CS426Fall 2010/Lecture 71 Computer Security CS 426 Lecture 7 Operating System Security Basics.

Slides:



Advertisements
Similar presentations
Operating Systems Components of OS
Advertisements

1/1/ / faculty of Electrical Engineering eindhoven university of technology Memory Management and Protection Part 3:Virtual memory, mode switching,
CSC 360- Instructor: K. Wu Overview of Operating Systems.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
CSC 405 Introduction to Computer Security
Memory Management Questions answered in this lecture: How do processes share memory? What is static relocation? What is dynamic relocation? What is segmentation?
Day 11 Processes. Operating Systems Control Tables.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
1 School of Computing Science Simon Fraser University CMPT 300: Operating Systems I Dr. Mohamed Hefeeda.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.
CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.
OS Spring’03 Introduction Operating Systems Spring 2003.
Figure 1.1 Interaction between applications and the operating system.
Modified from Silberschatz, Galvin and Gagne Lecture 15 Chapter 8: Main Memory.
Cs238 Lecture 3 Operating System Structures Dr. Alan R. Davis.
Operating Systems CS208. What is Operating System? It is a program. It is the first piece of software to run after the system boots. It coordinates the.
OS Spring’04 Introduction Operating Systems Spring 2004.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Protection and the Kernel: Mode, Space, and Context.
Systems Security & Audit Operating Systems security.
Chapter 3 Process Description and Control Operating Systems: Internals and Design Principles, 6/E William Stallings Patricia Roy Manatee Community College,
Chapter 1. Introduction What is an Operating System? Mainframe Systems
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
Chapter 3 Process Description and Control Operating Systems: Internals and Design Principles, 6/E William Stallings Patricia Roy Manatee Community College,
G53SEC 1 Reference Monitors Enforcement of Access Control.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Composition and Evolution of Operating Systems Introduction to Operating Systems: Module 2.
2: Computer-System Structures
Recall: Three I/O Methods Synchronous: Wait for I/O operation to complete. Asynchronous: Post I/O request and switch to other work. DMA (Direct Memory.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS-Related Hardware.
Chapter 2: Computer-System Structures 2.1 Computer System Operation 2.5 Hardware Protection 2.6 Network Structure.
Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,
Hardware process When the computer is powered up, it begins to execute fetch-execute cycle for the program that is stored in memory at the boot strap entry.
Computers Operating System Essentials. Operating Systems PROGRAM HARDWARE OPERATING SYSTEM.
G53SEC 1 Reference Monitors Enforcement of Access Control.
SAM-21 Fortress Model and Defense in Depth Some revision on Computer Architecture.
Operating Systems Lecture November 2015© Copyright Virtual University of Pakistan 2 Agenda for Today Review of previous lecture Hardware (I/O, memory,
Practice Exercises Chapter one and three.
1 CSE451 Architectural Supports for Operating Systems Autumn 2002 Gary Kimura Lecture #2 October 2, 2002.
Lecture Topics: 10/29 Architectural support for operating systems –timers –kernel mode –system calls –protected instructions.
Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319.
1 Computer Systems II Introduction to Processes. 2 First Two Major Computer System Evolution Steps Led to the idea of multiprogramming (multiple concurrent.
Operating Systems Security
Hardware process When the computer is powered up, it begins to execute fetch-execute cycle for the program that is stored in memory at the boot strap entry.
Information Security CS 526
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Operating Systems CMPSC 473 Introduction and Overview August 24, Lecture 1 Instructor: Bhuvan Urgaonkar.
Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.
CSCI/CMPE 4334 Operating Systems Review: Exam 1 1.
Modularity Most useful abstractions an OS wants to offer can’t be directly realized by hardware Modularity is one technique the OS uses to provide better.
Introduction to Operating Systems
Anton Burtsev February, 2017
CS490 Windows Internals Quiz 2 09/27/2013.
x86 segmentation, page tables, and interrupts
OS Virtualization.
Introduction to Operating Systems
Chapter 1: Intro (excerpt)
System Calls.
Chapter 15, Exploring the Digital Domain
Computer-System Architecture
Lecture Topics: 11/1 General Operating System Concepts Processes
Architectural Support for OS
Operating Systems Lecture 3.
CSE 451: Operating Systems Autumn 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 596 Allen Center 1.
CSE 451: Operating Systems Autumn 2001 Lecture 2 Architectural Support for Operating Systems Brian Bershad 310 Sieg Hall 1.
CSE 451: Operating Systems Winter 2003 Lecture 2 Architectural Support for Operating Systems Hank Levy 412 Sieg Hall 1.
Architectural Support for OS
Chapter 1: Introduction CSS503 Systems Programming
In Today’s Class.. General Kernel Responsibilities Kernel Organization
Shamelessly taken from Course Note Chapter 5.A
Presentation transcript:

CS426Fall 2010/Lecture 71 Computer Security CS 426 Lecture 7 Operating System Security Basics

Announcements Homework 1 due on Sept 10 Will have first quiz near the end of lecture Form a two-person team for the projects, and send team member info and preferred login for the team to the TA CS426Fall 2010/Lecture 72

CS426Fall 2010/Lecture 73 Computer System Components Hardware –Provides basic computing resources (CPU, memory, I/O devices). Operating system –Controls and coordinates the use of the hardware among the various application programs. Applications programs –Define the ways in which the system resources are used to solve the computing problems of the users. Users –E.g., people, machines, other computers.

CS426Fall 2010/Lecture 74 Abstract View of System Components

CS426Fall 2010/Lecture 75 What Security Goals Does Operating System Provide? Goal 1: enabling multiple users securely share a computer –Separation and sharing of processes, memory, files, devices, etc. What do C, I, A, mean here? What is the threat model? How to achieve the security goals? –Memory protection –Processor modes –User authentication –File access control

CS426Fall 2010/Lecture 76 What Security Goals Does Operating System Provide? Goal 2: ensure secure operation in networked environment What do C, I, A mean here? What is the threat model? How to achieve the security goals? –Authentication –Access Control –Secure Communication (using cryptography) –Logging & Auditing –Intrusion Prevention and Detection –Recovery

Security is About Controlled Sharing Ensure separation –Physical –Temporal –Logical –Cryptographical OS also need to ensure sharing Reconcile sharing and separation CS426Fall 2010/Lecture 77

CS426Fall 2010/Lecture 78 Memory Protection: access control to memory Ensures that one user’s process cannot access other’s memory –fence –relocation –base/bounds register –segmentation –paging –… Operating system and user processes need to have different privileges

CS426Fall 2010/Lecture 79 CPU Modes (a.k.a. processor modes or privilege System mode (privileged mode, master mode, supervisor mode, kernel mode) –Can execute any instruction –Can access any memory locations, e.g., accessing hardware devices, –Can enable and disable interrupts, –Can change privileged processor state, –Can access memory management units, –Can modify registers for various descriptor tables. Reading:

CS426Fall 2010/Lecture 710 User Mode User mode –Access to memory is limited, –Cannot execute some instructions –Cannot disable interrupts, –Cannot change arbitrary processor state, –Cannot access momory management units Transition from user mode to system mode must be done through well defined call gates (system calls) Reading:

CS426Fall 2010/Lecture 711 System Calls Guarded gates from user mode (space, land) into kernel mode (space, land) –use a special CPU instruction (often an interruption), transfers control to predefined entry point in more privileged code; allows the more privileged code to specify where it will be entered as well as important processor state at the time of entry. –the higher privileged code, by examining processor state set by the less privileged code and/or its stack, determines what is being requested and whether to allow it.

CS426Fall 2010/Lecture 712 Kernel space vs User space Part of the OS runs in the kernel model –known as the OS kernel Other parts of the OS run in the user mode, including service programs (daemon programs), user applications, etc. –they run as processes –they form the user space (or the user land) Difference between kernel mode and processes running as root (or superuser, administrator)

CS426Fall 2010/Lecture 713 High-level View of Kernel Space vs. User Space Hardware (disks, network interfaces, etc.) The Kernel Process 1Process 2Process n 

CS426Fall 2010/Lecture 714 Readings for This Lecture Wikipedia CPU modes System call

CS426Fall 2010/Lecture 715 Coming Attractions … User Authentication

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.