Security Flashcards
what is the main concern for the OS in terms of security
separate users and processes in memory and the filestore
how do we block users from changing the OS
privilege levels
how is a users account protected
a hash is used to encrypt
the password file is salted
what is salting
add an extra substring
what do firewalls protect
LAN
how are files protected
access control and permissions as part of the filing system
how are processes protected
privilege
what does setUID do
allow untrusted users to run trusted code
what is a buffer overflow attack
overfill the buffer to get a pointer to an unauthorised location.
what is a denial of service attack
overload the server until it breaks
what processor privilege levels are there
user and supervisor
supervisor can do anything, whereas user is restricted
where are privileges set
page tables, MMU
when does a user switch to supervisor
reset
system calls
interrupts
memory faults
emulator trap
how would you overcome a buffer overflow attack
don’t assume inputs are always legal
use a canary- a random value checked by the compiler
make target stack space non executable
address randomisation
describe hardware vs software privilege
users can be user or superuser. this determines who can run a program
when it comes to serving system calls, this is a hardware privilege. no matter whether the user is superuser or not, to service a system call the hardware privilege must be changed.