Domain and Type Enforcement for Legacy File Systems. Robert Grimm
|
|
- Merryl Porter
- 5 years ago
- Views:
Transcription
1 Domain and Type Enforcement for Legacy File Systems Robert Grimm
2 Background I Domain and Type Enforcement (DTE) Core security in SPIN based on DTE Coarse-grained control over extensions Framework for fine-grained constraints Extensions protect their own objects Enforce access control on objects
3 Background II Legacy File Systems AFS, NFS Distributed file systems Used in several operating systems Widely used to store and share data
4 Challenge Integrate legacy file systems with DTE! Integration of SPIN with other OSs Share data over different platforms Add stronger security to legacy file systems Mechanically enforce security policy
5 Constraints Avoid changes to file system Used by other operating systems Impractical to change entire installation Easy to track updates to file system Minimize performance penalty of DTE Want close to insecure performance
6 Limitations Insecure access to files still possible Simply use another OS (Physically lock up servers) Still useful for perimeter defense Firewalls Secure web or FTP servers
7 Domain and Type Enforcement Associates subjects and objects with label Denotes privilege and access constraints Domain for subjects Type for objects Legal rights defined by global access matrix Domain Type Access mode or: Type Domain Access mode
8 Example Employee Outsider Secure FS Internal Marketing
9 Example (continued) Employee Outsider Internal rw -- Marketing rw r-
10 Basic Idea Define mapping from files to DTE types Use global name space to group files Associate group of files with DTE type rgrimm Internal rgrimm/www Marketing Two problems Lookup from path to type inefficient Relative directory operations, aliases
11 Path / Type Mapping I Maintain second name space tree Maps paths into DTE types Sparse representation Originally as required for mapping Expand on directory traversal First node visit expensive Subsequent visits incur small overhead
12 Path / Type Mapping II File System Path / Type Mapping rgrimm rgrimm www papers 552 www
13 Path / Type Mapping III On creation of mapping Reduce DTE access matrix from: Type Domain Access Mode to: Domain Access Mode Push information down mapping tree On visit of new file system node Expand mapping if necessary Link mapping into file system node
14 Access Right Check On file operation Get DTE domain for current thread Look up access mode Verify that operation is legal Directories are files, too Need to do similar access check
15 Changing the Mapping Implicit changes Introduce consistency problems Need to save modifications Similar to file system meta-data updates Expensive Solution: Allow explicit dynamic changes
16 Implementation within NFS Client Module DTEMap 100 lines interface 300 lines implementation Changes to NFS client 30 lines removed 100 lines added
17 Performance Evaluation Two micro-benchmarks Directory traversal 110 directories in groups of 10 Small file read Read 1024 bytes per operation Results in microseconds per operation
18 Initial Directory Traversal % Insecure Secure
19 Cached Directory Traversal % Insecure Secure
20 Small File Reads % Insecure Secure % Initial Cached
21 Extensibility is Hard I You can always tune core code Revisit interface contracts LOOPHOLE may be useful What level of abstraction? Some interfaces hide too much information Need mount path in NFS client Some interfaces are too low-level Access check requires 3 procedure calls
22 Extensibility is Hard II Error handling must be extensible, too! NameServer.Error Based on error codes Error.E, File.ErrorT Combines Mach, Unix and text error messages SecurityError.T Individual exceptions
23 Conclusions Integration is feasible Reasonable performance penalty Need end-to-end performance results Revisit basic design assumptions Extensibility requires major design effort Need to revisit core interfaces
Robert Grimm. legal rights are dened in a global access matrix, called. with a le, and the corresponding DTE matrix
Domain and Type Enforcement for Legacy File Systems Robert Grimm Abstract This report describes how tointegrate domain and type enforcement (DTE), a form of mandatory access control, with legacy le systems
More informationSeparating Access Control Policy, Enforcement, and Functionality in Extensible Systems. Robert Grimm University of Washington
Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems Robert Grimm University of Washington Extensions Added to running system Interact through low-latency interfaces Form
More informationDistributed File Systems. Distributed Systems IT332
Distributed File Systems Distributed Systems IT332 2 Outline Introduction Network File System (NFS) 3 File System Basics A file is a named collection of logically related data A file system Provides a
More informationOS Extensibility: SPIN and Exokernels. Robert Grimm New York University
OS Extensibility: SPIN and Exokernels Robert Grimm New York University The Three Questions What is the problem? What is new or different? What are the contributions and limitations? OS Abstraction Barrier
More informationOpal. Robert Grimm New York University
Opal Robert Grimm New York University The Three Questions What is the problem? What is new or different? What are the contributions and limitations? The Three Questions What is the problem? Applications
More informationCOS 318: Operating Systems. NSF, Snapshot, Dedup and Review
COS 318: Operating Systems NSF, Snapshot, Dedup and Review Topics! NFS! Case Study: NetApp File System! Deduplication storage system! Course review 2 Network File System! Sun introduced NFS v2 in early
More informationDistributed File Systems Issues. NFS (Network File System) AFS: Namespace. The Andrew File System (AFS) Operating Systems 11/19/2012 CSC 256/456 1
Distributed File Systems Issues NFS (Network File System) Naming and transparency (location transparency versus location independence) Host:local-name Attach remote directories (mount) Single global name
More informationChapter 11: File-System Interface
Chapter 11: File-System Interface Silberschatz, Galvin and Gagne 2013 Chapter 11: File-System Interface File Concept Access Methods Disk and Directory Structure File-System Mounting File Sharing Protection
More informationCSE325 Principles of Operating Systems. File Systems. David P. Duggan. March 21, 2013
CSE325 Principles of Operating Systems File Systems David P. Duggan dduggan@sandia.gov March 21, 2013 External View of File Manager Application Program mount() write() close() open() lseek() read() WriteFile()
More informationComputer Architecture. R. Poss
Computer Architecture R. Poss 1 lecture-7-24 september 2015 Virtual Memory cf. Henessy & Patterson, App. C4 2 lecture-7-24 september 2015 Virtual Memory It is easier for the programmer to have a large
More informationFuture Work. Build applications that use extensions to optimize performance. Interface design.
Future Work Finish building VINO. Networking. Naming. Build applications that use extensions to optimize performance. Interface design. What types of extensions actually get used? Revisit flexibility vs.
More informationChapter 10: File System. Operating System Concepts 9 th Edition
Chapter 10: File System Silberschatz, Galvin and Gagne 2013 Chapter 10: File System File Concept Access Methods Disk and Directory Structure File-System Mounting File Sharing Protection 10.2 Silberschatz,
More informationDISTRIBUTED SYSTEMS [COMP9243] Lecture 9b: Distributed File Systems INTRODUCTION. Transparency: Flexibility: Slide 1. Slide 3.
CHALLENGES Transparency: Slide 1 DISTRIBUTED SYSTEMS [COMP9243] Lecture 9b: Distributed File Systems ➀ Introduction ➁ NFS (Network File System) ➂ AFS (Andrew File System) & Coda ➃ GFS (Google File System)
More informationChapter 11: File-System Interface
Chapter 11: File-System Interface Chapter 11: File-System Interface File Concept Access Methods Disk and Directory Structure File-System Mounting File Sharing Protection Objectives To explain the function
More informationDistributed File Systems. CS 537 Lecture 15. Distributed File Systems. Transfer Model. Naming transparency 3/27/09
Distributed File Systems CS 537 Lecture 15 Distributed File Systems Michael Swift Goal: view a distributed system as a file system Storage is distributed Web tries to make world a collection of hyperlinked
More informationChapter 11: File-System Interface. Operating System Concepts 9 th Edition
Chapter 11: File-System Interface Silberschatz, Galvin and Gagne 2013 Chapter 11: File-System Interface File Concept Access Methods Disk and Directory Structure File-System Mounting File Sharing Protection
More informationEI 338: Computer Systems Engineering (Operating Systems & Computer Architecture)
EI 338: Computer Systems Engineering (Operating Systems & Computer Architecture) Dept. of Computer Science & Engineering Chentao Wu wuct@cs.sjtu.edu.cn Download lectures ftp://public.sjtu.edu.cn User:
More informationProblem. Context. Hash table
Problem In many problems, it is natural to use Hash table as their data structures. How can the hash table be efficiently accessed among multiple units of execution (UEs)? Context Hash table is used when
More informationSecurity Policy. Security Constraints. Access Control Mechanism. Extension. Secure Extension. Extensible System
Providing Policy-Neutral and Transparent Access Control in Extensible Systems Robert Grimm and Brian N. Bershad frgrimm, bershadg@cs.washington.edu Department of Computer Science and Engineering, University
More informationFile Concept Access Methods Directory and Disk Structure File-System Mounting File Sharing Protection
File Concept Access Methods Directory and Disk Structure File-System Mounting File Sharing Protection File Concepts File Attributes File Operations File Types Internal File Structure A uniform logical
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationCS533 Concepts of Operating Systems. Jonathan Walpole
CS533 Concepts of Operating Systems Jonathan Walpole Improving IPC by Kernel Design & The Performance of Micro- Kernel Based Systems The IPC Dilemma IPC is very import in µ-kernel design - Increases modularity,
More informationBackground. 20: Distributed File Systems. DFS Structure. Naming and Transparency. Naming Structures. Naming Schemes Three Main Approaches
Background 20: Distributed File Systems Last Modified: 12/4/2002 9:26:20 PM Distributed file system (DFS) a distributed implementation of the classical time-sharing model of a file system, where multiple
More informationChapter 1: Introduction. Operating System Concepts 8th Edition,
Chapter 1: Introduction, Administrivia Project 0 due Monday. Reading: 2.1 2.7. Next Time: Operating system structure. 1.2 Outline Process management. Storage management and characteristics. Miscellaneous
More informationCOS 318: Operating Systems. Journaling, NFS and WAFL
COS 318: Operating Systems Journaling, NFS and WAFL Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics Journaling and LFS Network
More informationLightweight RPC. Robert Grimm New York University
Lightweight RPC Robert Grimm New York University The Three Questions What is the problem? What is new or different? What are the contributions and limitations? The Structure of Systems Monolithic kernels
More informationLightweight Remote Procedure Call
Lightweight Remote Procedure Call Brian N. Bershad, Thomas E. Anderson, Edward D. Lazowska, Henry M. Levy ACM Transactions Vol. 8, No. 1, February 1990, pp. 37-55 presented by Ian Dees for PSU CS533, Jonathan
More informationFile Services. File Services at a Glance
File Services High-performance workgroup and Internet file sharing for Mac, Windows, and Linux clients. Features Native file services for Mac, Windows, and Linux clients Comprehensive file services using
More informationChapter 11: File System Interface
COP 4610: Introduction to Operating Systems (Spring 2016) Chapter 11: File System Interface Zhi Wang Florida State University Content File concept Access methods Directory structure File-system mounting
More information8. Files and File Systems
8. Files and File Systems 8. Files and File Systems File Storage Structure File System Implementation Kernel Abstraction Communication Through a Pipe 146 / 303 8. Files and File Systems Disk Operation
More informationDistributed file systems
Distributed file systems Vladimir Vlassov and Johan Montelius KTH ROYAL INSTITUTE OF TECHNOLOGY What s a file system Functionality: persistent storage of files: create and delete manipulating a file: read
More informationStorage and File Hierarchy
COS 318: Operating Systems Storage and File Hierarchy Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics Storage hierarchy File system
More informationChapter 13: Protection. Operating System Concepts Essentials 8 th Edition
Chapter 13: Protection Operating System Concepts Essentials 8 th Edition Silberschatz, Galvin and Gagne 2011 Chapter 13: Protection Goals of Protection Principles of Protection Domain of Protection Access
More informationChapter 9: File System Interface
Chapter 9: File System Interface File System Interface File Concept Computers store information on different [physical] media Flash Drives, Magnetic disk, Optical Disks, Magnetic Tapes OS provides a uniform
More informationTo Everyone... iii To Educators... v To Students... vi Acknowledgments... vii Final Words... ix References... x. 1 ADialogueontheBook 1
Contents To Everyone.............................. iii To Educators.............................. v To Students............................... vi Acknowledgments........................... vii Final Words..............................
More informationFine-Grained Mobility in Emerald. Robert Grimm New York University
Fine-Grained Mobility in Emerald Robert Grimm New York University The Three Questions What is the problem? What is new or different? What are the contributions and limitations? Why Bother with Migration?
More informationCOS 318: Operating Systems
COS 318: Operating Systems File Systems: Abstractions and Protection Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics What s behind
More informationImplementing caches. Example. Client. N. America. Client System + Caches. Asia. Client. Africa. Client. Client. Client. Client. Client.
N. America Example Implementing caches Doug Woos Asia System + Caches Africa put (k2, g(get(k1)) put (k2, g(get(k1)) What if clients use a sharded key-value store to coordinate their output? Or CPUs use
More informationDistributed File Systems. Directory Hierarchy. Transfer Model
Distributed File Systems Ken Birman Goal: view a distributed system as a file system Storage is distributed Web tries to make world a collection of hyperlinked documents Issues not common to usual file
More informationCS 550 Operating Systems Spring File System
1 CS 550 Operating Systems Spring 2018 File System 2 OS Abstractions Process: virtualization of CPU Address space: virtualization of memory The above to allow a program to run as if it is in its own private,
More informationHow do modules communicate? Enforcing modularity. Modularity: client-server organization. Tradeoffs of enforcing modularity
How do modules communicate? Enforcing modularity Within the same address space and protection domain local procedure calls Across protection domain system calls Over a connection client/server programming
More informationChapter 10: File-System Interface
Chapter 10: File-System Interface Objectives: To explain the function of file systems To describe the interfaces to file systems To discuss file-system design tradeoffs, including access methods, file
More informationChapter 7: File-System
Chapter 7: File-System Interface and Implementation Chapter 7: File-System Interface and Implementation File Concept File-System Structure Access Methods File-System Implementation Directory Structure
More informationFile system internals Tanenbaum, Chapter 4. COMP3231 Operating Systems
File system internals Tanenbaum, Chapter 4 COMP3231 Operating Systems Architecture of the OS storage stack Application File system: Hides physical location of data on the disk Exposes: directory hierarchy,
More informationChapter 14: Protection. Operating System Concepts 9 th Edition
Chapter 14: Protection Silberschatz, Galvin and Gagne 2013 Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection Access Matrix Implementation of Access Matrix Access
More informationSecurity. Policy. Security. Constraints. Access Control Mechanism. Extension. Secure Extension. Extensible System
Providing Policy-Neutral and Transparent Access Control in Extensible Systems Robert Grimm Brian N. Bershad frgrimm, bershadg@cs.washington.edu Dept. of Computer Science and Engineering University of Washington
More informationChapter 10: File-System Interface
Chapter 10: File-System Interface Objectives: To explain the function of file systems To describe the interfaces to file systems To discuss file-system design tradeoffs, including access methods, file
More informationChapter 10: File-System Interface. Operating System Concepts with Java 8 th Edition
Chapter 10: File-System Interface 10.1 Silberschatz, Galvin and Gagne 2009 File Concept A file is a named collection of information that is recorded on secondary storage. Types: Data numeric character
More informationContents. 1.1 What Operating Systems Do Computer-System Organization Computer-System Architecture 12. Operating-System Structures
PART ONE Chapter 1 Introduction OVERVIEW 1.1 What Operating Systems Do 3 1.2 Computer-System Organization 6 1.3 Computer-System Architecture 12 1.4 Operating-System Structure 15 1.5 Operating-System Operations
More informationContents. 1.1 What Operating Systems Do Computer-System Organization Computer-System Architecture 12. Operating-System Structures
PART ONE Chapter 1 Introduction OVERVIEW 1.1 What Operating Systems Do 3 1.2 Computer-System Organization 6 1.3 Computer-System Architecture 12 1.4 Operating-System Structure 18 1.5 Operating-System Operations
More informationCS24: INTRODUCTION TO COMPUTING SYSTEMS. Spring 2018 Lecture 23
CS24: INTRODUCTION TO COMPUTING SYSTEMS Spring 208 Lecture 23 LAST TIME: VIRTUAL MEMORY Began to focus on how to virtualize memory Instead of directly addressing physical memory, introduce a level of indirection
More informationObjectives and Functions Convenience. William Stallings Computer Organization and Architecture 7 th Edition. Efficiency
William Stallings Computer Organization and Architecture 7 th Edition Chapter 8 Operating System Support Objectives and Functions Convenience Making the computer easier to use Efficiency Allowing better
More informationThe CHERI capability model Revisiting RISC in an age of risk
CTS CTSRDCRASH-worthy Trustworthy Systems Research and Development The CHERI capability model Revisiting RISC in an age of risk Jonathan Woodruff, Robert N. M. Watson, David Chisnall, Simon W. Moore, Jonathan
More informationThreads. Computer Systems. 5/12/2009 cse threads Perkins, DW Johnson and University of Washington 1
Threads CSE 410, Spring 2009 Computer Systems http://www.cs.washington.edu/410 5/12/2009 cse410-20-threads 2006-09 Perkins, DW Johnson and University of Washington 1 Reading and References Reading» Read
More informationFile Systems. Kartik Gopalan. Chapter 4 From Tanenbaum s Modern Operating System
File Systems Kartik Gopalan Chapter 4 From Tanenbaum s Modern Operating System 1 What is a File System? File system is the OS component that organizes data on the raw storage device. Data, by itself, is
More informationQuestions answered in this lecture: CS 537 Lecture 19 Threads and Cooperation. What s in a process? Organizing a Process
Questions answered in this lecture: CS 537 Lecture 19 Threads and Cooperation Why are threads useful? How does one use POSIX pthreads? Michael Swift 1 2 What s in a process? Organizing a Process A process
More informationChapter 10: File System
Chapter 10: File System Chapter 10: File-System File Concept File attributes, File operations, File types, File structures Access Methods Directory Structure File-System Mounting File Sharing Protection
More informationOperating System Support
Operating System Support Objectives and Functions Convenience Making the computer easier to use Efficiency Allowing better use of computer resources Layers and Views of a Computer System Operating System
More informationCA485 Ray Walshe Google File System
Google File System Overview Google File System is scalable, distributed file system on inexpensive commodity hardware that provides: Fault Tolerance File system runs on hundreds or thousands of storage
More informationChapter 10: File-System Interface
Chapter 10: File-System Interface Chapter 10: File-System Interface File Concept Access Methods Directory Structure File-System Mounting File Sharing Protection 10.2 Silberschatz, Galvin and Gagne 2005
More informationVirtual Memory. Motivation:
Virtual Memory Motivation:! Each process would like to see its own, full, address space! Clearly impossible to provide full physical memory for all processes! Processes may define a large address space
More informationHigh-Performance Transaction Processing in Journaling File Systems Y. Son, S. Kim, H. Y. Yeom, and H. Han
High-Performance Transaction Processing in Journaling File Systems Y. Son, S. Kim, H. Y. Yeom, and H. Han Seoul National University, Korea Dongduk Women s University, Korea Contents Motivation and Background
More informationChapter 10: File-System Interface. File Concept Access Methods Directory Structure File-System Mounting File Sharing Protection
Chapter 10: File-System Interface File Concept Access Methods Directory Structure File-System Mounting File Sharing Protection Objectives To explain the function of file systems To describe the interfaces
More informationCOS 318: Operating Systems. Virtual Memory and Address Translation
COS 318: Operating Systems Virtual Memory and Address Translation Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Today s Topics
More informationTransactional Memory. How to do multiple things at once. Benjamin Engel Transactional Memory 1 / 28
Transactional Memory or How to do multiple things at once Benjamin Engel Transactional Memory 1 / 28 Transactional Memory: Architectural Support for Lock-Free Data Structures M. Herlihy, J. Eliot, and
More informationVirtual Memory: From Address Translation to Demand Paging
Constructive Computer Architecture Virtual Memory: From Address Translation to Demand Paging Arvind Computer Science & Artificial Intelligence Lab. Massachusetts Institute of Technology November 12, 2014
More informationLecture 10 File Systems - Interface (chapter 10)
Bilkent University Department of Computer Engineering CS342 Operating Systems Lecture 10 File Systems - Interface (chapter 10) Dr. İbrahim Körpeoğlu http://www.cs.bilkent.edu.tr/~korpe 1 References The
More informationOpenAFS Unix Cache Manager Performance Mark Vitale AFS and Kerberos Best Practices Workshop 20 August 2015
OpenAFS Unix Cache Manager Performance Mark Vitale AFS and Kerberos Best Practices Workshop 20 August 2015 objectives Understand the performance characteristics of the OpenAFS
More informationWhat s in a process?
CSE 451: Operating Systems Winter 2015 Module 5 Threads Mark Zbikowski mzbik@cs.washington.edu Allen Center 476 2013 Gribble, Lazowska, Levy, Zahorjan What s in a process? A process consists of (at least):
More informationAddress Translation. Tore Larsen Material developed by: Kai Li, Princeton University
Address Translation Tore Larsen Material developed by: Kai Li, Princeton University Topics Virtual memory Virtualization Protection Address translation Base and bound Segmentation Paging Translation look-ahead
More informationChapter 11: File-System Interface
Chapter 11: File-System Interface Silberschatz, Galvin and Gagne 2013! Chapter 11: File-System Interface File Concept" Access Methods" Directory Structure" File-System Mounting" File Sharing" Protection"
More informationVirtual Memory 1. To do. q Segmentation q Paging q A hybrid system
Virtual Memory 1 To do q Segmentation q Paging q A hybrid system Address spaces and multiple processes IBM OS/360 Split memory in n parts (possible!= sizes) A process per partition Program Code Heap Operating
More informationCS 4284 Systems Capstone
CS 4284 Systems Capstone Disks & File Systems Godmar Back Filesystems Files vs Disks File Abstraction Byte oriented Names Access protection Consistency guarantees Disk Abstraction Block oriented Block
More informationDATA STRUCTURES USING C
DATA STRUCTURES USING C File Management Chapter 9 2 File Concept Contiguous logical address space Types: Data numeric character binary Program 3 File Attributes Name the only information kept in human-readable
More informationChapter 10: File-System Interface. Operating System Concepts 8 th Edition
Chapter 10: File-System Interface Silberschatz, Galvin and Gagne 2009 Chapter 10: File-System Interface File Concept Access Methods Directory Structure File-System Mounting File Sharing Protection 10.2
More information10/10/ Gribble, Lazowska, Levy, Zahorjan 2. 10/10/ Gribble, Lazowska, Levy, Zahorjan 4
What s in a process? CSE 451: Operating Systems Autumn 2010 Module 5 Threads Ed Lazowska lazowska@cs.washington.edu Allen Center 570 A process consists of (at least): An, containing the code (instructions)
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 12: File Systems Geoffrey M. Voelker File Systems First we ll discuss properties of physical disks Structure Performance Then how file systems
More informationOutlook. File-System Interface Allocation-Methods Free Space Management
File System Outlook File-System Interface Allocation-Methods Free Space Management 2 File System Interface File Concept File system is the most visible part of an OS Files storing related data Directory
More informationOperating System Kernels
Operating System Kernels Presenter: Saikat Guha Cornell University CS 614, Fall 2005 Operating Systems Initially, the OS was a run-time library Batch ( 55 65): Resident, spooled jobs Multiprogrammed (late
More informationExtreme computing Infrastructure
Outline Extreme computing School of Informatics University of Edinburgh Replication and fault tolerance Virtualisation Parallelism and parallel/concurrent programming Services So, you want to build a cloud
More informationCS420: Operating Systems
OS Overview James Moscola Department of Engineering & Computer Science York College of Pennsylvania Contents of Introduction slides are courtesy of Silberschatz, Galvin, Gagne Operating System Structure
More informationChapter 11: File-System Interface. Long-term Information Storage. File Structure. File Structure. File Concept. File Attributes
Chapter 11: File-System Interface File Concept Access Methods Directory Structure File System Mounting File Sharing Protection Long-term Information Storage 1. Must store large amounts of data 2. Information
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More informationSPIN Operating System
SPIN Operating System Motivation: general purpose, UNIX-based operating systems can perform poorly when the applications have resource usage patterns poorly handled by kernel code Why? Current crop of
More informationChapter 2. Parallel Hardware and Parallel Software. An Introduction to Parallel Programming. The Von Neuman Architecture
An Introduction to Parallel Programming Peter Pacheco Chapter 2 Parallel Hardware and Parallel Software 1 The Von Neuman Architecture Control unit: responsible for deciding which instruction in a program
More informationDisk Scheduling COMPSCI 386
Disk Scheduling COMPSCI 386 Topics Disk Structure (9.1 9.2) Disk Scheduling (9.4) Allocation Methods (11.4) Free Space Management (11.5) Hard Disk Platter diameter ranges from 1.8 to 3.5 inches. Both sides
More informationChapter 1: Introduction. Operating System Concepts 8 th Edition,
Chapter 1: Introduction Operating System Concepts 8 th Edition, Silberschatz, Galvin and Gagne 2009 Operating-System Operations Interrupt driven by hardware Software error or system request creates exception
More informationOS security mechanisms:
OS security mechanisms: Memory Protection: One of the important aspects of Operating system security is Memory Protection. Memory provides powerful indirect way for an attacker to circumvent security mechanism,
More informationLast class: Today: Course administration OS definition, some history. Background on Computer Architecture
1 Last class: Course administration OS definition, some history Today: Background on Computer Architecture 2 Canonical System Hardware CPU: Processor to perform computations Memory: Programs and data I/O
More information4. Note: This example has NFS version 3, but other settings such as NFS version 4 may also work better in some environments.
Creating NFS Share 1. Mounting the NFS Share from VMware vsphere Mounting from Windows NFS Clients NFS and Firewall Settings NFS Client Mount from Linux NFS v4 and Authentication Considerations Common
More informationA User-level Secure Grid File System
A User-level Secure Grid File System Ming Zhao, Renato J. Figueiredo Advanced Computing and Information Systems (ACIS) Electrical and Computer Engineering University of Florida {ming, renato}@acis.ufl.edu
More informationCSC369 Operating Systems. Spring 2007
CSC369 Operating Systems Spring 2007 Final Review 1 Final mechanics Processes & Threads Overview Concurrency, Synchronization & Deadlock Scheduling Memory management Paging Page replacement Disk I/O File
More informationAnnouncements. Reading: Chapter 16 Project #5 Due on Friday at 6:00 PM. CMSC 412 S10 (lect 24) copyright Jeffrey K.
Announcements Reading: Chapter 16 Project #5 Due on Friday at 6:00 PM 1 Distributed Systems Provide: access to remote resources security location independence load balancing Basic Services: remote login
More informationChapter 17: Distributed-File Systems. Operating System Concepts 8 th Edition,
Chapter 17: Distributed-File Systems, Silberschatz, Galvin and Gagne 2009 Chapter 17 Distributed-File Systems Background Naming and Transparency Remote File Access Stateful versus Stateless Service File
More informationWhat s in a traditional process? Concurrency/Parallelism. What s needed? CSE 451: Operating Systems Autumn 2012
What s in a traditional process? CSE 451: Operating Systems Autumn 2012 Ed Lazowska lazowska @cs.washi ngton.edu Allen Center 570 A process consists of (at least): An, containing the code (instructions)
More informationEnabling Efficient and Scalable Zero-Trust Security
WHITE PAPER Enabling Efficient and Scalable Zero-Trust Security FOR CLOUD DATA CENTERS WITH AGILIO SMARTNICS THE NEED FOR ZERO-TRUST SECURITY The rapid evolution of cloud-based data centers to support
More informationVirtual Memory. Today. Segmentation Paging A good, if common example
Virtual Memory Today Segmentation Paging A good, if common example Virtual memory system Goals Transparency Programs should not know that memory is virtualized; the OS +HW multiplex memory among processes
More informationAdministrative Details. CS 140 Final Review Session. Pre-Midterm. Plan For Today. Disks + I/O. Pre-Midterm, cont.
Administrative Details CS 140 Final Review Session Final exam: 12:15-3:15pm, Thursday March 18, Skilling Aud (here) Questions about course material or the exam? Post to the newsgroup with Exam Question
More informationDISTRIBUTED FILE SYSTEMS & NFS
DISTRIBUTED FILE SYSTEMS & NFS Dr. Yingwu Zhu File Service Types in Client/Server File service a specification of what the file system offers to clients File server The implementation of a file service
More informationTransactifying Apache s Cache Module
H. Eran O. Lutzky Z. Guz I. Keidar Department of Electrical Engineering Technion Israel Institute of Technology SYSTOR 2009 The Israeli Experimental Systems Conference Outline 1 Why legacy applications
More information