L4 - Operating System Security

Question 1

A computer vendor ad claimed that its computers (including the OS they ran) were more secure. This claim could be based on one or more of the following:

a) This vendor’s more secure OS met TCB (Trusted Computing Base) requirements while others did not.
b) The two OS were similar as far as security was concerned but one was not as big a target.
c) The more secure OS could be much simpler than the other one.

Answer 1

b) The two OS were similar as far as security was concerned but one was not as big a target.

Question 2

A system call allows application code to gain access to functionality implemented by the OS. A system call often called a protected procedure call.

Is the cost of a system call:

a) The same as a regular call
b) Higher than a regular call

Answer 2

b) Higher than a regular call

During a system call, you’re doing control transfer. You’re going from user part of the program the operating system. You have to save where you will return, pass arguments and parameters. And you are switching protection domains. Going from user space to OS, which is a protected domain. Here you can do things you couldn’t before

Question 3

Complete mediation ensures that the OS cannot be bypassed when accessing a protected resource. How does the OS know who is making the request for the resource?

a) Process runs on behalf of a user who must have previously logged in
b) Requested resource allows us to find out who must be requesting it

Answer 3

a) Process runs on behalf of a user who must have previously logged in

Question 4

Which of these methods have been shown to allow hacker access to “secure” memory belonging to the OS?

a) Modification of firmware by Thunderstrike malware via malicious devices that connect via Mac’s Thunderbolt interface
b) Exploiting the “refresh” mechanism of a Dynamic RAM for privilege escalation
c) Exploiting OS code buffer overflow vulnerability
d) A and B
e) All of the above
d) A and C
e) B and C

Answer 4

e) All of the above

Thunderstrike attacks when the system is coming to life, early in the process. You can inject new firmware through Thunderbolt.

Reading DRAM address aggressively repeatedly, the bit will flip.

If OS is written in low level language, not typed language, you can have a buffer overflow and override isolation

Question 5

The stack can be exploited through:

a) Overflowing the buffer to change the return address to alter program execution
b) Pushing data onto the stack to overflow the stack into the heap
c) Popping data off the stack to gain access to application code

Answer 5

a) Overflowing the buffer to change the return address to alter program execution

Question 6

Should it be executed in the OS or can it be executed in application code running in user mode?

Switching CPU from one process to another when a process blocks

a) OS
b) User

Answer 6

a) OS

Address space changes when you go from one process to another. Address space change always has to be in OS because this is how we protect memory (i.e. which process can use which page table)

Question 7

Should it be executed in the OS or can it be executed in application code running in user mode?

Page fault handling

a) OS
b) User

Answer 7

a) OS

If some virtual page is not currently in physical memory, you will have a page fault. System will have to take from disk and find free space in memory and update page table to point to the physical page. Page tables can only be updated in the OS. User mode CANNOT update page tables.

Question 8

Should it be executed in the OS or can it be executed in application code running in user mode?

Changing who can access a protected resource such as a file

a) OS
b) User

Answer 8

a) OS

Changing permissions can only be done in the OS.

Question 9

Should it be executed in the OS or can it be executed in application code running in user mode?

Setting up a new stack frame when an application program calls one of its functions

a) OS
b) User

Answer 9

b) User

Every time we call a function, a stack frame is set up and that does not require intervention from the OS. This can be done at the application level.

Question 10

A Hypervisor is something between the hardware and OS

a) True
b) False

Answer 10

a) True

Do your taxes on VM1 while browsing sketchy dark web shit on VM2. The TCB here is the Hypervisor

Question 11

An attack that exploits a vulnerability in an OS turns off the check that is performed before access to a protected resource is granted.

What TCB requirement is violated as a result of this attack?

a) Complete mediation
b) Correctness
c) Tamper-proof

Answer 11

c) Tamper-proof
You turned off the check, so you’ve tampered with the OS

You are still going into the OS so it is still mediating.
Correctness is not the first level of violation.

Question 12

Going from MS DOS to recent Windows operating systems, what is a rough estimate for the multiplier for the lines of code (e.g. multiplier is x if recent Windows OS is x times the number of lines of code in DOS)?

a) Windows is 100x larger than MS DOS
b) Windows is 500x larger than MS DOS
c) Windows is 10000x larger than MS DOS

Answer 12

c) Windows is 10000x larger than MS DOS

MSDOS = 5,000 lines
Windows = ~50,000,000 lines
DAYUM.

Correctness is harder the larger your code base is.

Question 13

The number of lines of code in a hypervisor is expected to be smaller. Xen is an open source hypervisor.

What is a rough estimate for the lines of code for the Xen hypervisor?

a) 10,000
b) 150,000
c) 1,000,000

Answer 13

b) 150,000

Relatively small compared to an OS.