Secure Operating Systems Lesson 2: OS Fundamentals

Security  Very informally, protecting us for Bad Things™  More formally: Confidentiality Integrity Availability  It is VERY hard for an application to be secure if the OS it is running on doesn’t help this

What OS Do  Four levels: Hardware OS Applications Users  OS is the program most intimately involved with the hardware Borders of the OS hard to define… Minesweeper?

Computer Systems Organization  Parts: CPU Main memory IO (disk controller) USB Graphics adapter Connected by a bus (or two…)  The OS helps all this work together

Computer Systems Architecture  Lots of different architectures  Von Neumann  Single Process  Multiprocessor Symmetric/asymmetric multiprocessing Multicore  Clustered systems

OS Structure  Multiprogramming Doing more than one thing Helps drive up CPU utilization  Time sharing/multitasking Processes, and threads, and… Swapping, virtual memory

Operating System Operations  Most modern OS are interrupt drive  A trap or exception drives control from the user process to the OS  This leads to “dual mode operation”  Must be able to tell the difference between user code and the OS code Implemented with a “mode bit” Often called User mode and Kernel mode

Privilege  The OS wants to be sure it can always regain control Need a timer – has to have hardware force the control change  Some instructions should also only be callable from kernel (system) mode Example: timer management

Process Management  OS needs to schedule processes and threads  Create and delete processes  Suspend and resume processes  Ideally, allow for process synchronization and process communication These can get iffy with respect to security

Memory Management  Managing physical memory is a nightmare  Is memory executable?  Virtual addresses v. Physical  OS must track who is using what Often the implementation depends on the hardware support

Protection and Security  Protection: any mechanism that controls access to something (typically, a resource)  Security: slightly more subtle. Things can be technically working, but still insecure (think: lost password)  Will consider UIDs a lot, and permissions… also capabilities

Special Purpose Systems  Real time systems  Handhelds  Distributed

Open and Closed Source  Different design methodologies  Classically, Windows versus Linux – lots of tradeoffs here, you could do a whole class on it

Assignment  Make sure you can access the SVN  Read Chapter 1 of OSC  Make sure you have a Gentoo Linux VM and a Windows XP 32-bit VM up and running (unless you want to experiment on live machines)

Questions & Comments  What do you want to know?