Operating Systems Security Flashcards

1
Q

Characteristics of Trusted Computed Base

A

Tamper proof
Complete mediation
Correctness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does the OS isolate itself from untrusted user code?

A

Hardware support for memory protection
Processor execution modes
Privileged instructions which can only execute in system mode
System calls to transfer control between system and user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does the operating system do?

A

Provides abstractions for resources such as address space and files
Controls access to hardware
Isolates processes/applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Characteristics of Address Space

A

Processes view memory as contiguous
Often appears larger than available physical memory
Each process has its own memory mapping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is address translation?

A

Logical virtual addresses/pages are mapped to memory frames

Sharing mappings must be explicit and mediated by OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is MMU?

A

Memory management unit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Process protection via MMU

A

Uses page tables to resolve virtual addresses to physical addresses
Access marked by RWX bits on pages
Non executable stack also helps protect from malicious code execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does the OS isolate application code?

A

OS resides in portion of each process’ address space

Processes can access other processes/hardware/kernel in limited ways

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the structure of application code in 32bit Linux?

A

Lower 3GB is for user code/data

Top 1GB for kernel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does complete mediation work?

A

All protected resources need to be requested via TCB
User code can’t change OS’s address space without changing to system mode
To access physical resources, need privileged instructions from system mode
OS virtualizes physical resources, provides API to access
File tracks persistent changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does virtualization help?

A

Localizes the damage done to a compromised OS

TCB acts as hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the idea behind correctness?

A

Smaller and simpler coding is good

Secure coding is good for OS (use type safe languages)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can the TCB be trusted?

A

Secure vs trusted vs high assurance
Set of all hardware and software trusted to operate securely
Required for all others to trust in the system security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do we trust software?

A
  • Functional correctness
  • Maintain data integrity
  • Protect disclosure of sensitive data
  • Confidence
  • Statement given security we expect system to enforce
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the TCB design principles?

A
  • Least privilege for user and programs
  • Economy (small code size)
  • Open design
  • Complete mediation
  • Fail-safe defaults
  • Ease of use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How do we build a TCB?

A
  • Support key security features (authentication, access control, MAC, DAC, protecting the OS)
  • Complete mediation of accesses (trusted path from user to secure system)
  • Audit logs showing object accesses
17
Q

How should we design the kernel to be secure?

A
  • Good isolation (small in size)
  • Reference monitor
  • Tamper proof
  • Unbypassable
  • Analyzable
18
Q

Why is the kernel useful to security?

A

Security kernel enforces all security mechanisms

19
Q

Kernel design and TCB work together

A

All parts needed to enforce security policy

Virtualization also helps

20
Q

What is assurance?

A

Ways to say that everything is okay

21
Q

How do we provide assurance?

A
  • Testing (regression testing)
  • Penetration testing
  • Formal verification (checking mathematical specification of a problem to ensure security assertions hold)
  • Meeting requirements
22
Q

What are the challenges with testing?

A

Hard to cover all use cases

Cannot demonstrate the absence of a problem