Themes in OS research. Administrivia Last project due today. Functionality. Performance
|
|
- Geoffrey Glenn
- 6 years ago
- Views:
Transcription
1 Administrivia Last project due today - Must hand in something by midnight even if you get extension Final Exam - Wednesday March 18, 12:15-3:15pm ingates B-01 - Open book, open notes, just like midterm - Covers material from all 19 lectures SCPD students please take in person if possible - Otherwise, cs140-staff your exam monitor s address (using subjectexam monitor) I have special office hours next Monday, 3:00-4:00pm - I also plan to be around most of the afternoon that day, so stop by if you have questions before exam Televised final review session tomorrow 4:15pm-5:05 - Bring any questions you might have on lecture material 1/34 Themes in OS research Performance Functionality System management Extensibility Power consumption Security 2/34 Performance Performance improvements always welcome - 10% is nice, but often not super interesting - 10x can actually enable new functionality Through early 90s, a major focus of OS research - Makes benefits nicely quantifiable - Let to lots of incremental work But some performance work very interesting: - Synthesis [Massalin] - OS made extensive use of dynamic code generation for speed Making logically synchronous disk accesses asynchronous [Nightingale] - Make fsync instantaneous until effects externalized - Assume NFS cache consistent, roll back execution if wrong Functionality Lots of work to make distributed systems transparent - Network operating systems (Sprite, Amoeba) - Distributed shared memory (tons of papers) - Much of this work had little impact Plan9 [Pike] make all functionality available through file namespace - Developed by the inventors of Unix, who gave up on Unix - Invented now popular abstractions such as/proc - Mount table is no longer global, but per process group - Lots of really cool benefits to unifying abstractions in FS: Bypass firewall by remotely-mounting/net Window system just virtualizes console device 3/34 4/34 System management Already talked about virtual machines Plan9 s features greatly simplified management - E.g., backups available through file system under/dump Storage management a huge deal - Large, virtual disks (e.g., Petal [Lee]) - Serverless network file systems [Dahlin] - Using desktop machines for storage (Farsite [Bolosky]) - Peer-to-peer network file systems (e.g., Ivy [Morris]) - Peer-to-peer backup (e.g., Pastiche [Cox]) Application abstraction (Singularity [Hunt]) - Avoid problems associated with installing software - Packages must describe themselves declaratively - Applications are a security principal that can go in ACLs Extensibility: Microkernels Very popular in 1980s Idea: Provide traditional OS abstractions in servers - E.g., Virtual memory server, file system server - Could Make for better fault isolation - Also makes it easier to develop new OS functionality (debugging servers potentially easier than debugging kernel) Kernel interface is very small - E.g., just provide simple IPC abstractions - Note: micro means small interface, not small code Most well-known example: Mach 3 - Big (0.5 M lines of code in 80s) and bloated - Performance problems in part from context switches - Influential system but gave microkernels a bad name More successful microkernels: VxWorks, L4, MINIX3 6/34 5/34
2 Extensibility: Other architectures Power management Big focus in mid-90s: - Inspired by applications that fight with the OS - E.g., database that has to bypass the OS buffer cache - Also CPUs still slow enough that hard to saturate net One approach: Spin [Bershad] - Download extensions into kernel using safe language - Safely run user code in kernel, saving context switch Another approach: Exokernel [Engler/Kaashoek] - Exterminate all operating system abstractions - Idea: Kernel should provide protection, not abstraction - Implement abstractions in user-level library - Replacing, e.g., socket implementation like replacing malloc Recent hot topic for sensor networks - Battery-powered devices - Deployed in environments where hard to change battery - OS techniques can extend battery lifetime from days to months Also becoming an issue for server farms - Cost of power + cooling comparable to cost of hardware Some techniques - CPU voltage scaling (requires cutting frequency when to do?) - Careful use of wireless networks - Probably will see more with disks in near future 7/34 8/34 HiStar Examples Developed by Nickolai Zeldovich here at Stanford Most software cannot be trusted - Massive, complex systems no one fully understands - Not written by security-conscious programmers - Even good programmers make mistakes Yet this is what people develop and want to run Address problem through better OS interface - HiStar: a new OS that reduces trust in software while providing Unix-like environment Symantec AntiVirus 10 contained remote exploit - Software deployed on 200,000,000 systems PayMaxx web site divulges social security numbers - Test record had SSN and no password - After login, could access records by consecutive serial number The list goes on... - CardSystems loses 40,000,000 credit card numbers - Jacobsen compromises T-mobile, steals secret service mail - Recommendation letters for 10,000 Stanford applicants stolen 9/34 10/34 Anti-virus software details What can go wrong? checks files for virus signatures daemon downloads new virus signatures How to enforce security w/o trusting software? - Must not leak contents of your files to network - Must not tamper with contents of your files writes your private data to network 11/34 12/34
3 What can go wrong? What can go wrong? sends private data to update daemon daemon sends data over network - Can cleverly disguise it in order/timing of update requests writes data to world-readable file in /tmp daemon later reads and discloses file 13/34 14/34 What can go wrong? The list goes on acquires read locks on virus database - Encodes user data by locking various ranges of file daemon decodes data by detecting locks - Discloses private data over the network can call setproctitle with user data - daemon extracts data by running ps can bind particular TCP or UDP port numbers can relay data through another process - Call ptrace to take over process, then write to network - Use sendmail, httpd, or portmap to reveal data Disclose data by modulating free disk space Can we ever convince ourselves we ve covered all possible communication channels? 15/34 16/34 Information flow control Reasoning about operations is hard - Can you enumerate all permissible actions by scanner? - What about helper programs spawned (gzip, ar, mime,... )? - What about any process that can observe scanner? Reasoning about information flow is easier - Policy: Don t write my files to network unless I say so Restructure OS to make all information flow explicit - Has been done in a very heavy-weight fashion for military - Give individual users control over information flow - Allows us to restructure applications with less trusted code Linux Security checks Hardware HiStar architecture HiStar Security checks Hardware Kernel provides small number of simple objects - Simple enough that information flow is unambiguous 17/34 Layer Unix API as untrusted library on top of kernel 18/34
4 HiStar kernel objects Unix processes Only six types of object exposed by kernel interface Unix abstractions built from HiStar objects But implemented in untrusted library code - E.g., a bug in the code implementing processes won t violate information flow restrictions 19/34 20/34 Example: File descriptors in Unix Example: File descriptors in HiStar Suppose A can t flow to B, but they share a file desc. Typical mistake: Consider read-only fd to be okay - But even a read-only fd has mutable state, such as offset pointer - Hard to catch all such shared state Implemented in terms of lower-level HiStar objects - Seek pointer must be stored in labeled segment - Ensures it can t be used to leak information 21/34 22/34 What s in a label? Labels represents 2 types of information flow concern - secrecy preventing people from observing information - integrity preventing people from modifying information Each concern is represented by a category of taint Secrecy categories shown as - Different colors represent different secrecy categories - Secrecy category in label object tainted in that category Integrity categories shown as - Integrity category in label object less tainted in that category L A L B ( L A can flow to L B ) when: - L A is no more tainted than L B in every category - I.e., L A has all integrity categories in L B and L B has all secrecy categories in L A 23/34 Recall: Bell-LaPadula labels top-secret, {Nuclear, Crypto} top-secret, {Nuclear} secret, {Nuclear} top-secret, secret, X top-secret, {Crypto} X X secret, {Crypto} L 1 L 1 means L 1 L 2 unclassified, Information can only flow up the lattice - System enforces No read up, no write down 24/34
5 HiStar labels Downgrading privileges Downgrading privileges are decentralized ( ) - Represented by per-category stars in threads labels ( ) - Means thread can ignore taint in that category Any thread can create a new category - You get the stars for the categories you create Can implement Unix UIDs using categories - Each UID u corresponds to two categories: An integrity category, u i and, a secrecy category, u s - u s shell gets those stars whenever s/he logs in - File with 0644 permissions (-rw-r--r--) is labeled w. u i Can add but not remove secrecy categories Can remove but not add integrity categories - File with 0600 permissions (-rw ) labeled w. both u s, u i Can implement other policies alongside UIDs 25/34 26/34 Example: virus scanner Example: ssh-agent tainted, so cannot write to network Dynamically allocated also prevents scanner from corrupting files ssh-agent stores your private key - Want to prevent even root from getting the key - ssh-agent can just allocate its own secrecy category 27/34 28/34 Runaway processes Containers What if ssh-agent goes nuts? - Can allocate lots of categories, cut itself off from the world! Separate resource allocation from access control Can reclaim resources if you can write container - Even if you can t read or write the objects you are deleting 29/34 30/34
6 Other HiStar applications Web server Untrusted login Red-green VPNs Web server for untrusted CGI scripts (next slide) Distributed HiStar Ongoing/future work: - Scheduler resource control for reducing timing channels - New applications written by untrusted programmers - Allowing policies to apply to power management (for mobile devices) 31/34 32/34 Final thoughts You are all now operating systems experts Use this knowledge to build better applications - Sometimes need to coax right behavior out of kernel - Should be much easier now that you know what s going on Syscall interface can be an innovation barrier - Much harder to change kernel than user code - Other examples include standardized net. protocols, servers - Get these wrong and many people will suffer Some of you will go on to design interfaces that many people are later subjected to - Strive to achieve both simplicity and flexibility for users How to learn more about OSes Take CS240 Advanced Topics in Operating Systems - Class will bring you up to speed on OS research - Read & discuss research papers - By the end, should be ready to do OS research Get involved in research! Lot s of interesting OS work at Stanford - Rosenblum launched the virtual machine resurgence - Lam collective system, software for mobile devices - Levis seminal work on sensor nets & power management - Engler tools to find OS bugs automatically - Boneh/Mitchell lots of practical OS security work - Mazières file system and security research 33/34 34/34
1 HiStar OS. 2 Closing remarks. 3 Deian Stefan the industry perspective. - Software deployed on 200,000,000 systems
Administrivia Outline Last project due Friday noon Final Exam - Wednesday December 9, 3:30pm-6:30pm in Gates B-03 - Open notes, closed textbook, just like midterm - Covers material from all 19 lectures
More informationSoftware security in the Internet of things
Software security in the Internet of things Silas Boyd-Wickizer, Pablo Buiras*, Daniel Giffin, Stefan Heule, Eddie Kohler, Amit Levy, David Mazières, John Mitchell, Alejandro Russo*, Amy Shen, Deian Stefan,
More informationSecurity and the Average Programmer
Security and the Average Programmer Silas Boyd-Wickizer, Pablo Buiras*, Daniel Giffin, Stefan Heule, Eddie Kohler, Amit Levy, David Mazières, John Mitchell, Alejandro Russo*, Amy Shen, Deian Stefan, David
More informationExplicit Information Flow in the HiStar OS. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières
Explicit Information Flow in the HiStar OS Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières Too much trusted software Untrustworthy code a huge problem Users willingly run malicious
More informationSecuring Untrustworthy Software Using Information Flow Control
Securing Untrustworthy Software Using Information Flow Control Nickolai Zeldovich Joint work with: Silas Boyd-Wickizer, Eddie Kohler, David Mazières Problem: Bad Code PayMaxx divulges social security numbers
More informationAdministrative Details. CS 140 Final Review Session. Pre-Midterm. Plan For Today. Disks + I/O. Pre-Midterm, cont.
Administrative Details CS 140 Final Review Session Final exam: 12:15-3:15pm, Thursday March 18, Skilling Aud (here) Questions about course material or the exam? Post to the newsgroup with Exam Question
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationCS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES
CS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES Your name: SUNet ID: In accordance with both the letter and the spirit of the Stanford Honor Code, I did not cheat on this exam. Furthermore,
More informationCS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching
CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring 2004 Lecture 18: Naming, Directories, and File Caching 18.0 Main Points How do users name files? What is a name? Lookup:
More informationCS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching
CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring 2002 Lecture 18: Naming, Directories, and File Caching 18.0 Main Points How do users name files? What is a name? Lookup:
More informationAsbestos Operating System
Asbestos Operating System Presented by Sherley Codio and Tom Dehart This Talk Recap on Information Flow Asbestos Overview Labels Special Rules Discretionary Contamination Declassification/Decontamination
More informationCOS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy
Topics COS 318: Operating Systems File Systems hierarchy File system abstraction File system operations File system protection 2 Traditional Data Center Hierarchy Evolved Data Center Hierarchy Clients
More informationStorage and File System
COS 318: Operating Systems Storage and File System Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Topics Storage hierarchy File
More informationInput / Output. Kevin Webb Swarthmore College April 12, 2018
Input / Output Kevin Webb Swarthmore College April 12, 2018 xkcd #927 Fortunately, the charging one has been solved now that we've all standardized on mini-usb. Or is it micro-usb? Today s Goals Characterize
More informationOperating System Structure
Operating System Structure Joey Echeverria joey42+os@gmail.com April 18, 2005 Carnegie Mellon University: 15-410 Spring 2005 Overview Motivations Kernel Structures Monolithic Kernels Open Systems Microkernels
More informationOperating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.
Operating Systems Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring 2014 Paul Krzyzanowski Rutgers University Spring 2015 April 22, 2015 2015 Paul Krzyzanowski 1 Question 1 A weakness of using
More informationCS 416: Operating Systems Design April 22, 2015
Question 1 A weakness of using NAND flash memory for use as a file system is: (a) Stored data wears out over time, requiring periodic refreshing. Operating Systems Week 13 Recitation: Exam 3 Preview Review
More informationOS Extensibility: SPIN and Exokernels. Robert Grimm New York University
OS Extensibility: SPIN and Exokernels Robert Grimm New York University The Three Questions What is the problem? What is new or different? What are the contributions and limitations? OS Abstraction Barrier
More informationQuiz II Solutions MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Department of Electrical Engineering and Computer Science
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.828 Fall 2014 Quiz II Solutions Mean 62.1 Median 65.0 Standard deviation 14.0 Kurtosis 2.6 20 15 10 5 0
More informationOS structure. Process management. Major OS components. CSE 451: Operating Systems Spring Module 3 Operating System Components and Structure
CSE 451: Operating Systems Spring 2012 Module 3 Operating System Components and Structure Ed Lazowska lazowska@cs.washington.edu Allen Center 570 The OS sits between application programs and the it mediates
More informationDAC vs. MAC. Most people familiar with discretionary access control (DAC)
p. 1/1 DAC vs. MAC Most people familiar with discretionary access control (DAC) - Example: Unix user-group-other permission bits - Might set a fileprivate so only groupfriends can read it Discretionary
More informationExokernel Engler, Kaashoek etc. advantage: fault isolation slow (kernel crossings)
Exokernel Engler, Kaashoek etc. Outline: Overview 20 min Specific abstractions 30 min Critique 20 min advantage: fault isolation slow (kernel crossings) File server Vm server 1. High-level goals Goal Improved
More informationStorage and File Hierarchy
COS 318: Operating Systems Storage and File Hierarchy Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics Storage hierarchy File system
More informationCOS 318: Operating Systems
COS 318: Operating Systems File Systems: Abstractions and Protection Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics What s behind
More informationOutline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines
Outline Operating System Security CS 239 Computer Security February 23, 2004 Introduction Memory protection Interprocess communications protection File protection Page 1 Page 2 Introduction Why Is OS Security
More informationCSE 153 Design of Operating Systems
CSE 153 Design of Operating Systems Winter 2019 Lecture 4: Processes Administrivia If you have not already, please make sure to enroll in piazza ~20 students have not yet Lab 1: please check the hints
More informationCS140 Operating Systems Final Review. Mar. 13 th, 2009 Derrick Isaacson
CS140 Operating Systems Final Review Mar. 13 th, 2009 Derrick Isaacson 1 Final Exam Wed. Mar. 18 th 12:15 pm in Gates B01 Open book, open notes (closed laptop) Bring printouts You won t have time to learn
More informationOperating System Structure
Operating System Structure Joey Echeverria joey42+os@gmail.com December 6, 2004 Carnegie Mellon University: 15-410 Fall 2004 Overview Motivations Kernel Structures Monolithic Kernels Open Systems Microkernels
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More informationFILE SYSTEMS, PART 2. CS124 Operating Systems Winter , Lecture 24
FILE SYSTEMS, PART 2 CS124 Operating Systems Winter 2015-2016, Lecture 24 2 Files and Processes The OS maintains a buffer of storage blocks in memory Storage devices are often much slower than the CPU;
More information18-447: Computer Architecture Lecture 16: Virtual Memory
18-447: Computer Architecture Lecture 16: Virtual Memory Justin Meza Carnegie Mellon University (with material from Onur Mutlu, Michael Papamichael, and Vivek Seshadri) 1 Notes HW 2 and Lab 2 grades will
More informationOS Security III: Sandbox and SFI
1 OS Security III: Sandbox and SFI Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 VMs on lab machine Extension? 3 Users and processes FACT: although ACLs use users as subject, the OS
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationò Server can crash or be disconnected ò Client can crash or be disconnected ò How to coordinate multiple clients accessing same file?
Big picture (from Sandberg et al.) NFS Don Porter CSE 506 Intuition Challenges Instead of translating VFS requests into hard drive accesses, translate them into remote procedure calls to a server Simple,
More information6.828: OS/Language Co-design. Adam Belay
6.828: OS/Language Co-design Adam Belay Singularity An experimental research OS at Microsoft in the early 2000s Many people and papers, high profile project Influenced by experiences at
More informationNFS. Don Porter CSE 506
NFS Don Porter CSE 506 Big picture (from Sandberg et al.) Intuition ò Instead of translating VFS requests into hard drive accesses, translate them into remote procedure calls to a server ò Simple, right?
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More information[This link is no longer available because the program has changed.] II. Security Overview
Security ------------------- I. 2 Intro Examples II. Security Overview III. Server Security: Offense + Defense IV. Unix Security + POLP V. Example: OKWS VI. How to Build a Website I. Intro Examples --------------------
More information(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.
CS140 Winter 2006 Final Exam Solutions (1) In class we talked about the link count in the inode of the Unix file system being incorrect after a crash. The reference count can either be either too high
More informationCS 61: Systems programming and machine organization. Prof. Stephen Chong November 15, 2010
CS 61: Systems programming and machine organization Prof. Stephen Chong November 15, 2010 CS 61 Fall 2011, Tuesdays and Thursdays 2:30pm 4pm Prereqs: CS 50 (or C programming experience) An introduction
More informationProtection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger
Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ Protection Protect yourself from untrustworthy users in a common space They may try to access your resources Or modify
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationDesigning a System. We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10,
Designing a System We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10, 2007 1 Some of Our Tools Encryption Authentication mechanisms Access
More informationENGR 3950U / CSCI 3020U Midterm Exam SOLUTIONS, Fall 2012 SOLUTIONS
SOLUTIONS ENGR 3950U / CSCI 3020U (Operating Systems) Midterm Exam October 23, 2012, Duration: 80 Minutes (10 pages, 12 questions, 100 Marks) Instructor: Dr. Kamran Sartipi Question 1 (Computer Systgem)
More informationOS concepts and structure. q OS components & interconnects q Structuring OSs q Next time: Processes
OS concepts and structure q OS components & interconnects q Structuring OSs q Next time: Processes OS Views Perspectives, OS as the services it provides its components and interactions Services to Users
More informationLecture 3: O/S Organization. plan: O/S organization processes isolation
6.828 2012 Lecture 3: O/S Organization plan: O/S organization processes isolation topic: overall o/s design what should the main components be? what should the interfaces look like? why have an o/s at
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More informationName: Instructions. Problem 1 : Short answer. [48 points] CMU / Storage Systems 25 Feb 2009 Spring 2010 Exam 1
CMU 18-746/15-746 Storage Systems 25 Feb 2009 Spring 2010 Exam 1 Instructions Name: There are four (4) questions on the exam. You may find questions that could have several answers and require an explanation
More informationArchitecture. Steven M. Bellovin October 31,
Architecture Steven M. Bellovin October 31, 2016 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More informationStanford University Computer Science Department CS 140 Final Exam Dawson Engler Winter 1999
Stanford University Computer Science Department CS 140 Final Exam Dawson Engler Winter 1999 Name: Please initial the bottom left corner of each page. This is an open-book exam. You have 120 minutes to
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall 2008.
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.828 Fall 2008 Quiz II Solutions 1 I File System Consistency Ben is writing software that stores data in
More informationCS 155 Final Exam. CS 155: Spring 2012 June 11, 2012
CS 155: Spring 2012 June 11, 2012 CS 155 Final Exam This exam is open books and open notes. You may use course notes and documents that you have stored on a laptop, but you may NOT use the network connection
More informationCS 318 Principles of Operating Systems
CS 318 Principles of Operating Systems Fall 2018 Lecture 16: Advanced File Systems Ryan Huang Slides adapted from Andrea Arpaci-Dusseau s lecture 11/6/18 CS 318 Lecture 16 Advanced File Systems 2 11/6/18
More informationInformation Flow Control For Standard OS Abstractions
Information Flow Control For Standard OS Abstractions Maxwell Krohn, Alex Yip, Micah Brodsky, Natan Cliffer, Frans Kaashoek, Eddie Kohler, Robert Morris MIT SOSP 2007 Presenter: Lei Xia Mar. 2 2009 Outline
More informationSystem Structure. Steven M. Bellovin December 14,
System Structure Steven M. Bellovin December 14, 2015 1 Designing a System We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin December 14, 2015
More informationCSE380 - Operating Systems. Communicating with Devices
CSE380 - Operating Systems Notes for Lecture 15-11/4/04 Matt Blaze (some examples by Insup Lee) Communicating with Devices Modern architectures support convenient communication with devices memory mapped
More informationCS140 Operating Systems
p. 1/2 CS140 Operating Systems Instructor: David Mazières CAs: Varun Arora, Chia-Hui Tai, Megan Wachs Stanford University p. 2/2 Administrivia Class web ØØÔ»» ½ ¼º º Ø Ò ÓÖ º Ù» page: - All assignments,
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationFilesystem. Disclaimer: some slides are adopted from book authors slides with permission 1
Filesystem Disclaimer: some slides are adopted from book authors slides with permission 1 Storage Subsystem in Linux OS Inode cache User Applications System call Interface Virtual File System (VFS) Filesystem
More informationOperating System Structure
Operating System Structure Heechul Yun Disclaimer: some slides are adopted from the book authors slides with permission Recap: Memory Hierarchy Fast, Expensive Slow, Inexpensive 2 Recap Architectural support
More informationRecall: Address Space Map. 13: Memory Management. Let s be reasonable. Processes Address Space. Send it to disk. Freeing up System Memory
Recall: Address Space Map 13: Memory Management Biggest Virtual Address Stack (Space for local variables etc. For each nested procedure call) Sometimes Reserved for OS Stack Pointer Last Modified: 6/21/2004
More informationCSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger
CSCI 420: Mobile Application Security Lecture 7 Prof. Adwait Nadkarni Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger 1 cryptography < security Cryptography isn't the solution to
More informationInstructions 1 Elevation of Privilege Instructions
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3-6 players. Play starts with the 3 of Tampering. Play
More informationCS140 Operating Systems
1/27 CS140 Operating Systems Instructor: David Mazières CAs: Jeff Chase, Andrew He, Jeremy Hiatt, Samir Selman Stanford University 2/27 Administrivia Class web page: http://cs140.scs.stanford.edu/ - All
More informationAdministrivia. CS140 Operating Systems. Course topics. Lecture videos. Programming Assignments. Course goals
Administrivia CS140 Operating Systems Instructor: David Mazières CAs: Jeff Chase, Andrew He, Jeremy Hiatt, Samir Selman Stanford University Class web page: http://cs140.scs.stanford.edu/ - All assignments,
More informationSystem design issues
System design issues Systems often have many goals: - Performance, reliability, availability, consistency, scalability, security, versatility, modularity/simplicity Designers face trade-offs: - Availability
More informationTolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich
XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory,...
More informationCS510 Operating System Foundations. Jonathan Walpole
CS510 Operating System Foundations Jonathan Walpole Course Overview Who am I? Jonathan Walpole Professor at PSU since 2004, OGI 1989 2004 Research Interests: Operating System Design, Parallel and Distributed
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More information16 Sharing Main Memory Segmentation and Paging
Operating Systems 64 16 Sharing Main Memory Segmentation and Paging Readings for this topic: Anderson/Dahlin Chapter 8 9; Siberschatz/Galvin Chapter 8 9 Simple uniprogramming with a single segment per
More informationAdvanced Systems Security: Securing Commercial Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationFinal Examination CS 111, Fall 2016 UCLA. Name:
Final Examination CS 111, Fall 2016 UCLA Name: This is an open book, open note test. You may use electronic devices to take the test, but may not access the network during the test. You have three hours
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationOS Virtualization. Linux Containers (LXC)
OS Virtualization Emulate OS-level interface with native interface Lightweight virtual machines No hypervisor, OS provides necessary support Referred to as containers Solaris containers, BSD jails, Linux
More informationQualifying exam: operating systems, 1/6/2014
Qualifying exam: operating systems, 1/6/2014 Your name please: Part 1. Fun with forks (a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always
More informationOperating System Structure
Operating System Structure Heechul Yun Disclaimer: some slides are adopted from the book authors slides with permission Recap OS needs to understand architecture Hardware (CPU, memory, disk) trends and
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
More informationExt3/4 file systems. Don Porter CSE 506
Ext3/4 file systems Don Porter CSE 506 Logical Diagram Binary Formats Memory Allocators System Calls Threads User Today s Lecture Kernel RCU File System Networking Sync Memory Management Device Drivers
More informationOS DESIGN PATTERNS II. CS124 Operating Systems Fall , Lecture 4
OS DESIGN PATTERNS II CS124 Operating Systems Fall 2017-2018, Lecture 4 2 Last Time Began discussing general OS design patterns Simple structure (MS-DOS) Layered structure (The THE OS) Monolithic kernels
More informationPage 1. Goals for Today" TLB organization" CS162 Operating Systems and Systems Programming Lecture 11. Page Allocation and Replacement"
Goals for Today" CS162 Operating Systems and Systems Programming Lecture 11 Page Allocation and Replacement" Finish discussion on TLBs! Page Replacement Policies! FIFO, LRU! Clock Algorithm!! Working Set/Thrashing!
More informationLecture 1: January 23
CMPSCI 677 Distributed and Operating Systems Spring 2019 Lecture 1: January 23 Lecturer: Prashant Shenoy Scribe: Jonathan Westin (2019), Bin Wang (2018) 1.1 Introduction to the course The lecture started
More informationInstructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3 6 players. Play starts with the 3 of Tampering. Play
More information15 Sharing Main Memory Segmentation and Paging
Operating Systems 58 15 Sharing Main Memory Segmentation and Paging Readings for this topic: Anderson/Dahlin Chapter 8 9; Siberschatz/Galvin Chapter 8 9 Simple uniprogramming with a single segment per
More information1 / Must not leak contents of your files to network - Must not tamper with contents of your files 3 / 42
Outline DAC vs. MAC 1 Mandatory access control 2 Labels and lattices 3 LOMAC 4 SELinux Most people are familiar with discretionary access control (DAC) - Unix permission bits are an example - E.g., might
More informationOperating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
More informationCS 167 Final Exam Solutions
CS 167 Final Exam Solutions Spring 2018 Do all questions. 1. [20%] This question concerns a system employing a single (single-core) processor running a Unix-like operating system, in which interrupts are
More informationGFS: The Google File System
GFS: The Google File System Brad Karp UCL Computer Science CS GZ03 / M030 24 th October 2014 Motivating Application: Google Crawl the whole web Store it all on one big disk Process users searches on one
More informationRemote Procedure Call (RPC) and Transparency
Remote Procedure Call (RPC) and Transparency Brad Karp UCL Computer Science CS GZ03 / M030 10 th October 2014 Transparency in Distributed Systems Programmers accustomed to writing code for a single box
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More informationPROCESS VIRTUAL MEMORY PART 2. CS124 Operating Systems Winter , Lecture 19
PROCESS VIRTUAL MEMORY PART 2 CS24 Operating Systems Winter 25-26, Lecture 9 2 Virtual Memory Abstraction Last time, officially introduced concept of virtual memory Programs use virtual addresses to refer
More informationConfinement (Running Untrusted Programs)
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules
More informationCS 155 Final Exam. CS 155: Spring 2004 June 2004
CS 155: Spring 2004 June 2004 CS 155 Final Exam This exam is open books and open notes, but you may not use a laptop. You have 2 hours. Make sure you print your name legibly and sign the honor code below.
More informationMASSACHUSETTS INSTITUTE OF TECHNOLOGY Computer Systems Engineering: Spring Quiz I Solutions
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.033 Computer Systems Engineering: Spring 2011 Quiz I Solutions There are 10 questions and 12 pages in this
More informationMidterm Exam Solutions Amy Murphy 28 February 2001
University of Rochester Midterm Exam Solutions Amy Murphy 8 February 00 Computer Systems (CSC/56) Read before beginning: Please write clearly. Illegible answers cannot be graded. Be sure to identify all
More informationArchitecture. Steven M. Bellovin October 27,
Architecture Steven M. Bellovin October 27, 2015 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More informationNFS: Naming indirection, abstraction. Abstraction, abstraction, abstraction! Network File Systems: Naming, cache control, consistency
Abstraction, abstraction, abstraction! Network File Systems: Naming, cache control, consistency Local file systems Disks are terrible abstractions: low-level blocks, etc. Directories, files, links much
More informationSysSec. Aurélien Francillon
SysSec Aurélien Francillon francill@eurecom.fr https://www.krackattacks.com/ https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-ofhigh-security-keys-750k-estonian-ids/
More informationIntroduction to Linux
Introduction to Operating Systems All computers that we interact with run an operating system There are several popular operating systems Operating Systems OS consists of a suite of basic software Operating
More informationCPSC/ECE 3220 Fall 2017 Exam Give the definition (note: not the roles) for an operating system as stated in the textbook. (2 pts.
CPSC/ECE 3220 Fall 2017 Exam 1 Name: 1. Give the definition (note: not the roles) for an operating system as stated in the textbook. (2 pts.) Referee / Illusionist / Glue. Circle only one of R, I, or G.
More information