# CSE4303 Introduction to Computer Security (Lecture 16)

## System security

- Why system security / platform security?
  - All code runs on some physical machine!
    - The cloud is not a cloud
    - Web pages are just data and code copied from a server that also manages the transfer
- Why Linux?
  - Majority of web servers run Linux (esp. Cloud); popular in embedded, mobile devices

### Operating system background

Context: computing stack

| Layer | Description |
| --- | --- |
| Application | Web browser, user apps, DNS |
| OS:libs | Memory allocations, compiler/linker|
| OS:kernel | Process control, networking, file system, access control|
| OS:drivers | Manage hardware|
| (Firmware) | Minimal hardware management (if no full OS)|
|Hardware | Processor, cahce, RAM, disk, USB ports|

#### Operating systems

- Operating System:
  - Provides easier to use and high level **abstractions** for resources such as address space for memory and files for disk blocks.
  - Provides **controlled access** to hardware resources.
  - Provides **isolation** between different processes and between the processes running untrusted/application code and the trusted operating system.

- Need for trusting an operating system
  - Why do we need to trust the operating system? (AKA a Trusted Computing Base or TCB)
  - What requirements must it meet to be trusted?

- TCB Requirements:
  - 1. Tamper-proof
  - 2. Complete mediation (reference monitor)
  - 3. Correct

Isolating User Processes from Each Other

- How do we meet the user/user isolation and separation?
  - OS uses hardware support for memory protection to ensure this.

System Calls: Going from User to OS Code

- System calls used to transfer control between user and system code
  - Such calls come through "call gates" and return back to user code.
    - The processor execution mode or privilege ring changes when call and return happen.
  - x86 `sysenter` / `sysexit` instructions

## Isolating OS from Untrusted User Code

- How do we meet the first requirement of a TCB (e.g., isolation or tamper-proofness)?
  - Hardware support for memory protection
  - Processor execution modes (system AND user modes, execution rings)
  - Privileged instructions which can only be executed in system mode
  - System calls used to transfer control between user and system code

### Secure boot and Root of Trust (RoT)

### Access control

### Hazard: race conditions