updates
This commit is contained in:
Zheyuan Wu
65
content/CSE4303/CSE4303_L16.md
Normal file
65
content/CSE4303/CSE4303_L16.md
Normal file
@@ -0,0 +1,65 @@
|
||||
# CSE4303 Introduction to Computer Security (Lecture 16)
|
||||
|
||||
## System security
|
||||
|
||||
- Why system security / platform security?
|
||||
- All code runs on some physical machine!
|
||||
- The cloud is not a cloud
|
||||
- Web pages are just data and code copied from a server that also manages the transfer
|
||||
- Why Linux?
|
||||
- Majority of web servers run Linux (esp. Cloud); popular in embedded, mobile devices
|
||||
|
||||
### Operating system background
|
||||
|
||||
Context: computing stack
|
||||
|
||||
| Layer | Description |
|
||||
| --- | --- |
|
||||
| Application | Web browser, user apps, DNS |
|
||||
| OS:libs | Memory allocations, compiler/linker|
|
||||
| OS:kernel | Process control, networking, file system, access control|
|
||||
| OS:drivers | Manage hardware|
|
||||
| (Firmware) | Minimal hardware management (if no full OS)|
|
||||
|Hardware | Processor, cahce, RAM, disk, USB ports|
|
||||
|
||||
#### Operating systems
|
||||
|
||||
- Operating System:
|
||||
- Provides easier to use and high level **abstractions** for resources such as address space for memory and files for disk blocks.
|
||||
- Provides **controlled access** to hardware resources.
|
||||
- Provides **isolation** between different processes and between the processes running untrusted/application code and the trusted operating system.
|
||||
|
||||
- Need for trusting an operating system
|
||||
- Why do we need to trust the operating system? (AKA a Trusted Computing Base or TCB)
|
||||
- What requirements must it meet to be trusted?
|
||||
|
||||
- TCB Requirements:
|
||||
- 1. Tamper-proof
|
||||
- 2. Complete mediation (reference monitor)
|
||||
- 3. Correct
|
||||
|
||||
Isolating User Processes from Each Other
|
||||
|
||||
- How do we meet the user/user isolation and separation?
|
||||
- OS uses hardware support for memory protection to ensure this.
|
||||
|
||||
System Calls: Going from User to OS Code
|
||||
|
||||
- System calls used to transfer control between user and system code
|
||||
- Such calls come through "call gates" and return back to user code.
|
||||
- The processor execution mode or privilege ring changes when call and return happen.
|
||||
- x86 `sysenter` / `sysexit` instructions
|
||||
|
||||
## Isolating OS from Untrusted User Code
|
||||
|
||||
- How do we meet the first requirement of a TCB (e.g., isolation or tamper-proofness)?
|
||||
- Hardware support for memory protection
|
||||
- Processor execution modes (system AND user modes, execution rings)
|
||||
- Privileged instructions which can only be executed in system mode
|
||||
- System calls used to transfer control between user and system code
|
||||
|
||||
### Secure boot and Root of Trust (RoT)
|
||||
|
||||
### Access control
|
||||
|
||||
### Hazard: race conditions
|
||||
Reference in New Issue
Block a user