exam Flashcards

Question

Explain the difference between CPU kernel mode and CPU user mode. What operating system processes run in kernel mode, and why?

Answer 1

User and Kernel The CPU operates in two modes: User mode: subset of instructions available. Kernel mode: all instructions available. Also known as system or monitor mode. In user mode, the CPU can execute only a subset of its instruction set; the dangerous instructions that might crash the machine are disallowed for security reasons. In kernel mode no such restriction applies; the full instruction set, including dangerous instructions, is available to the CPU. Kernel Mode When the interrupt occurs the kernel takes over and the CPU switches to kernel mode. The kernel looks up how to handle interrupt number 0x80 in its Interrupt Descriptor Table (IDT). This leads the kernel to the associated system call handling code. The kernel then looks up how to handle this particular system call, i.e. read, in its System Call Table (SCT). The kernel executes the code that handles this system call before returning to continue with the rest of the program. Privileged Instructions possess the following characteristics : (i) If any attempt is made to execute a Privileged Instruction in User Mode, then it will not be executed and treated as an illegal instruction. The Hardware traps it in the Operating System. (ii) Before transferring the control to any User Program, it is the responsibility of the Operating System to ensure that the Timer is set to interrupt. Thus, if the timer interrupts then the Operating System regains the control. Thus, any instruction which can modify the contents of the Timer is Privileged Instruction. (iii) Privileged Instructions are used by the Operating System in order to achieve correct operation. (iv) Various examples of Privileged Instructions include: I/O instructions and Halt instructions Turn off all Interrupts Set the Timer Context Switching Clear the Memory or Remove a process from the Memory Modify entries in the Device-status table

Answer 2

Programmed I/O The simplest approach to performing I/O is known as programmed I/O; this is where the CPU does all the I/O work. For example, reading 1 MB of data from the disk using programmed I/O happens like this: CPU issues a READ command to the device. CPU reads the status register if status != READY then goto 2. CPU reads byte from data register. CPU stores byte in main memory. if not done goto 1. Problems with Programmed I/O The repeated polling of device status register is inefficient and wastes CPU cycles. The device has no way of attracting the CPU's attention; this means that the CPU must poll all devices to check if they have something interesting to say, e.g. to check if the network card has received any new packets. A more sophisticated approach to I/O is required that allows devices to alert the CPU when they require attention. The way a device alerts the CPU is by generating an interrupt; this more efficient approach is called interrupt-driven I/O. Decoupling of I/O and computation was a major advance for operating systems. Interrupt-Driven I/O In this case, when a device needs attention: It alerts the CPU with an interrupt. The CPU finishes executing the current instruction. The CPU saves its current context. The CPU asks the interrupting device to identify itself and acknowledges the interrupt so that the device can stop interrupting. The CPU runs the interrupt service routine of the corresponding device. The saved context is restored and the CPU continues from where it left off before being interrupted.

Answer 3

Assembly is not portable to different CPU architectures. Linux is. Therefore, the kernel contains the minimum possible assembly code, usually wrapped in C so it looks like ordinary C at the use site.

Answer 4

There is no exec system call -- this is usually used to refer to all the execXX calls as a group. They all do essentially the same thing: loading a new program into the current process, and provide it with arguments and environment variables. The differences are in how the program is found, how the arguments are specified, and where the environment comes from. The calls with v in the name take an array parameter to specify the argv[] array of the new program. The end of the arguments is indicated by an array element containing NULL. The calls with l in the name take the arguments of the new program as a variable-length argument list to the function itself. The end of the arguments is indicated by a (char *)NULL argument. You should always include the type cast, because NULL is allowed to be an integer constant, and default argument conversions when calling a variadic function won't convert that to a pointer. The calls with e in the name take an extra argument (or arguments in the l case) to provide the environment of the new program; otherwise, the program inherits the current process's environment. This is provided in the same way as the argv array: an array for execve(), separate arguments for execle(). The calls with p in the name search the PATH environment variable to find the program if it doesn't have a directory in it (i.e. it doesn't contain a / character). Otherwise, the program name is always treated as a path to the executable. FreeBSD 5.2 added another variant: execvP (with uppercase P). This is like execvp(), but instead of getting the search path from the PATH environment variable, it's an explicit parameter to the function:

Answer 5

fork starts a new process which is a copy of the one that calls it, while exec replaces the current process image with another (different) one. Both parent and child processes are executed simultaneously in case of fork() while Control never returns to the original program unless there is an exec() error.

Answer 6

fork() { fork | fork & } fork

Answer 7

Data confidentiality (C), integrity (I) and availability (A)

Answer 8

To make an SQL Injection attack, an attacker must first find vulnerable user inputs within the web page or web application. A web page or web application that has an SQL Injection vulnerability uses such user input directly in an SQL query. The attacker can create input content. Such content is often called a malicious payload and is the key part of the attack. After the attacker sends this content, malicious SQL commands are executed in the database. Treat all user input as untrusted. Any user input that is used in an SQL query introduces a risk of an SQL Injection. Treat input from authenticated and/or internal users the same way that you treat public input.

Answer 9

Static analysis analyzes the SQL query sentences of web applications to detect and prevent SQL injection attacks. It also requires rewriting of web applications. The focus of the static analysis method is to validate the user input type in order to reduce the chances of SQL injection attacks rather than detect them In the case of dynamic analysis, the tool does not need access to the source code at all. A DAST tool simulates an end-user and has access to exactly the same resources as the end-user. It analyzes runtime web application security using HTTP requests, links, forms, etc. This means that a DAST tool is completely independent of the programming languages that your applications use and only needs to support client-side technologies. However, it can only analyze parts that are accessible to the user. For example, when you scan a web application for SQL Injections using dynamic analysis, the tool behaves like an automated penetration tester. It enters data in web forms and creates malformed requests to try to exploit your application. When it succeeds, it shows you how it was done. The downside is that it cannot show you the exact line of code which caused the security vulnerability, so a developer may need more time to find the error. If a dynamic analysis tool is not built using efficient technologies, it may take quite some time to work because it needs to analyze multiple execution paths. It will also not help you in any way with coding standards and code quality in general.

Answer 10

System Integrity Build production systems from a known and repeatable process to ensure the system integrity. Check systems periodically against snapshots of the original system. Use available third-party auditing software to check the system integrity. Back up the system resources on a regular basis.

Answer 11

Process Address Space Isolating each process in its address space - a region in primary memory - is useful because: One process cannot access the memory used by another process. If a process goes haywire it can only crash itself. From the process' point of view, it has complete control of the (virtual) machine. Process in Memory A process inhabits a space in memory with these components: Stack ----- Heap ----- Data ----- Text ----- Components of a Process in Memory A process inhabits a space in memory with these components: Text contains the code. Data is global static data to be used by the process. The heap supports dynamic memory requirements, i.e. variables assigned values on the fly during execution. The stack is used by the process to store return addresses, temporarily saved registers, local variables and similar things.

Answer 12

Compilers analyze and convert source code written in languages such as Java, C++, C# or Swift. They're commonly used to generate machine code or bytecode that can be executed by the target host system.