Operating Systems Security Flashcards
Characteristics of Trusted Computed Base
Tamper proof
Complete mediation
Correctness
How does the OS isolate itself from untrusted user code?
Hardware support for memory protection
Processor execution modes
Privileged instructions which can only execute in system mode
System calls to transfer control between system and user
What does the operating system do?
Provides abstractions for resources such as address space and files
Controls access to hardware
Isolates processes/applications
Characteristics of Address Space
Processes view memory as contiguous
Often appears larger than available physical memory
Each process has its own memory mapping
What is address translation?
Logical virtual addresses/pages are mapped to memory frames
Sharing mappings must be explicit and mediated by OS
What is MMU?
Memory management unit
Process protection via MMU
Uses page tables to resolve virtual addresses to physical addresses
Access marked by RWX bits on pages
Non executable stack also helps protect from malicious code execution
How does the OS isolate application code?
OS resides in portion of each process’ address space
Processes can access other processes/hardware/kernel in limited ways
What is the structure of application code in 32bit Linux?
Lower 3GB is for user code/data
Top 1GB for kernel
How does complete mediation work?
All protected resources need to be requested via TCB
User code can’t change OS’s address space without changing to system mode
To access physical resources, need privileged instructions from system mode
OS virtualizes physical resources, provides API to access
File tracks persistent changes
How does virtualization help?
Localizes the damage done to a compromised OS
TCB acts as hypervisor
What is the idea behind correctness?
Smaller and simpler coding is good
Secure coding is good for OS (use type safe languages)
How can the TCB be trusted?
Secure vs trusted vs high assurance
Set of all hardware and software trusted to operate securely
Required for all others to trust in the system security policy
How do we trust software?
- Functional correctness
- Maintain data integrity
- Protect disclosure of sensitive data
- Confidence
- Statement given security we expect system to enforce
What are the TCB design principles?
- Least privilege for user and programs
- Economy (small code size)
- Open design
- Complete mediation
- Fail-safe defaults
- Ease of use