COMPUTER ARCHITECTURE AND SECURITY InformationSecuritySeries TheWiley-HEPInformationSecuritySeriessystematicallyintroducesthefundamentalsofinformation securitydesignandapplication.ThegoalsoftheSeriesare: (cid:1) toprovidefundamentalandemergingtheoriesandtechniquestostimulatemoreresearchincryptol- ogy,algorithms,protocols,andarchitectures; (cid:1) to inspire professionals to understand the issues behind important security problems and the ideas behindthesolutions; (cid:1) togivereferencesandsuggestionsforadditionalreadingandfurtherstudy. TheSeriesisajointprojectbetweenWileyandHigherEducationPress(HEP)ofChina.Publications consistofadvancedtextbooksforgraduatestudentsaswellasresearcherandpractitionerreferences coveringthekeyareas,includingbutnotlimitedto: – ModernCryptography – CryptographicProtocolsandNetworkSecurityProtocols – ComputerArchitectureandSecurity – DatabaseSecurity – MultimediaSecurity – ComputerForensics – IntrusionDetection LeadEditors SongyuanYan London,UK MotiYung ColumbiaUniversity,USA JohnRief DukeUniversity,USA EditorialBoard LizBacon UniversityofGreenwich,UK KefeiChen ShanghaiJiaotongUniversity,China MatthewFranklin UniversityofCalifornia,USA DieterGollmann HamburgUniversityofTechnology,Germany YongfeiHan BeijingUniversityofTechnology,China ONETSWireless&InternetSecurityTech.Co.,Ltd.Singapore KwangjoKim KAIST-ICC,Korea DavidNaccache EcoleNormaleSup(cid:1)erieure,France DingyiPei GuangzhouUniversity,China PeterWild UniversityofLondon,UK COMPUTER ARCHITECTURE AND SECURITY FUNDAMENTALS OF DESIGNING SECURE COMPUTER SYSTEMS Shuangbao(Paul)Wang GeorgeMasonUniversity,USA RobertS.Ledley GeorgetownUniversity,USA Thiseditionfirstpublished2013 #2013HigherEducationPress.Allrightsreserved. PublishedbyJohnWiley&SonsSingaporePte.Ltd.,1FusionopolisWalk,#07-01SolarisSouthTower,Singapore138628, underexclusivelicensebyHigherEducationPressinallmediaandalllanguagesthroughouttheworldexcludingMainland ChinaandexcludingSimplifiedandTraditionalChineselanguages. Fordetailsofourglobaleditorialoffices,forcustomerservicesandforinformationabouthowtoapplyforpermissionto reuse th e copyright material in this book please see our website at www.wiley.com. AllRightsReserved.Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmitted,inany formorbyanymeans,electronic,mechanical,photocopying,recording,scanning,orotherwise,exceptasexpressly permittedbylaw,withouteitherthepriorwrittenpermissionofthePublisher,orauthorizationthroughpaymentofthe appropriatephotocopyfeetotheCopyrightClearanceCenter.Requestsforpermissionshouldbeaddressedtothe Publisher,JohnWiley&SonsSingaporePte.Ltd.,1FusionopolisWalk,#07-01SolarisSouthTower,Singapore138628, tel:65-66438000,fax:65-66438008,email:[email protected]. Wileyalsopublishesitsbooksinavarietyofelectronicformats.Somecontentthatappearsinprintmaynotbeavailablein electronicbooks. Designationsusedbycompaniestodistinguishtheirproductsareoftenclaimedastrademarks.Allbrandnamesandproduct namesusedinthisbookaretradenames,servicemarks,trademarksorregisteredtrademarksoftheirrespectiveowners. ThePublisherisnotassociatedwithanyproductorvendormentionedinthisbook.Thispublicationisdesignedtoprovide accurateandauthoritativeinformationinregardtothesubjectmattercovered.Itissoldontheunderstandingthatthe Publisherisnotengagedinrenderingprofessionalservices.Ifprofessionaladviceorotherexpertassistanceisrequired, theservicesofacompetentprofessionalshouldbesought. LibraryofCongressCataloging-in-PublicationData Computerarchitectureandsecurity:fundamentalsofdesigningsecurecomputer systems/Shuangbao(Paul)Wang,RobertS.Ledley. p.cm. Includesbibliographicalreferencesandindex. ISBN978-1-118-16881-3(cloth) 1. Computerarchitecture. 2. Computersecurity. 3. Systemdesign. I. Wang,ShuangbaoPaul. II. Ledley,RobertSteven. QA76.9.A73C62932012 005.8–dc23 2012027837 ISBN:9781118168813 Setin11/13ptTimesbyThomsonDigital,Noida,India Toourparentswhocareandeducateusthroughoutourjourney. InmemoryofDr.Ledley,whopioneeredBiomedicalComputing. Contents AbouttheAuthors xv Preface xvii Acknowledgements xix 1 IntroductiontoComputerArchitectureandSecurity 1 1.1 HistoryofComputerSystems 3 1.1.1 TimelineofComputerHistory 5 1.1.2 TimelineofInternetHistory 15 1.1.3 TimelineofComputerSecurityHistory 28 1.2 JohnvonNeumannComputerArchitecture 34 1.3 MemoryandStorage 36 1.4 Input/OutputandNetworkInterface 37 1.5 SingleCPUandMultipleCPUSystems 38 1.6 OverviewofComputerSecurity 41 1.6.1 Confidentiality 41 1.6.2 Integrity 42 1.6.3 Availability 42 1.6.4 Threats 43 1.6.5 Firewalls 43 1.6.6 HackingandAttacks 44 1.7 SecurityProblemsinNeumannArchitecture 46 1.8 Summary 48 Exercises 48 References 50 2 DigitalLogicDesign 51 2.1 ConceptofLogicUnit 51 2.2 LogicFunctionsandTruthTables 52 2.3 BooleanAlgebra 54 2.4 LogicCircuitDesignProcess 55 viii Contents 2.5 GatesandFlip-Flops 56 2.6 HardwareSecurity 58 2.7 FPGAandVLSI 58 2.7.1 DesignofanFPGABiometricSecuritySystem 59 2.7.2 ARIFDStudentAttendanceSystem 59 2.8 Summary 65 Exercises 67 References 67 3 ComputerMemoryandStorage 68 3.1 AOneBitMemoryCircuit 68 3.2 Register,MAR,MDRandMainMemory 70 3.3 CacheMemory 72 3.4 VirtualMemory 74 (cid:1) 3.4.1 PagedVirtualMemory 75 (cid:1) 3.4.2 SegmentedVirtualMemory 75 3.5 Non-VolatileMemory 76 3.6 ExternalMemory 77 3.6.1 HardDiskDrives 78 (cid:1) 3.6.2 TertiaryStorageandOff-LineStorage 78 3.6.3 SerialAdvancedTechnologyAttachment(SATA) 79 3.6.4 SmallComputerSystemInterface(SCSI) 80 3.6.5 SerialAttachedSCSI(SAS) 81 (cid:1) 3.6.6 Network-AttachedStorage(NAS) 82 (cid:1) 3.6.7 StorageAreaNetwork(SAN) 83 3.6.8 CloudStorage 85 3.7 MemoryAccessSecurity 86 3.8 Summary 88 Exercises 89 References 89 4 BusandInterconnection 90 4.1 SystemBus 90 4.1.1 AddressBus 91 4.1.2 DataBus 93 4.1.3 ControlBus 93 4.2 ParallelBusandSerialBus 95 4.2.1 ParallelBusesandParallelCommunication 95 4.2.2 SerialBusandSerialCommunication 96 4.3 SynchronousBusandAsynchronousBus 107 (cid:1)Thestar“(cid:1)”heremeansthecontentisalittlebitmoreadvanced.Forteachingpurpose,thiscontentmaybeomitted forentrylevelstudents. Contents ix 4.4 SingleBusandMultipleBuses 109 4.5 InterconnectionBuses 110 4.6 SecurityConsiderationsforComputerBuses 111 4.7 ADual-BusInterfaceDesign 112 (cid:1) 4.7.1 Dual-ChannelArchitecture 113 (cid:1) 4.7.2 Triple-ChannelArchitecture 114 4.7.3 ADual-BusMemoryInterface 115 4.8 Summary 115 Exercises 117 References 117 5 I/OandNetworkInterface 118 5.1 DirectMemoryAccess 118 5.2 Interrupts 120 5.3 ProgrammedI/O 121 5.4 USBandIEEE1394 122 5.4.1 USBAdvantages 123 5.4.2 USBArchitecture 123 5.4.3 USBVersionHistory 124 (cid:1) 5.4.4 USBDesignandArchitecture 125 5.4.5 USBMassStorage 127 5.4.6 USBInterfaceConnectors 128 5.4.7 USBConnectorTypes 130 5.4.8 USBPowerandCharging 133 5.4.9 IEEE1394 136 5.5 NetworkInterfaceCard 136 5.5.1 BasicNICArchitecture 137 5.5.2 DataTransmission 138 5.6 Keyboard,VideoandMouse(KVM)Interfaces 139 5.6.1 Keyboards 140 5.6.2 VideoGraphicCard 140 5.6.3 Mouses 140 5.7 Input/OutputSecurity 140 5.7.1 DisableCertainKeyCombinations 141 5.7.2 Anti-GlareDisplays 141 5.7.3 AddingPasswordtoPrinter 141 5.7.4 BootableUSBPorts 141 5.7.5 EncryptingHardDrives 141 5.8 Summary 141 Exercises 142 References 143