P1L3 Operating Systems Flashcards
Operating System
- -Makes it easier to use resources
- -Hardware controlled by OS
- -Provides isolation
Trusted Computing Base (TCB)
- -OS has direct control of hardware resources
- -OS must determine authorized user(s) of resources
TCB Requirements
- Complete Mediation–OS is between HW resources and apps
- OS must be tamper-proof
- OS must be correct–Protected resources are used properly.
OS and Resource Protection
- -Establish the source of the request (ie authenication)
- -Authorization or Access Control
- -OS follows policies for authorization and authentication
System calls
A request to the operating system.
Complete Mediation
Ensures that the OS cannot be bypassed when accessing a protected resource.
How to meet the requirement for isolation
- -requires HW support for memory protection
- -The processor must keep track of what kind of code is being executed
- -Privileged instructions can only be executed in system mode
Are system calls more expensive?
Yes. Because of the info that must be saved, the memory mapping that must be done, and the special instructions.
Memory Protection
The HW determines if memory belongs to the OS and is therefore unwritable to users.
Unit of isolation
Each process gets an address space for it to use
Physical addresses
Point to actual RAM or physical memory
Logical addresses
Point to the address space
Address translation
The translation between the logical and physical memory.
Logical addresses are stored on ____
pages
Physical addresses are stored on _____
frames
Page table
Table used to translate between pages and frames. It is built and protected by the OS
T/F: Process A can access Process B’s memory if explicit sharing is desired.
True: This is the only way Process A can access Process B’s memory as long as the page table is managed by the OS.
Memory Management Unit (MMU)
Handles the memory mapping. It uses page tables to resolve virtual addresses to physical addresses.
TLB
Translation lookaside buffers store the translation tables
RWX
Read, Write, Execute. Bits on the pages which determine the level of access to addressable memory.
OS Isolation from Application Code
- -The OS (kernel) resides in a portion of each process’s address space.
- -Processes can only cross the fence in controlled and limited ways.
- -OS protects itself and the processes from each other
Tasks that should be performed by the OS
- -Switching CPU from one process to another when the process blocks
- -Page fault handling
- -Changing who can access a protected resource
This task should be performed by the user processes
Setting up a new stack frame when an application program calls one of its functions.
Complete Mediation: The TCB
- -make sure no protected resource can be accessed w/o going through the TCB.
- -The TCB acts as a reference monitor that cannot be bypassed.
Complete Mediation: User Code
- -User code cannot access the OS part of the address space w/o changing to system mode.
- -User code cannot access physical resources because they require privilege instructions that can only be executed in system mode.
Complete Mediation: OS
- -OS virtualizes physical resources and provides an API for virtualized resources
- -File for storing persistent data on disk
- -Virtual resource must be translated to physical by the OS
Virtualization helps with limiting the damage caused by a compromised OS by…
- -Using a hypervisor between OS and hardware
- -VMs on top of hypervisor have their own OS and apps (isolation)
