned, it can be
in one of two modes at any given moment: operating in
a privileged, all-access mode known as supervisor state
or operating in whats called the problem state
associated with user mode, where privileges are low
and all access requests must be checked against
credentials for authorization before they are granted or
denied.
 The only new term in this context is need-to-
know, which refers to an access authorization
scheme in which a subjects right to access an
object takes into consideration not just a
privilege level, but also the relevance of the
data involved to the role the subject plays (or
the job they perform).
1. Dedication Mode
2. System High Mode
3. Compartmented Mode
4. Multi Level Mode
 The second major hardware component of a
system is memory, the storage bank for information
that the computer needs to keep readily
available.
1. Read-Only Memory
2. Random Access Memory
 Secondary memory is a term commonly used to
refer to magnetic/optical media or other storage
devices that contain data not immediately
available to the CPU. For the CPU to access
data in secondary memory, the data must first
be read by the operating system and stored in
real memory.
The Special Type of Secondary Memory is
VIRTUAL MEMORY
 Data storage devices make up the third class of
computer system components well discuss. These
devices are used to store information that may be
used by a computer any time after its Computer
Architecture 387 written. Well first examine a few
common terms that relate to storage devices and then
look at some of the security issues related to data
storage.
 Input and output devices are often seen as
basic, primitive peripherals and usually dont
receive much attention until they stop working
properly. However, even these basic devices
can present security risks to a system. Security
professionals should be aware of these risks
and ensure that appropriate controls are in
place to mitigate them.
 Monitors
Printers
Keyboards/Mice
Modems
 Firmware (also known as microcode in some
circles) is a term used to describe software that is
stored in a ROM chip. This type of software is
changed infrequently (actually, never, if its
stored on a true ROM chip as opposed to an
EPROM/EEPROM) and often drives the basic
operation of a computing device.
 The Basic Input/Output System (BIOS) contains
the operating-system independent primitive
instructions that a computer needs to start up
and load the operating system from disk.
 Many hardware devices, such as printers
and modems, also need some limited
processing power to complete their tasks while
minimizing the burden placed on the operating
system itself. In many cases, these mini
operating systems are entirely contained in
firmware chips onboard the devices they serve.