Week 12

Question 1

To be useful, CPU needs access to memeory and I/O devices. What are some of these devices?

Answer 1

Storage (SSD, Hard Drive)
GPU
Network Interface

Question 2

Generally speaking, the more data needs to be transferred, the ____ device to the CPU and the faster the bus.

Answer 2

“closer”

Question 3

What are the relative speeds of these?

Memory Bus (Proprietary)
General I/O Bus
Perpheral I/O Bus

Answer 3

Memory Bus (Proprietary): very fast
General I/O Bus: fairly fast
Perpheral I/O Bus: somewhat slow

Question 4

Where do you usually place USB?

Answer 4

You place it in the peripheral I/O Bus. Since it is slower we can place it farther away.

Question 5

Based on the modern view of architecture, how are CPUs and GPUs connected? How is memory shared?

Answer 5

CPUs/GPUs/coprocessors all connected to the same interconnection fabric.

All these computing units share access to the same memory.

Question 6

What happens inside the OS/driver?

Answer 6

Typically, there is some form of communication protocol.

Simplest approach: polling

More efficient: Interrupt-based I/O

Even more efficient: Direct Memory Access (DMA)

Question 7

What are the steps of Polling?

Answer 7

It’s the most basic approach.

Check device repeatedly until ready

Write data/commands to HW registers

Execute the command

Wait until the device is done

Simple but slow (and CPU heavy)

Question 8

What are some key ideas of interrupt based I/O?

Answer 8

Hardware peripheral signals events with interrupt (new data received; command completed; etc).

CPU does not have to wait and can schedule other tasks (asynchronous I/O)

Better for long lasting I/O operations and/or slow devices

Question 9

Short I/O works better with ______

Answer 9

polling

Completes almost immediately. No need for context switch overhead

Question 10

very intensive I/O works better with polling. Why?

Answer 10

High frequency requests can overwhelm the CPU. Better to let data accumulate and poll infrequently.

Question 11

What are some key idas behind Direct Memory Access (DMA)?

Answer 11

Requires an extra DMA controller.

Main CPU provides details of data movements.

The DMA controller takes care of copying data while the CPU does other stuff.

Question 12

How does the OS talk to devices.

Answer 12

Historically, the 1st approach is to use dedicated hardware instructions.

More popular these days is memory mapped IO. Writing/reading from certain ranges of memory locations causes messages to be exchanged with certain peripherals.

Question 13

There are many possible devices. Does the OS need to know how to talk to all of them.

Answer 13

No. In general the OS will support generic interfaces/standards for communicating with a class of devices.

A specialized component will provide translation between the generic interface and the actual protocol used by the device.

That component is called the driver.

Question 14

What is a threat model?

Answer 14

A description of the threat that affects a system, and the requirements in regards to those threats.

Question 15

In regards to OS security, we worry about an attacker that may want to do 3 things.

Answer 15

1. Gain access to sensitive/protected data and resources
2. Modify protected data/resources
3. Prevent the system from functioning correctly.

Question 16

Explain the following properties.

Confidentiality

Integrity

Availability

Answer 16

Confidentiality: preventing information from being accessed by unauthorized parties.

Integrity: preventing unauthorized parties from modifying protected data or faking the provenance of data.

Availability: preventing unauthorized parties from disrupting the functioning of the system and making it unavaliable.

Question 17

What do these guiding mechanisms do?

Keep it simple

Principle of least privilege

Answer 17

Keep it simple: it is a good idea to prefer simple solutions (as long as they work.) as they are easier to get and keep right.

Follow the principle of least privilege: give any entity (users, processes mostly) the smallest amount of privleges (capabilities) necessary to perform a task.
* Minimizes the risk that malicious actors will abuse privileges
* Minimizes the risk of accidental mistakes (a user copying files while holding admin rights may destroy the disk’s content).

Question 18

What do these mechanism do?

virtual memory
access control

Answer 18

virtual memory also prevents processes from accessing and modifying other processes’ memory or crashing them by corrupting their in memory data.

Access control: systems are used to determine if processes/users have the right to access certain resources and how they are allowed to use them.

Question 19

What is a security policy?

Answer 19

In general it is a precise, actionable definition of the actions that various entities are allowed to take on resources.

Question 20

What is authentication?

Answer 20

The process necessary to acquire credentials to perform actions on objects.

Question 21

What are these terms?

Principal:
Agent:
Object:
Credential:

Answer 21

Principal: the entity requesting an operation.

Agent: entity carrying the operation on behalf of a principal

Object: resource to which access is being requested

Credential: state describing whether access should be given (e.g., file permissions)

Authentication can be seen as the process necessary to acquire credentials to perform actions on objects.

Question 22

What is an identity?

Answer 22

Sometimes identity can be associated to other notions such as groups of users.

Apps can also represent identities.

Modern OS’es associate an identity to a user (principal), and then associate that identity to all agents (processes) acting on behalf of that user.

Question 23

How is a user identified.

Answer 23

They are identified by a UID.

Each process is associated with the UID

Question 24

What is the false positive/flase negative tradeoff?

Answer 24

The more an authenticator is likely to accept the right user, the more i is likely to accept other users too.
(false positive, or type-1 error)

The more an authenticator is likely to reject the wrong user, the more likely it is to reject the right user too.

Question 25

What is access control for?

Answer 25

Once we have an authenticated user, we have to do something with it.

When a user (or an agent) tries to perform an operation, things typically go this way.
1. Check if the request is compatible with this security policy.
2. If it is, perform the operation. If not, blovk it.

Question 26

What is this terminology for access control?

Subject
Object
Access

Answer 26

Subject: entity who wants to perform access. (process/user)

Object: the thing that the subject wants to access. (e.g., a file)

Access: mode of access of the subject to the resource (e.g., reading)

Question 27

In access control, the algorithm making the decision is called __________

Answer 27

reference monitor

Question 28

What are two main approaches to implementing a reference monitor?

Answer 28

Access control lists

Capabilities

Question 29

What is an access control list? What are some issues that we may run into.

Answer 29

Every object is associated with a list of subjects that are entitled to access it, and the type of access they can perform.

If we want to use ACLs to protect access to files, we could extend metadata with a list of users who can access it.

Issues:
* Storage space (must do this for every file)
* Performance (must search the list for every access).

Question 30

How does UNIX fo ACLs?

Answer 30

Each file is associated with an owner and a group.

Avaliable permissions are read/write/execute
* permissions are defined for owner, the group and all other users.

Question 31

In relation to UNIX and ACLS

What do the following do?

chown:
chgrp:
chmod:

Answer 31

chown can be used to set the owner

chgrp can be used to set the group

chmod can be used to set permission bits

Question 32

What is a capability based system?

Answer 32

In such a system, a subject (process) is associated with a list of capabilities.

These lists are maintained and mediated by the OS

In the most straightforward implementation, this would ential having each process carry a list of all actions it is allowed to perform on all possible files.

Complicates achieving good performance.

Question 33

What are the differences between ACLs and Capabilities

Answer 33

In ACLs, access rights are stored with objects which need to be protected

In capability based systems, access rights are stored with subjects which need to be constrained.

Question 34

What is symmetric cryptography?

Answer 34

P can be encrypted using an algorithm E and a key K, resulting in a ciphertext C

C=E(P, K)

We use a decryption algorithm to get P back.

P = D(C, K)

Question 35

What is asymmetric cryptography?

Answer 35

Use one ket to encrypt, and one to decrypt.

Keep encryption key secret, make descryption key public.

Encrypt message with private key, send to another party.

If it decrypts correctly, they can trust the message came from me