P1L3 Flashcards
Operating Systems Definition
Hardware: I/o…Memory….CPU
Operating Systems: Windows or Android, etc
Applications run on operating system
Operating Systems’ uses
- Makes it easier to use resources. Allows for high-level abstractions like files
- Hardware is controlled by the OS
- Provides isolation (each process believes it is the only one running on the system)
TCB
trusted computing base/kernel
- The operating system has direct control of the hardware resources.
- The OS must determine who is an authorized user of the resources.
TCB (trusted computing base) Requirements
- Complete mediation : the OS comes between the hardware resources and applications. The OS must make sure the application has the necessary authorizations.
- The OS must be tamperproof.
- The OS must be correct: the protected resources are used properly.
OS controls access to protected resources by?
- Establish the source of the request (authentication - who?)
- Authorization or access control does the source of the request have the right to access the resource.
- The OS follows the policies for authorization and authentication
claim that 1 OS is more secure is based on
it’s less likely to be a target
what is a system call?
- ask the OS for (access to) resources.
- is often called protected procedure call
- go through call gates (controlled/defined fashion)
why does system call have higher cost?
- user domain to OS domain (control transfer)
How can we trust OS?
- hardware support memory protection
- processor execution modes/rings (system & user)
what is system call instruction in x86
sysenter/sysexit
how to achieve untrusted user code isolation?
hardware support
how do hackers access to OS secure memory?
- firmware
- refresh mechanism of a dynamic ram
address space
- a container, collection, sequence of memory location
- unit of isolation
- 2^32 for 32bit system and 2^64 for 64bit
process views memory as
- continuous, available memory location, can even be bigger than the physical memory (virtual memory)
memory process
- logical addr - addr space - physical memory or ram
- isolate physical addrs that are accessible by process A to physical addrs that are accessible by process B