P1L3

Question 1

Operating Systems Definition

Answer 1

Hardware: I/o…Memory….CPU
Operating Systems: Windows or Android, etc
Applications run on operating system

Question 2

Operating Systems’ uses

Answer 2

• Makes it easier to use resources. Allows for high-level abstractions ­like files
  ­- Hardware is controlled by the OS
  ­- Provides isolation ­(each process believes it is the only one running on the system)

Question 3

TCB

Answer 3

trusted computing base/kernel

• The operating system has direct control of the hardware resources.
• The OS must determine who is an authorized user of the resources.

Question 4

TCB (trusted computing base) Requirements

Answer 4

• Complete mediation ­: the OS comes between the hardware resources and applications. The OS must make sure the application has the necessary authorizations.
• The OS must be tamperproof.
• The OS must be correct­­: the protected resources are used properly.

Question 5

OS controls access to protected resources by?

Answer 5

­- Establish the source of the request (authentication - who?)
­- Authorization or access control ­ does the source of the request have the right to access the resource.
- The OS follows the policies for authorization and authentication

Question 6

claim that 1 OS is more secure is based on

Answer 6

it’s less likely to be a target

Question 7

what is a system call?

Answer 7

• ask the OS for (access to) resources.
• is often called protected procedure call
• go through call gates (controlled/defined fashion)

Question 8

why does system call have higher cost?

Answer 8

• user domain to OS domain (control transfer)

Question 9

How can we trust OS?

Answer 9

• hardware support memory protection

- processor execution modes/rings (system & user)

Question 10

what is system call instruction in x86

Answer 10

sysenter/sysexit

Question 11

how to achieve untrusted user code isolation?

Answer 11

hardware support

Question 12

how do hackers access to OS secure memory?

Answer 12

• firmware

- refresh mechanism of a dynamic ram

Question 13

address space

Answer 13

• a container, collection, sequence of memory location
• unit of isolation
• 2^32 for 32bit system and 2^64 for 64bit

Question 14

process views memory as

Answer 14

• continuous, available memory location, can even be bigger than the physical memory (virtual memory)

Question 15

memory process

Answer 15

• logical addr - addr space - physical memory or ram

- isolate physical addrs that are accessible by process A to physical addrs that are accessible by process B

Question 16

page table

Answer 16

• page#|displ for each memory location (logical/virtual address translation)
• managed by OS

Question 17

process data/code protection

Answer 17

OS will not map a logical page of process A to a physical page of process B unless explicit sharing is desired.

Question 18

use of processor memory management unit (MMU)

Answer 18

• use page table to resolve virtual addresses to physical addresses
• rwx bit on page limits type of access

Question 19

how does TCB ensure complete mediation?

Answer 19

• make sure no protected resources could be accessed w/o going through the TCB
• TCB acts as a reference monitor that cannot be bypass

Question 20

how does the OS ensure complete mediation?

Answer 20

• virtualizes physical resources and provides API
• file for storing persistent data on disk
• virtual resources must be translated to physical resource handle

Question 21

how does virtualization limit the damage of a hacked OS?

Answer 21

• H/W - hypervisor (virtual machine monitor) - VMs (guess OS and apps)

Question 22

how does TCB ensure correctness?

Answer 22

• smaller and simpler hypervisor.

- secure coding with type safe language