P1L3: Operating Systems

Question 1

What does an Operating System do? What does it provide?

Answer 1

• -Makes it easier to use resources
• -Hardware controlled by OS
• -Provides isolation

Question 2

What is a Trusted Computing Base (TCB)?

Answer 2

–OS has direct control of hardware resources

–OS must determine authorized user(s) of resources

Question 3

What are TCB Requirements?

Answer 3

1. Complete Mediation–OS is between HW resources and apps
2. OS must be tamper-proof
3. OS must be correct–Protected resources are used properly.

Question 4

OS and Resource Protection

Answer 4

–Establish the source of the request (ie authentication)

–Authorization or Access Control

–OS follows policies for authorization and authentication

Question 5

What are System calls?

Answer 5

A request to the operating system.

Question 6

What is Complete Mediation?

Answer 6

Ensures that the OS cannot be bypassed when accessing a protected resource

Question 7

What are the requirements for isolation?

Answer 7

–requires HW support for memory protection

–The processor must keep track of what kind of code is being executed

–Privileged instructions can only be executed in system mode

Question 8

Are system calls more expensive than regular function calls? If so, why?

Answer 8

Yes. Because of the info that must be saved, the memory mapping that must be done, and the special instructions.

Question 9

What is Memory Protection?

Answer 9

The HW determines if memory belongs to the OS and is therefore unwritable to users.

Question 10

How do processes achieve unit isolation?

Answer 10

Each process gets an address space for it to use

Question 11

What are Physical addresses?

Answer 11

Point to actual RAM or physical memory

Question 12

What are Logical addresses?

Answer 12

Point to the address space

Question 13

What is Address translation?

Answer 13

The translation between the logical and physical memory.

Question 14

Logical addresses are stored on ____

Answer 14

pages

Question 15

Physical addresses are stored on _____

Answer 15

frames

Question 16

What is a Page table?

Answer 16

Table used to translate between pages and frames. It is built and protected by the OS

Question 17

Performing regular backups of data on a system is a critical control that assists with maintaining the integrity of the system and user data. T/F

Answer 17

True

Question 18

The default configuration for many operating systems usually maximizes security. T/F

Answer 18

False

Question 19

Each layer of code needs appropriate hardening measure in place to provide appropriate security services. T/F

Answer 19

True

Question 20

A malicious driver can potentially bypass many security controls to install malware. T/F

Answer 20

True

Question 21

It is possible for a system to be compromised during the installation process. T/F

Answer 21

True

Question 22

_____ applications is a control that limits the programs that can execute on the system to just those in the explicit list.

Answer 22

White-listing

Question 23

The most important changes needed to improve system security are to _____.

Answer 23

1. disable remotely accessible services that are not required
2. ensure that applications and services that are needed are appropriately configured
3. disable services and applications that are not required

Question 24

Security concerns that result from the use of virtualized systems include:

Answer 24

1. Guest OS violation.
2. Guest OS monitoring by the hypervisor.
3. Virtualized environment security.

Question 25

Once the system is appropriately built, secured and deployed, the process of maintaining security is _____.

Answer 25

Continuous

Question 26

The first critical step in securing a system is to secure the _____.

Answer 26

Base Operating System

Question 27

The first step in deploying new systems is _____.

Planning

Answer 27

Planning

Question 28

Which of the following need to be taken into consideration during the system security planning process

Answer 28

1. how users are authenticated
2. the categories of users of the system
3. what access the system has to information stored on other hosts

Question 29

Guest OSes are managed by a ________ , or VMM, that coordinates access between each of the guests and the actual physical hardware resources.

Answer 29

Hypervisor, virtual machine monitor

Question 30

_______-is a reactive control that can only inform you about bad things that have already happened.

Answer 30

Logging

Question 31

The three operating system security layers are: physical hardware, operating system kernel and _________

Answer 31

User Applications and Utilities

Question 32

__________ refers to a technology that provides an abstraction of the computing resources that run in a simulated environment.

Answer 32

Virtualization

Question 33

The final step in the process of initially securing the base operating system is_________

Answer 33

security testing

Question 34

What does Hardening mean?

Answer 34

to make more secure

Question 35

What are the Requirements of a TCB (trusted computing base)

Answer 35

Isolation (tamper proof), Complete mediation, verifiable (correct)

Question 36

Call Gates

Answer 36

System calls used to transfer control between user and system

Question 37

Memory Management Unit (MMU)

Answer 37

Uses page tables to resolve virtual addresses to physical addresses

Question 38

User code cannot access physical resources. T/F

Answer 38

True, only system mode’s privileged instructions can

Question 39

What are Virtualization’s 4 security layers?

Answer 39

Physical hardware, Hypervisor/VMM, Guest Os Kernel, User Apps