Week 12 Flashcards
To be useful, CPU needs access to memeory and I/O devices. What are some of these devices?
Storage (SSD, Hard Drive)
GPU
Network Interface
Generally speaking, the more data needs to be transferred, the ____ device to the CPU and the faster the bus.
“closer”
What are the relative speeds of these?
Memory Bus (Proprietary)
General I/O Bus
Perpheral I/O Bus
Memory Bus (Proprietary): very fast
General I/O Bus: fairly fast
Perpheral I/O Bus: somewhat slow
Where do you usually place USB?
You place it in the peripheral I/O Bus. Since it is slower we can place it farther away.
Based on the modern view of architecture, how are CPUs and GPUs connected? How is memory shared?
CPUs/GPUs/coprocessors all connected to the same interconnection fabric.
All these computing units share access to the same memory.
What happens inside the OS/driver?
Typically, there is some form of communication protocol.
Simplest approach: polling
More efficient: Interrupt-based I/O
Even more efficient: Direct Memory Access (DMA)
What are the steps of Polling?
It’s the most basic approach.
Check device repeatedly until ready
Write data/commands to HW registers
Execute the command
Wait until the device is done
Simple but slow (and CPU heavy)
What are some key ideas of interrupt based I/O?
Hardware peripheral signals events with interrupt (new data received; command completed; etc).
CPU does not have to wait and can schedule other tasks (asynchronous I/O)
Better for long lasting I/O operations and/or slow devices
Short I/O works better with ______
polling
Completes almost immediately. No need for context switch overhead
very intensive I/O works better with polling. Why?
High frequency requests can overwhelm the CPU. Better to let data accumulate and poll infrequently.
What are some key idas behind Direct Memory Access (DMA)?
Requires an extra DMA controller.
Main CPU provides details of data movements.
The DMA controller takes care of copying data while the CPU does other stuff.
How does the OS talk to devices.
Historically, the 1st approach is to use dedicated hardware instructions.
More popular these days is memory mapped IO. Writing/reading from certain ranges of memory locations causes messages to be exchanged with certain peripherals.
There are many possible devices. Does the OS need to know how to talk to all of them.
No. In general the OS will support generic interfaces/standards for communicating with a class of devices.
A specialized component will provide translation between the generic interface and the actual protocol used by the device.
That component is called the driver.
What is a threat model?
A description of the threat that affects a system, and the requirements in regards to those threats.
In regards to OS security, we worry about an attacker that may want to do 3 things.
- Gain access to sensitive/protected data and resources
- Modify protected data/resources
- Prevent the system from functioning correctly.
Explain the following properties.
Confidentiality
Integrity
Availability
Confidentiality: preventing information from being accessed by unauthorized parties.
Integrity: preventing unauthorized parties from modifying protected data or faking the provenance of data.
Availability: preventing unauthorized parties from disrupting the functioning of the system and making it unavaliable.
What do these guiding mechanisms do?
Keep it simple
Principle of least privilege
Keep it simple: it is a good idea to prefer simple solutions (as long as they work.) as they are easier to get and keep right.
Follow the principle of least privilege: give any entity (users, processes mostly) the smallest amount of privleges (capabilities) necessary to perform a task.
* Minimizes the risk that malicious actors will abuse privileges
* Minimizes the risk of accidental mistakes (a user copying files while holding admin rights may destroy the disk’s content).
What do these mechanism do?
virtual memory
access control
virtual memory also prevents processes from accessing and modifying other processes’ memory or crashing them by corrupting their in memory data.
Access control: systems are used to determine if processes/users have the right to access certain resources and how they are allowed to use them.
What is a security policy?
In general it is a precise, actionable definition of the actions that various entities are allowed to take on resources.
What is authentication?
The process necessary to acquire credentials to perform actions on objects.
What are these terms?
Principal:
Agent:
Object:
Credential:
Principal: the entity requesting an operation.
Agent: entity carrying the operation on behalf of a principal
Object: resource to which access is being requested
Credential: state describing whether access should be given (e.g., file permissions)
Authentication can be seen as the process necessary to acquire credentials to perform actions on objects.
What is an identity?
Sometimes identity can be associated to other notions such as groups of users.
Apps can also represent identities.
Modern OS’es associate an identity to a user (principal), and then associate that identity to all agents (processes) acting on behalf of that user.
How is a user identified.
They are identified by a UID.
Each process is associated with the UID
What is the false positive/flase negative tradeoff?
The more an authenticator is likely to accept the right user, the more i is likely to accept other users too.
(false positive, or type-1 error)
The more an authenticator is likely to reject the wrong user, the more likely it is to reject the right user too.
What is access control for?
Once we have an authenticated user, we have to do something with it.
When a user (or an agent) tries to perform an operation, things typically go this way.
1. Check if the request is compatible with this security policy.
2. If it is, perform the operation. If not, blovk it.
What is this terminology for access control?
Subject
Object
Access
Subject: entity who wants to perform access. (process/user)
Object: the thing that the subject wants to access. (e.g., a file)
Access: mode of access of the subject to the resource (e.g., reading)
In access control, the algorithm making the decision is called __________
reference monitor
What are two main approaches to implementing a reference monitor?
Access control lists
Capabilities
What is an access control list? What are some issues that we may run into.
Every object is associated with a list of subjects that are entitled to access it, and the type of access they can perform.
If we want to use ACLs to protect access to files, we could extend metadata with a list of users who can access it.
Issues:
* Storage space (must do this for every file)
* Performance (must search the list for every access).
How does UNIX fo ACLs?
Each file is associated with an owner and a group.
Avaliable permissions are read/write/execute
* permissions are defined for owner, the group and all other users.
In relation to UNIX and ACLS
What do the following do?
chown:
chgrp:
chmod:
chown can be used to set the owner
chgrp can be used to set the group
chmod can be used to set permission bits
What is a capability based system?
In such a system, a subject (process) is associated with a list of capabilities.
These lists are maintained and mediated by the OS
In the most straightforward implementation, this would ential having each process carry a list of all actions it is allowed to perform on all possible files.
Complicates achieving good performance.
What are the differences between ACLs and Capabilities
In ACLs, access rights are stored with objects which need to be protected
In capability based systems, access rights are stored with subjects which need to be constrained.
What is symmetric cryptography?
P can be encrypted using an algorithm E and a key K, resulting in a ciphertext C
C=E(P, K)
We use a decryption algorithm to get P back.
P = D(C, K)
What is asymmetric cryptography?
Use one ket to encrypt, and one to decrypt.
Keep encryption key secret, make descryption key public.
Encrypt message with private key, send to another party.
If it decrypts correctly, they can trust the message came from me
