Operating Systems & Privileges Flashcards
TCB has 3 requirements. Which of the following is not one of the requirements?
a. Complete mediation between the os and hardware resources and applications. In addition, the os must make sure the applications have the necessary authorizations
b. Os must be tamper proof
c. Os must be able to go from user to kernel mode without errors
d. OS must be correct and ensure the resources are used properly
c. Os must be able to go from user to kernel mode without errors
What is a file INODE?
a. An INODE is part of a linked list design for memory storage
b. An INODE is a special directory only to be seen by root
c. An INODE is a control structure that contains information needed by the OS for a file
d. A user permission for a given user group
c. An INODE is a control structure that contains information needed by the OS for a file
In a DBMS, what happens in the following scenario assuming each of these steps are followed sequentially? Assume the grant option is always used.
Ann grants access right to Bob. Ann grants access right to Chris. Bob grants access right to David. David grants access right to Ellen. Chris grants access right to David. David grants access right to Frank. Ellen grants access right to Jim. Bob revokes access right from David.
A. David no longer has the access right.
B. David, Ellen, Frank, and Jim no longer have the access right.
C. David, Ellen, and Jim no longer have the access right.
D. Ellen and Jim no longer have the access right.
Answer D
In most implementations, the revocation is cascaded. In this case, since Chris also granted access to David, then David won’t have his access revoked, but Ellen since her access was granted after Bob (and before Chris) had granted access to David. Frank’s access remains since David granted access to him after Chris granted access to David. In general terms, if the access right would exist anyway, then the revoke is not cascaded.
Source: Book pg. 163
Most of the operating systems use _____. In addition to this ____ is more efficient for finding access rights
A.) ACLs & C-List
B.) TCB & Chmod
C.) Revocation & ACL
D.) C-List & ACLs
Answer A
Source: Lecture 5 notes
An attacker exploits a program and launches a shell. With which privilege level are the instructions executed?
A. User
B. Root
C. System
D. Host Program
Answer D
The attacker’s shellcode is run with the privileges of the exploited program. Source: L2 “Shellcode Privileges”
T/F: When an applicant applies to a registration authority (RA) to become a subscriber of a credential service provider (CSP), the RA is responsible for issuing an electronic credential
Answer False
The CSP issues the electronic credential to the subscriber.
Source: Book pg. 65
Which of the following is not a common physical characteristic used for biometric authentication?
A. Fingerprints B. Hair color C. Voice D. Signature E. Iris F. All of the above G. None of the above
Answer B
Facial characteristics are used, but that does not include a person’s hair color.
Source: Book pg. 88
What is the purpose of a nonce used in a challenge-response password protocol?
A. Prevent the hash of the password from being transmitted directly. B. Eliminate need for host to store user’s password. C. Defend against a replay attack. D. All of the above E. A & B F. B & C G. A & C H. None of the above.
Answer G
The nonce is used in generating a hash which the client sends to the server. The nonce is also randomly generated at the start of the session, so if an attacker tried a replay attack, they have a different nonce and thus would fail.
Source: Book pg. 93-94
Which of the following is NOT true with regards to operating systems?
a. We use operating systems to manage hardware
b. Operating systems such as Linux, Windows, and macOS handles access of low-level hardware resources
c. Operating systems can be a hinderance to users which is why they’re generally optional on most modern CPUs
d. Browsers, Word processors, and the like sit on top of the OS
Correct Answer: C
Without controlled hardware access in an operating system:
a. It would be easy for one application to overwrite data in another
b. One application could hog the CPU
c. Application running would not be cohesive
d. A & C
e. All of the above
Correct Answer: E
Which of the following are true about process isolation within operating systems?
a. All of the different applications are running on the same system and sharing the same physical resources
b. From the perspective of the application, it “thinks” it has complete and exclusive access to the entire hardware
c. The operating system does keep the applications aware of each other to avoid bandwidth hogging
d. A & B
e. All of the above
Correct Answer: D
C is incorrect - processes need not necessarily be aware of other processes
A system call allows application code to gain access to functionality implemented by the OS. A system call is often called a protected procedure call. The cost of a system call is:
a. The same as a regular call
b. Higher than a regular call
Correct Answer: B
A system call requires control transfer from the calling process into the OS, which then must perform authentication / authorization checks before granting access and transferring control back. This is more costly than a regular call, which incurs none of this overhead.
Complete mediation ensures that the OS cannot be bypassed when accessing a protected resource. How does the OS know who is making the request for the resource?
a. Process runs on behalf of a user who must have previously logged in
b. Requested resource allows us to find out who must be requesting it
c. All of the above
Correct Answer: A
Processes run on behalf of users. Users must login to the system to run applications/processes.
We have established that an OS must be tamper-proof. But how does an OS maintain this?
a. Modern CPUs default to privilege mode “0” which is least-privilege
b. CPUs have different execution modes or execution rings which have varying privileges
c. CPUs have different execution modes (least privilege set to “0”) and higher privileges are granted as you move up to higher modes
d. A & C
e. All of the above
Correct Answer: B
“0” mode is most privileged. Privileges are revoked as you move higher in execution modes or rings.
System calls are used to transfer control between user and system code. In the x86 architecture, we have explicit instructions to cross this system boundary. They are:
a. _enter & _exit
b. sys_enter & sys_exit
c. sysenter & sysexit
d. None of the above
Correct Answer: C
From a process’s point of view, it has the entire computer to itself. It isn’t aware it shares physical memory with other processes. What serves as this unit of isolation between processes sharing the same physical hardware resources?
a. ASLR
b. Logical Addresses
c. Isolative Address Layout
d. Address Space
Correct Answer: D
This maintains the mapping between logical address pages and physical address pages:
a. Logical Page Table
b. Page Table
c. Physical Page Table
d. Page Mapping Table
Correct Answer: B
A page table maintains the mapping between logical pages (which has logical addresses) and physical pages (which has physical addresses on them).
T/F: Virtual address translation ensures that a process can only access physical memory for which a corresponding logical address mapping exists in its page table.
True
T/F: Two page tables, each for a different process, can theoretically contain a mapping to the same physical page at the same time. The OS will simply dictate the sharing of memory so both processes can run.
False
Process A cannot access physical memory belonging to Process B [assuming that Process B is using that memory]. The processes can share the memory but that is not OS-dictated by default.
Protecting the OS from untrusted process code is essential. Similar to protecting processes from each other through address translation, the OS has this piece of hardware to handle its translation process:
a. Memory Management Unit (MMU)
b. Physical Memory Management (PMM)
c. OS Management Unit (OSMU)
d. Kernel Management Unit (KMU)
Correct Answer: A
T/F: Whenever a process wants to access a portion of the address space that contains kernel data or code, the process must make a system call to traverse that boundary.
True
In x86 systems - order the below execution rings from most privileged to least privileged
a. 3
b. 1
c. 2
d. 0
Correct Answer: 0, 1, 2, 3
0 is most privileged and needed to access kernel mode. 3 is user mode and cannot access kernel mode.
For the following described functions, should they be executed in the OS or user mode?
a. Switching CPU from one process to another when a process blocks
b. Page fault handling
c. Changing who can access a protected resource such as a file
d. Setting up a new stack frame when an application program calls one of its functions
Correct Answers:
a. Switching CPU from one process to another when process is blocked: OS
b. Page fault handling: OS
c. Changing who can access a protected resource such as a file: OS
d. Setting up a new stack frame when an application program calls one of its functions: User
In OSes, processes do not have direct access to physical resources. Virtual resources can be used and a translation process occurs whereby the virtual reference resolves into a physical reference. This level of indirection allows the OS to achieve:
a. Correctness
b. Complete Mediation
c. Tamper-Proof Requirement
Correct Answer: B
T/F: A type 2 hypervisor is loaded as a software layer directly onto a physical server, much like an OS is loaded. This is referred to as native virtualization.
False.
This is a type 1 hypervisor. Other notes:
- A type 1 can directly control the physical resources of the host (the hardware)
- A type 2 hypervisor has the host OS as a buffer between it and the hardware
- A type 2 hypervisor exploits the resources and functions of the host OS and runs as a software module on top of the OS: called hosted virtualization
T/F: A type 1 hypervisor performs better than type 2 hypervisors
True
Other Notes:
- Type 1 doesn’t compete for resources with an OS
- Type 1 are considered more secure than Type 2
Which is true about native virtualization vs. hosted virtualization?
a. Native virtualization systems are more typical in servers while hosted are more common in clients
b. Hosted virtualization systems are more typical in servers while native are more common in clients
c. Native virtualization systems have type 1 hypervisors, hosted have type 2
d. Hosted virtualization systems have type 1 hypervisors, native have type 2
e. A & C
f. A & D
g. B & C
h. B & D
Answer: E
A hypervisor accomplishes the following:
a. It coordinates guest OS access to memory and storage
b. It coordinates guest OS access to the CPU
c. It provides a similar hardware interface as that seen by an OS directly executing on the actual hardware
d. All of the above
e. None of the above
Correct Answer: D
T/F: Correctness is the least difficult of the three TCB requirements to achieve. OSes have become more usable with more features but less complex. Virtualization decreases this complexity even more so correctness can be achieved with minimal effort by designers.
False
Meeting the correctness requirement is very difficult. OSes have become more complex, not less. Virtualization helps with correctness by decreasing complexity but this alone does not achieve 100% correctness.
