System and application development consists of design, development, test, and deployment processes. Security has to be addressed at every step in the development cycle. However, addressing security in the design stage itself is most critical. Since prevention is better than cure, addressing security at the design stage itself can facilitate preventative controls to address security issues.
The elements of a computer that are fundamental to its operations, together with the way the elements are organized, are referred to as the computer architecture.
A computer is a physical device consisting of physical components. These physical components are called hardware. The hardware components process the instructions and data presented to them. The set of instructions and data is called software.
Some of the fundamental elements in the computer architecture are the input/output systems, the CPU, and memory. A common plane connects the previous three and is called a bus.
The following are the functions of each of these elements:
The function of memory is to store the instructions and data either permanently or temporarily. Computer memory can be categorized as primary memory and secondary memory.
Primary memory refers to a storage area that is directly addressable by the CPU. The examples of such memory are cache, Random Access Memory (RAM), and Read Only Memory (ROM). Secondary memory refers to permanent storage that is indirectly accessible by the CPU. Some examples are magnetic disks, tapes, and so on.
Telecommunication and networking technologies enable computers to communicate with each other. A computer may act as a server or a client or both. Based on the role of a computer in a network, the network architecture is classified as a client-server or centralized model. Since interconnectivity is the primary goal, these models are generally called distributed architecture.
Sometimes, the collection of hardware and software is together referred to as a computer system.
A computer system can be categorized as an open system, a closed system, or a combination of both.
An open system, as the name implies, is open to interconnectivity with other systems. It can also be reviewed by independent third parties. This means an open system can be reviewed and evaluated by third parties. In contrary, a closed system is proprietary in nature, and the internal workings are not known; auditing such systems, such as code review or architecture review is not feasible. Such systems may not be compatible with other systems.
From an asset classification and information security perspective, a computer is a physical asset and the necessary physical security principles are applicable to it. The service provided by a computer is called computing. It is treated as a service asset.
Various computing methods are available to improve the instruction execution cycle. An instruction execution cycle is the time required to fetch the instruction and data from memory, decode the information, and execute it.
When many operations are performed per instruction, such a computing is known as Complex Instruction Set Computing (CISC). When instruction sets reduce the cycle time to execute instructions, then the method is called Reduced Instruction Set Computing (RISC). Instruction processing generally contains fetch, decode, and execute cycles.
When the fetch, decode, and execute cycles are overlapped by a set of instructions to reduce the time cycle, then such a method is called pipelining.
From an information security perspective, computer architecture should take into consideration the CIA aspects of computing services.
In computer systems, establishing the level of assurance based on the defined security models so that the computer system can be trusted for use in critical infrastructure is called trusted computing.
The following are some of the concepts that relate to information security aspects of a trusted computing architecture: