Trance-0/NoteNextra-origin
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
a7640075cb7953221c2b298c650c6f40d6e4f90c
NoteNextra-origin/content/CSE4303/CSE4303_L16.md
Zheyuan Wu 31139ae077 updates
2026-03-24 12:18:11 -05:00

2.4 KiB
Raw Blame History

CSE4303 Introduction to Computer Security (Lecture 16)

System security

  • Why system security / platform security?
    • All code runs on some physical machine!
      • The cloud is not a cloud
      • Web pages are just data and code copied from a server that also manages the transfer
  • Why Linux?
    • Majority of web servers run Linux (esp. Cloud); popular in embedded, mobile devices

Operating system background

Context: computing stack

Layer Description
Application Web browser, user apps, DNS
OS:libs Memory allocations, compiler/linker
OS:kernel Process control, networking, file system, access control
OS:drivers Manage hardware
(Firmware) Minimal hardware management (if no full OS)
Hardware Processor, cahce, RAM, disk, USB ports

Operating systems

  • Operating System:

    • Provides easier to use and high level abstractions for resources such as address space for memory and files for disk blocks.
    • Provides controlled access to hardware resources.
    • Provides isolation between different processes and between the processes running untrusted/application code and the trusted operating system.

  • Need for trusting an operating system

    • Why do we need to trust the operating system? (AKA a Trusted Computing Base or TCB)
    • What requirements must it meet to be trusted?

  • TCB Requirements:

      1. Tamper-proof
      1. Complete mediation (reference monitor)
      1. Correct

Isolating User Processes from Each Other

  • How do we meet the user/user isolation and separation?
    • OS uses hardware support for memory protection to ensure this.

System Calls: Going from User to OS Code

  • System calls used to transfer control between user and system code
    • Such calls come through "call gates" and return back to user code.
      • The processor execution mode or privilege ring changes when call and return happen.
    • x86 sysenter / sysexit instructions

Isolating OS from Untrusted User Code

  • How do we meet the first requirement of a TCB (e.g., isolation or tamper-proofness)?
    • Hardware support for memory protection
    • Processor execution modes (system AND user modes, execution rings)
    • Privileged instructions which can only be executed in system mode
    • System calls used to transfer control between user and system code

Secure boot and Root of Trust (RoT)

Access control

Hazard: race conditions