Secure Operating Systems Lesson 2: OS Fundamentals
Security Very informally, protecting us for Bad Things™ More formally: Confidentiality Integrity Availability It is VERY hard for an application to be secure if the OS it is running on doesn’t help this
What OS Do Four levels: Hardware OS Applications Users OS is the program most intimately involved with the hardware Borders of the OS hard to define… Minesweeper?
Computer Systems Organization Parts: CPU Main memory IO (disk controller) USB Graphics adapter Connected by a bus (or two…) The OS helps all this work together
Computer Systems Architecture Lots of different architectures Von Neumann Single Process Multiprocessor Symmetric/asymmetric multiprocessing Multicore Clustered systems
OS Structure Multiprogramming Doing more than one thing Helps drive up CPU utilization Time sharing/multitasking Processes, and threads, and… Swapping, virtual memory
Operating System Operations Most modern OS are interrupt drive A trap or exception drives control from the user process to the OS This leads to “dual mode operation” Must be able to tell the difference between user code and the OS code Implemented with a “mode bit” Often called User mode and Kernel mode
Privilege The OS wants to be sure it can always regain control Need a timer – has to have hardware force the control change Some instructions should also only be callable from kernel (system) mode Example: timer management
Process Management OS needs to schedule processes and threads Create and delete processes Suspend and resume processes Ideally, allow for process synchronization and process communication These can get iffy with respect to security
Memory Management Managing physical memory is a nightmare Is memory executable? Virtual addresses v. Physical OS must track who is using what Often the implementation depends on the hardware support
Protection and Security Protection: any mechanism that controls access to something (typically, a resource) Security: slightly more subtle. Things can be technically working, but still insecure (think: lost password) Will consider UIDs a lot, and permissions… also capabilities
Special Purpose Systems Real time systems Handhelds Distributed
Open and Closed Source Different design methodologies Classically, Windows versus Linux – lots of tradeoffs here, you could do a whole class on it
Assignment Make sure you can access the SVN Read Chapter 1 of OSC Make sure you have a Gentoo Linux VM and a Windows XP 32-bit VM up and running (unless you want to experiment on live machines)
Questions & Comments What do you want to know?