Operating system security architectures (InComplete) Flashcards
Introduction on Operating system security architectures
Operating systems are the basis for secure systems
- All the software we run is affected by the OS on which we run it
Want to rely on a certain level of security
- Less to build per-application
- More trust in the basic mechanisms
There are common security structures in most operating systems, but lots of variation
Recap: What is an Operating system
Meaning: system software that manages computer hardware and software resources.
What is Kernel Space?
What is User Space?
Meaning (Kernel Space): The kernel has unrestricted access to everything.
- “root” or “admin” privileges.
Meaning (User Space): Access resources through the kernel.
- “User” privileges (which depend on the user)
- All privileged operations go through the kernel
Name some hazards/points of vulnerability in modern OSs?
- Accessing other running processes
- Accessing data inappropriately
- Accessing hardware resources inappropriately
Basic Security Support - What do we mean by isolation in relation to OS Security?
Meaning: a method used to protect each process from other processes in the OS.
Note: Processes are isolated by default
- Its own memory
- Its own list of open files
Key-Note: Isolation means that a fault in one program can’t corrupt the memory of another.
- Vital to limit the impact of failures
Process interaction is done via two ways:
- Explicitly by inter-process communication such as pipes, sockets, shared blocks of memory
- Implicitly by changing files they can both read.
Basic Security Support - What is meant by Ownership?
Meaning: The need to associate a user with every process, and permissions with all data and operations and ensure the rules are respected in practice.
Personal Note: Because OSs are designed to be multi-user, we have to ensure that each user is only allowed to access their own allocated space.
Notes on Operating system security architectures?
Division of responsibility
Kernel:
- The data structures and functions that need to be standardised for all users and processes
- (Because if they’re not, there will be problems)
- Be very careful about how operations interact
User:
- All the diversity of programs and languages we want, trusting that the kernel isolates us from poor/malicious code overwriting memory, and controls access to the files etc we create.
What is meant by a Trap in relation to Operating Systems?
Meaning: A special mechanism for crossing the trust boundary into kernel space.
- A trap, often a call to an interrupt handler.
- The kernel then has access to the user owning the process making the call.
Note: Trap into the kernel, which is the only way to actually access hardware and files.
What is meant by a Trusted Computing Base?
Meaning: A collection of hardware, software, and other components that work together to keep a computer system secure.
Key-Note: A security microkernel provides a uniform security model and operations for all other components.
Note: A kernel-beneath-the-kernel
- Isolate security features into as small as possible a code footprint – which can then be checked extensively.
- Sometimes provides checks as to what software can be loaded, including kernels
- Hold sensitive data securely, potentially even from the kernel
Name two ways of describing permissions? (In complete)
ACLs:
- A list of users and their permissions
- Each asset (file) has a sub-set of permissions and users.
- Every access to the resource /information is checked against the ACL.
RBAC:
- Instead of per-user permissions, assign users to roles and roles to permissions.
- Better-matched to most organisations’ behaviours
- Hard to introduce exceptions
Notes on Operating system security Architectures
The security perspective on the OS
All “sensitive” operations are performed by kernel routines
- A small number of entry points, each of which is a potential attack vector
- Crucially, the kernel is under the control of a single trusted authority
The kernel implements a security model
- A (relatively) small codebase to check for security issues
- The kernel is only a small part of the OS – and the place where the core security decisions are made
What is meant by a VM (Virtual Machine)?
Meaning: A computing environment that functions as an isolated system with its own CPU, memory, network interface, and storage, created from a pool of hardware resources.
Note: We can run several “virtual” machines on a single physical machine.
Note: Each VM is distinct from each other VM.
- Each has its own kernel, kernel data structures, etc
- and therefore potentially a different operating system
- Different sets of users, groups, permissions, etc
Note: A hypervisor is software that is used to run multiple virtual machines on a single physical machine.
What is meant by a container?
Meaning: a software package that contains all the files and components required to run an application in any environment.
Note: Container holds processes and libraries - an entire userland.
Note: A container is an isolated userland rather than a fully-isolated VM.
- There’s only one kernel
- Kernel sees and manages all processes, files, etc, in all containers
What is the Differences between VMs and Containers (for Security)
Virtual Machines:
VMs behave like independent machines.
- Hypervisor provides the link to the real hardware
- No shared view of their processes
- May be lots of overhead, i.e., processes not used
Containers:
Containers let us use different libraries
- A program and all its dependencies
- Processes isolated as usual and we know all the code that will be called by the processes in the container
Summary on Operating System Security Architectures
OS level Security is the basis for almost everything else.
- Process isolation, resource permissions,
- Structured so that all privileged operations go through a (relatively) trusted kernel
Security impacts (and is impacted by) lots of choices made for other reasons
- For example, virtualisation
