Trance-0/NoteNextra-origin
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
31139ae07796a2ee67e5a4cd9ff2726b8aefe75c
NoteNextra-origin/content/CSE4303/CSE4303_L16.md
Zheyuan Wu 31139ae077 updates
2026-03-24 12:18:11 -05:00

65 lines
2.4 KiB
Markdown
Raw Blame History

# CSE4303 Introduction to Computer Security (Lecture 16)
## System security
- Why system security / platform security?
- All code runs on some physical machine!
- The cloud is not a cloud
- Web pages are just data and code copied from a server that also manages the transfer
- Why Linux?
- Majority of web servers run Linux (esp. Cloud); popular in embedded, mobile devices
### Operating system background
Context: computing stack
| Layer | Description |
| --- | --- |
| Application | Web browser, user apps, DNS |
| OS:libs | Memory allocations, compiler/linker|
| OS:kernel | Process control, networking, file system, access control|
| OS:drivers | Manage hardware|
| (Firmware) | Minimal hardware management (if no full OS)|
|Hardware | Processor, cahce, RAM, disk, USB ports|
#### Operating systems
- Operating System:
- Provides easier to use and high level **abstractions** for resources such as address space for memory and files for disk blocks.
- Provides **controlled access** to hardware resources.
- Provides **isolation** between different processes and between the processes running untrusted/application code and the trusted operating system.
- Need for trusting an operating system
- Why do we need to trust the operating system? (AKA a Trusted Computing Base or TCB)
- What requirements must it meet to be trusted?
- TCB Requirements:
- 1. Tamper-proof
- 2. Complete mediation (reference monitor)
- 3. Correct
Isolating User Processes from Each Other
- How do we meet the user/user isolation and separation?
- OS uses hardware support for memory protection to ensure this.
System Calls: Going from User to OS Code
- System calls used to transfer control between user and system code
- Such calls come through "call gates" and return back to user code.
- The processor execution mode or privilege ring changes when call and return happen.
- x86 `sysenter` / `sysexit` instructions
## Isolating OS from Untrusted User Code
- How do we meet the first requirement of a TCB (e.g., isolation or tamper-proofness)?
- Hardware support for memory protection
- Processor execution modes (system AND user modes, execution rings)
- Privileged instructions which can only be executed in system mode
- System calls used to transfer control between user and system code
### Secure boot and Root of Trust (RoT)
### Access control
### Hazard: race conditions
Reference in New Issue View Git Blame Copy Permalink