160 likes | 319 Vues
Secure Operating Systems. Lesson 2: OS Fundamentals. Security. Very informally, protecting us for Bad Things™ More formally: Confidentiality Integrity Availability It is VERY hard for an application to be secure if the OS it is running on doesn’t help this. What OS Do. Four levels:
E N D
Secure Operating Systems Lesson 2: OS Fundamentals
Security • Very informally, protecting us for Bad Things™ • More formally: • Confidentiality • Integrity • Availability • It is VERY hard for an application to be secure if the OS it is running on doesn’t help this
What OS Do • Four levels: • Hardware • OS • Applications • Users • OS is the program most intimately involved with the hardware • Borders of the OS hard to define… Minesweeper?
Computer Systems Organization • Parts: • CPU • Main memory • IO (disk controller) • USB • Graphics adapter • Connected by a bus (or two…) • The OS helps all this work together
Computer Systems Architecture • Lots of different architectures • Von Neumann • Single Process • Multiprocessor • Symmetric/asymmetric multiprocessing • Multicore • Clustered systems
OS Structure • Multiprogramming • Doing more than one thing • Helps drive up CPU utilization • Time sharing/multitasking • Processes, and threads, and… • Swapping, virtual memory
Operating System Operations • Most modern OS are interrupt drive • A trap or exception drives control from the user process to the OS • This leads to “dual mode operation” • Must be able to tell the difference between user code and the OS code • Implemented with a “mode bit” • Often called User mode and Kernel mode
Privilege • The OS wants to be sure it can always regain control • Need a timer – has to have hardware force the control change • Some instructions should also only be callable from kernel (system) mode • Example: timer management
Process Management • OS needs to schedule processes and threads • Create and delete processes • Suspend and resume processes • Ideally, allow for process synchronizationand process communication • These can get iffy with respect to security
Memory Management • Managing physical memory is a nightmare • Is memory executable? • Virtual addresses v. Physical • OS must track who is using what • Often the implementation depends on the hardware support
Protection and Security • Protection: any mechanism that controls access to something (typically, a resource) • Security: slightly more subtle. Things can be technically working, but still insecure (think: lost password) • Will consider UIDs a lot, and permissions… also capabilities
Special Purpose Systems • Real time systems • Handhelds • Distributed
Open and Closed Source • Different design methodologies • Classically, Windows versus Linux – lots of tradeoffs here, you could do a whole class on it
Assignment • Make sure you can access the SVN • Read Chapter 1 of OSC • Make sure you have a Gentoo Linux VM and a Windows XP 32-bit VM up and running (unless you want to experiment on live machines)
Questions & Comments • What do you want to know?