Computer Architecture and the CISSP Exam
Basic computer (system) architecture refers to the architecture of a computer system consisting of its hardware, firmware, and software.
The CompTIA A+ certification exam covers computer engineering in depth and is an excellent way to prepare for this part of the CISSP exam.
Hardware is made up of hardware components in computer architecture. The main components of a computer chassis include the central processing unit, memory, and the bus.
The central processing unit (CPU) or microprocessor is the electronic circuit that performs the functions of a computer, logic, and arithmetic. As shown in the figure, the main components of the CPU include
Arithmetic Logic Unit (ALU): It performs numerical arithmetic and comparative logical functions, such as addition, subtraction, division, and multiplication.
Bus Interface Unit (BIU): It oversees data transfers across the bus system between the CPU and input/output devices.
Console: Coordinates the activities of other CPU components during program execution.
Decoder: Converts incoming instructions into individual CPU commands.
Floating Point Unit (FPU): Handles the higher arithmetic operations of the ALU and the Controller.
Memory Management Unit (MMU): It deals with processing, indexing and translating data stored in memory into logical addressing.
Prefetch: Preload instructions in the CPU registers.
Protection Test Unit (PTU): Monitors all CPU functions to ensure that they are executed correctly.
Logs: Temporarily keep CPU data, addresses, and instructions in private stores.
The basic process of a microprocessor consists of two distinct phases: fetch and execution. (It’s not much different from what your dog does: you throw the stick, and it fetches the stick.) During the fetch phase, the CPU selects the required instructions from memory and retrieves them. During the execution phase, the CPU decodes and executes instructions. These two phases form a basic machine cycle which is controlled by the CPU clock signals. Many complex instructions require more than one machine cycle to execute.
The four operating states of a computer (CPU) are
- On (or on) state: The CPU is executing an instruction or instruction.
- Problem state (or application): The CPU computes a solution to an application-based problem. During this state, only a limited subset of instructions (unmarked instructions) are available.
- Supervisory state: The CPU is executing privileged instructions, which means that the instructions are only available to the system administrator or another authorized user/process.
- Wait state: The CPU has not yet completed executing instructions and must extend the cycle.
The two basic types of CPU designs used in modern computer systems are
Complex Instruction Set Computing (CISC): It can perform multiple operations for each individual instruction.
Optimized for systems where the fetch phase is the longest part of the instruction execution cycle. CPUs that use CISC include Intel x86, PDP-11, and Motorola 68000.
Shortened Instruction Set Computing (RISC): Uses fewer and simpler instructions than the CISC architecture, and requires fewer clock cycles to execute. Optimized for systems where the fetch and execution phases are approximately equal. CPUs with RISC architecture include Alpha, PowerPC, and SPARC.
Microprocessors are also often described as numerical or meta. The standard processor executes one instruction at a time. A superscalar processor can execute multiple instructions at the same time.
Finally, many systems (microprocessors) are classified according to the additional functions (which the installed operating system must support):
- Multitasking: switches the execution of multiple subprograms or tasks on a single processor.
- Multiprogramming: You alternate between executing multiple programs on a single processor.
- Multiprocessing: Executes multiple programs on multiple processors simultaneously.
Two related concepts of multi-state and multi-user systems correctly refer to the capabilities of an operating system:
- Multi-state: The operating system supports multiple operating states, such as single-user and multi-user modes in the UNIX/Linux world, and normal and secure modes in the Windows world.
- Multi-user: The operating system can differentiate between users. For example, it provides different shell environments, profiles, or privilege levels for each user, as well as process isolation between users.
An important security issue in multiuser systems involves privileged accounts and programs or processes running in the privileged state. Programs like su (UNIX/Linux) and RunAs (Windows) allow the user to switch to a different account, such as root or administrator, and execute commands with privileges in that context. Many programs rely on premium service accounts to function properly. Utilities such as Superzap from IBM, for example, are used to install repairs to the operating system or other applications.
The bus is a group of electronic conductors that interconnect the various components of the computer, transmitting signals, addresses, and data between these components. Bus structures are organized as follows:
Data bus: Transmits data between the CPU, memory, and peripheral devices.
Address bus: Transmits addresses of data and instructions between the CPU and memory.
Control bus: Transmits control information (device status) between the CPU and other devices.
Main memory (also known as main storage) is the part of the computer that stores programs, instructions, and data. The two basic types of physical (or real — as opposed to virtual — more on that later) memory are
Random Access Memory (RAM): Volatile memory (data is lost if power is removed) is memory that can be directly addressed and whose stored data can be altered. RAM is typically implemented in a computer’s architecture as cache memory and primary memory. The two main types of RAM are
Dynamic RAM (DRAM): Must be refreshed (the contents rewritten) every two milliseconds because of capacitance decay. Refreshing is accomplished by using multiple clock signals known as multiphase clock signals.
Static RAM (SRAM): Faster than DRAM and uses circuit latches to represent data, so it doesn’t need to be refreshed. Because SRAM doesn’t need to be refreshed, a single-phase clock signal is used.
Read-Only Memory (ROM): Nonvolatile memory (data is retained, even if power is removed) is memory that can be directly addressed but whose stored data can’t be easily altered. ROM is typically implemented in a computer’s architecture as firmware (which we discuss in the following section). Variations of ROM include
Programmable Read-Only Memory (PROM): This type of ROM can’t be rewritten.
Erasable Programmable Read-Only Memory (EPROM): This type of ROM is erased by shining ultraviolet light into the small window on the top of the chip. (No, we aren’t kidding.)
Electrically Erasable Programmable Read-Only Memory (EEPROM): This type of ROM was one of the first that could be changed without UV light. Also known as Electrically Alterable Read-Only Memory (EAROM).
Flash Memory: This type of memory is used in USB thumb drives.
Be sure you don’t confuse the term “main storage” with the storage provided by hard drives.
Secondary memory (also known as secondary storage) is a variation of these two basic types of physical memory. It provides dynamic storage on nonvolatile magnetic media such as hard drives, solid-state drives, or tape drives (which are considered sequential memory because data can’t be directly accessed — instead, you must search from the beginning of the tape). Virtual memory (such as a paging file, swap space, or swap partition) is a type of secondary memory that uses both installed physical memory and available hard-drive space to present a larger apparent memory space to the CPU than actually exists in main storage.
Two important security concepts associated with memory are the protection domain (also called protected memory) and memory addressing.
- A protection domain prevents other programs or processes from accessing and modifying the contents of address space that’s already been assigned to another active program or process. This protection can be performed by the operating system or implemented in hardware. The purpose of a protection domain is to protect the memory space assigned to a process so that no other process can read from the space or alter it. The memory space occupied by each process can be considered private.
- Memory space describes the amount of physical memory available in a computer system (for example, 2 GB), whereas address space specifies where memory is located in a computer system (a memory address). Memory addressing describes the method used by the CPU to access the contents of memory. A physical memory address is a hard-coded address assigned to physically installed memory. It can only be accessed by the operating system that maps physical addresses to virtual addresses. A virtual (or symbolic) memory address is the address used by applications (and programmers) to specify a desired location in memory. Common virtual memory addressing modes include
Base addressing: An address used as the origin for calculating other addresses.
Absolute addressing: An address that identifies a location without reference to a base address — or it may be a base address itself.
Indexed addressing: Specifies an address relative to an index register. (If the index register changes, the resulting memory location changes.)
Indirect addressing: The specified address contains the address to the final desired location in memory.
Direct addressing: Specifies the address of the final desired memory location.
Do not confuse the concepts of virtual memory and virtual addressing. Virtual memory combines physical memory and hard disk space to create more meaningful memory (or memory space). Virtual addressing is the method used by applications and programmers to specify a desired location in physical memory.
Firmware is a program or set of computer instructions stored in the physical circuits of a ROM. These types of programs are usually changed infrequently or not at all. In servers and user workstations, firmware usually stores the initial computer instructions that are executed when the server or workstation is running; The firmware starts the CPU and other chips on the board, and establishes connections using the keyboard, monitor, network adapter, and hard disk. The firmware retrieves blocks of data from the hard disk which are then used to load and start the operating system.
A computer’s BIOS is a common example of a firmware. The BIOS, or Basic Input Output System, contains the instructions needed to start the computer when it first boots, initialize the hardware, and load the operating system from the secondary storage (such as a hard drive).
Firmware is also found in devices such as smartphones, tablets, DSL/cable modems, and any other type of internet-connected device, such as cars, thermostats, and even your refrigerator.
Firmware is usually stored on one or more ROM chips on a computer’s motherboard (the main circuit board that contains the CPU, memory, and other circuits).
Software includes the operating system and software or applications installed on a computer system.
A computer operating system (OS) is the software that controls the operation of a computer, enabling the use of a computer. An operating system can be thought of as a logical platform on which other programs can be run to perform work.
The main components of an operating system are
Kernel: The basic component of an operating system that allows processes to run, control devices, and connections to external devices and systems.
Device drivers: The software modules that the kernel uses to communicate with internal and external devices that may be connected to the computer.
Tools: Standalone programs that perform specific maintenance functions, such as file system repair or network testing. The tools can be operated automatically or manually.
The operating system controls computer resources. The main functions of the operating system are
Process management: setting up an environment in which several independent processes (programs) can run.
Resource management: Controls access to all available resources, using schemes that may be based on priority or efficiency.
I/O device management: Controls the connection to all devices connected to the computer, including hard drives, printers, monitors, keyboard, mouse, etc.
Memory management: Controls the allocation and access to main memory (RAM), its allocation to processes, as well as general uses such as disk caching.
File Manager: Controls file systems on hard drives and other types of devices and performs all file operations on behalf of individual operations.
Communications management: Controls communications over all communications available on behalf of operations.
A virtual machine is a computer software application, which allows multiple copies of a running operating system to execute on a single running computer without interfering with each other. Virtual machines are usually controlled by a hypervisor, a program that allocates resources to each resident operating system (called a guest).
The hypervisor acts as an operating system for multiple operating systems. One of the strengths of virtualization is that the resident operating system has little or no awareness of the fact that it is acting as a guest – instead, it may think that it is in direct control of the computers. Only your system administrator knows for sure.
Container is a lightweight, executable, self-contained package of software that includes everything you need to run. A container is basically a simple virtual machine that contains only the minimum amount of installed software needed to deploy a specific application. Popular container platforms include Docker and Kubernetes.