Operating Systems Definition
Hardware: I/o…Memory….CPU
Operating Systems: Windows or Android, etc
Applications run on operating system
Operating Systems’ uses
- Makes it easier to use resources. Allows for high-level abstractions like files
- Hardware is controlled by the OS
- Provides isolation (each process believes it is the only one running on the system)
TCB
trusted computing base/kernel
- The operating system has direct control of the hardware resources.
- The OS must determine who is an authorized user of the resources.
TCB (trusted computing base) Requirements
- Complete mediation : the OS comes between the hardware resources and applications. The OS must make sure the application has the necessary authorizations.
- The OS must be tamperproof.
- The OS must be correct: the protected resources are used properly.
OS controls access to protected resources by?
- Establish the source of the request (authentication - who?)
- Authorization or access control does the source of the request have the right to access the resource.
- The OS follows the policies for authorization and authentication
claim that 1 OS is more secure is based on
it’s less likely to be a target
what is a system call?
- ask the OS for (access to) resources.
- is often called protected procedure call
- go through call gates (controlled/defined fashion)
why does system call have higher cost?
- user domain to OS domain (control transfer)
How can we trust OS?
- hardware support memory protection
- processor execution modes/rings (system & user)
what is system call instruction in x86
sysenter/sysexit
how to achieve untrusted user code isolation?
hardware support
how do hackers access to OS secure memory?
- firmware
- refresh mechanism of a dynamic ram
address space
- a container, collection, sequence of memory location
- unit of isolation
- 2^32 for 32bit system and 2^64 for 64bit
process views memory as
- continuous, available memory location, can even be bigger than the physical memory (virtual memory)
memory process
- logical addr - addr space - physical memory or ram
- isolate physical addrs that are accessible by process A to physical addrs that are accessible by process B
page table
- page#|displ for each memory location (logical/virtual address translation)
- managed by OS
process data/code protection
OS will not map a logical page of process A to a physical page of process B unless explicit sharing is desired.
use of processor memory management unit (MMU)
- use page table to resolve virtual addresses to physical addresses
- rwx bit on page limits type of access
how does TCB ensure complete mediation?
- make sure no protected resources could be accessed w/o going through the TCB
- TCB acts as a reference monitor that cannot be bypass
how does the OS ensure complete mediation?
- virtualizes physical resources and provides API
- file for storing persistent data on disk
- virtual resources must be translated to physical resource handle
how does virtualization limit the damage of a hacked OS?
- H/W - hypervisor (virtual machine monitor) - VMs (guess OS and apps)
how does TCB ensure correctness?
- smaller and simpler hypervisor.
- secure coding with type safe language
