Operating Systems Security
|
|
- Garey Bond
- 5 years ago
- Views:
Transcription
1 Operating Systems Security CS 166: Introduction to Computer Systems Security 1
2 Acknowledgements Materials from the CS167 lecture slides by Tom Doeppner included with permission Some slides J. Liebow-Feeser, B. Palazzi, Z. Stoll, R. Tamassia, CC BY-SA 2.5 Examples of race conditions by Kevin Du 2
3 Source: XKCD 3
4 What is an Operating System? An operating system provides a useful way to interface with the hardware of the computer Hardware resources are accessed through abstractions provided by the OS CPU Memory Files / folders Windows Network Cursor Application Applications Operating System Hardware 4
5 Operating System Layers The operating system consists of several layers Hardware is at the bottom and applications are at the top The middle layers form the kernel Execution modes: user mode: access to resources mediated by the kernel kernel mode: full and direct access to resources The kernel supports efficient and secure sharing of resources among multiple applications and users Applications I/O Management Device Drivers Memory Management Process Management CPU Management Hardware 5
6 Processes The kernel views running programs as processes An application may consist of several processes A process may control other processes Operations start, suspend, resume, and terminate Processes run concurrently by timesharing execution on each CPU core Process identified by a number (process ID) and associated with a user Tree of processes Node: process Edge: connect a process (child) to the one that started it (parent) In Windows, applications stated by a user (e.g., Word) are typically children of the Windows Explorer process Child process inherits context from parent process 6
7 View Processes in Windows Task Manager Standard application List of running processes Basic information on each process Kill processes Process Explorer Add-on Detailed information on each process Color highlights Tree of processes Process Explorer 7
8 View Processes in Linux ps: displays snapshot of running processes ps -ef : show all processes ps -u <username>: show processes for a user top: updates list of running processes over time, sorted by CPU usage top u <username>: filter by username kill <pid>: terminates a process 8
9 The Windows Registry Database for global machine and user information The registry is a set of key-value pairs stored in folders (subkeys) Main folders are stored in hives Registry usually used for holding information such as configuration settings 9
10 Regedit Gives a view of the Windows registry The folders whose names begin with HKEY are hives They contain folders within them On the right, every folder lists its contents Source: 10
11 Registry Hives HKEY_LOCAL_MACHINE\SAM: Security Accounts Manager HKEY_LOCAL_MACHINE\Security: more security HKEY_LOCAL_MACHINE\Software: installed software settings HKEY_LOCAL_MACHINE\System: boot information HKEY_USERS\.DEFAULT: new user default settings A separate hive for each user, called the user profile hive, it is usually found under HKEY_USERS HKEY_CURRENT_USER: links to the hive of current user HKEY_CURRENT_CONFIG: hardware profile, links to HKEY_LOCAL_MACHINE/System/CurrentControlSet/HardwareProfiles 11
12 Process Management Access control policies determine which resources can be accessed by each process and which other processes it can control Each process has a context, which includes the user, parent process, and address space (for storing data and instructions) The OS manages the mapping of the address space to physical memory locations 12
13 Forensics with Processes Analyzing running processes can reveal the presence of malware Process Explorer can be used a forensic tool in Windows First, look for processes with suspicious names Need to know names of safe processes Beware of small name differences Next, inspect processes with known names Username Network activity Image (executable file) Path (location on disk) Author (e.g., Adobe must be the author of Acrobat) Digital signature (not always present or verifiable for open source software) 13
14 System Calls A process communicates with the kernel to access resources and starting a new process Resources are requested from the kernel by making a system call A system call is executed in kernel mode An OS provides a preset library of system calls In addition to system calls, the kernel also handles Traps: typically caused by error conditions Process System calls OS Traps Interrupts: generated by external devices Malware may modify the library of system calls to change program behavior (e.g., log file activity) Interrupts 14
15 Users Each process is associated with a user Specific users can have more privileges than regular users Install or remove programs Change rights of other users Modify the configuration of the system Unix: The root is a super-user with no restrictions Windows Special users SYSTEM, LOCAL SERVICE, and NETWORK SERVICE associated with the operating system itself One or more administrators, with fewer privileges than SYSTEM Problems with being logged on as root/administrator Accidental file deletions can disable system Malware infections can modify system 15
16 Windows User Access Control Protected administrator accounts Have standard user rights in regular mode Can temporarily acquire administrator rights through elevation UAC elevation dialog boxes Triggered by programs that require administrative privileges (e.g., installers) Require explicit user approval Optionally ask for password Source of images: articles by Mark Russinovich in Microsoft TechNet magazine. 16
17 Unix File Types and Permissions d r w x r w x r w x file type user group other 17
18 The /tmp Directory In Unix systems, directory /tmp is Readable by any user Writable by any user Usually wiped on reboot Convenience Place for temporary files used by applicaitons Files in /tmp are not subject to the user s space quota What could go wrong? Sharing of resources may lead to vulnerabilities 18
19 Symbolic Link In Unix, a symbolic link (aka symlink) is a file that points to (stores the path of) another file A process accessing a symbolic link is transparently redirected to accessing the destination of the symbolic link Symbolic links can be chained, but not to form a cycle Windows shortcuts play a similar role but don t provide transparent access to the destination 19
20 Setuid Programs Unix processes have two user IDs: real user ID: user launching the process effective user ID: user whose privileges are granted to the process An executable file can have the setuser-id property (setuid) enabled If a user A executes setuid file owned by B, then the effective user ID of the process is B and not A System call setuid(uid) allows a process to change its effective user ID to uid Some programs that access system resources are owned by root and have the setuid bit set (setuid programs) e.g., passwd and su Writing secure setuid programs is tricky because vulnerabilities may be exploited by malicious user actions 20
21 Gone for Ten Seconds You leave your desk for 10 seconds without locking your machine The attacker sits at your desk and types: % cp /bin/sh /tmp % chmod 4777 /tmp/sh The first command makes a copy of shell sh The second command makes sh a setuid program What happens next? The attacker can run the copy of the shell with your privileges For example: Can read your files Can change your files 21
22 Historical setuid Unix Vulnerabilities: chsh Command chsh (change shell) asks the user to input the name of a shell program and updates the password file The password file consists of lines with the format username [salt] passwordhash shell [directory info] Early implementation did not check if input consisted of more than one line What can go wrong? User could create a new root account with a two-line input 22
23 Historical setuid Unix Vulnerabilities: lpr Command lpr running as root setuid copied file to print, or symbolic link to it, to spool file named with 3-digit random job number (e.g., print954.spool) in /tmp Did not check if file already existed Random sequence was predictable and repeated after 1,000 times How can we exploit this? Attack A dangerous combination: setuid, /tmp, symlinks, Create new password file newpasswd Print a very large file lpr s /etc/passwd Print a small file 999 times lpr newpasswd The password file is overwritten with newpasswd 23
24 RPCs Remote Procedure Call When would an RPC be useful? Say you want a spelling suggestion from Google Furthermore, assume Google has a server set up to process such requests An RPC could be used to allow a process on your computer to send a word to Google whose server returns a spelling suggestion 24
25 Services and RPCs A service is a process that performs common tasks on behalf of other processes A remote procedure call is a cross-process function call A protocol for translating a function call on one platform to a native function call on another platform This can be done over a network or locally RPCs allow processes to communicate Normally processes are completely separate and are not even aware of each other s existence RPC calls allow a process to request an action and, sometimes, a response from another process Alternative to setuid for communicating with privileged processes 25
26 ServiWin Source: 26
27 Race Condition 1. if (!access("/tmp/x", W_OK)) { /* the real user ID has access right */ 2. f = open("/tmp/x", O_WRITE); 3. write_to_file(f); } else { /* the real user ID does not have access right */ 4. fprintf(stderr, "Permission denied\n"); } Source: Kevin Du, Race Condition Vulnerability, Lecture Notes Fragment of setuid program that writes into file /tmp/x on behalf of a user who created it access verifies permission of real user ID Transparently follows symlinks open verifies permission of effective user ID Transparently follows symlinks What can go wrong? 27
28 TOCTOU 1. if (!access("/tmp/x", W_OK)) { /* the real user ID has access right */ 2. f = open("/tmp/x", O_WRITE); 3. write_to_file(f); } else { /* the real user ID does not have access right */ 4. fprintf(stderr, "Permission denied\n"); } Fragment of setuid program access verifies permission of real user ID open verifies permission of effective user ID What can go wrong? In between (1) and (2), user could replace /tmp/x with symlink to /etc/passwd Not easy to accomplish (timing) Example of time of check to time of use (TOCTOU) vulnerability 28
29 Attempt to Fix the Race Condition 1. lstat("/tmp/x", &statbefore); 2. if (!access("/tmp/x", O_RDWR)) { 3. int f = open("/tmp/x", O_RDWR); 4. fstat(f, &statafter); 5. if (statafter.st_ino == statbefore.st_ino) { /* the I-node is still the same */ 6. write_to_file(f); } 7. else perror("race Condition Attacks!"); } 8. else fprintf(stderr, "Permission denied\n"); } Source: Kevin Du, Race Condition Vulnerability, Lecture Notes lstat and fstat access file descriptor for a path, which includes unique file ID (st_ino) lstat does not traverse symlink fstat accesses descriptor of open file, after symlink traversed by open Step (5) compares IDs of file checked in (1) and file opened in (3) Check-use-check_again approach Defeats swapping in symlink between access and open Fails also if /tmp/x is a symlink when (2) is executed 29
30 Does the Fix Work? 1. lstat("/tmp/x", &statbefore); 2. if (!access("/tmp/x", O_RDWR)) { 3. int f = open("/tmp/x", O_RDWR); 4. fstat(f, &statafter); 5. if (statafter.st_ino == statbefore.st_ino) { /* the I-node is still the same */ 6. write_to_file(f); } 7. else perror("race Condition Attacks!"); } 8. else fprintf(stderr, "Permission denied\n"); } lstat and fstat access file descriptor for a path, which includes unique file ID (st_ino) lstat does not traverse symlinks in path fstat accesses descriptor of open file, after symlinks traversed by open New attack Before (1) /tmp/x is a hard link to /etc/passwd Between (1) and (2) swap in hard link to user-owned file Between (2) and (3) swap in again hard link to /etc/passwd 30
31 Negative Result Assumptions Setuid program Path-based permission check for real user ID via syscall access(path, permission) that returns 0 or -1 No atomic check-and-open-file syscall Theorem Program is vulnerable to TOCTOU race condition Proof Attacker can always swaps good file before access and bad file after access lstat/fstat do not help since they are path-based as well Reference Dean, Drew, Alan J. Hu: Fixing Races for Fun and Profit: How to Use access (2). USENIX Security Symposium,
32 Mitigating and Eliminating Race Conditions Hardness amplification Force the adversary to win a large number of races instead of just one or two in order to exploit the vulnerability Reduces the probability of success Complex to accomplish correctly Reference Dan Tsafrir, Tomer Hertz, David Wagner, Dilma Da Silva: Portably Solving File TOCTTOU Races with Hardness Amplification. USENIX File and Storage Technologies, 2008 Temporary privilege downgrade Within same process Drop to real user ID privileges via setuid(real_userid) Open file Restore root privileges With child process Fork child process with real user ID privileges to open file Approach not portable across Unix variants 32
33 What We Have Learned What is an operating system Processes, users, files, permissions Setuid programs Dangers of symlinks, setuid, and shared directories Race conditions and time-of-check-to-time-of-use for access/open syscalls 33
CIS Operating Systems File Systems Security. Professor Qiang Zeng Fall 2017
CIS 5512 - Operating Systems File Systems Security Professor Qiang Zeng Fall 2017 Previous class File and directory Hard link and soft link Mount Layered structure File system design Naïve: linked list
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationSysSec. Aurélien Francillon
SysSec Aurélien Francillon francill@eurecom.fr https://www.krackattacks.com/ https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-ofhigh-security-keys-750k-estonian-ids/
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: Dan Boneh What Happens if you can t drop privilege? In what example scenarios does this happen? A service loop E.g., ssh Solution?
More informationPortably Preventing File Race Attacks with User-Mode Path Resolution
Portably Preventing File Race Attacks with User-Mode Path Resolution Dan Tsafrir Tomer Hertz David Wagner Dilma Da Silva IBM Research Microsoft Research UC Berkeley IBM Research dilmasilva@us.ibm.com TOCTTOU
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Race Conditions Secure Software Programming 2 Overview Parallel execution
More informationRace Condition Vulnerability Lab
Concordia Institute for Information Systems Engineering - INSE 6130 1 Race Condition Vulnerability Lab Copyright c 2006-2012 Wenliang Du, Syracuse University. The development of this document is funded
More informationExploiting Unix File-System Races via Algorithmic Complexity Attacks
Exploiting Unix File-System Races via Algorithmic Complexity Attacks Xiang Cai, Yuwei Gui, and Rob Johnson (Stony Brook University). IEEE Symposium on Security and Privacy, May 2009. Agenda Introduction
More informationInformation Security CS 526
Information Security CS 526 s Security Basics & Unix Access Control 1 Readings for This Lecture Wikipedia CPU modes System call Filesystem Permissions Other readings UNIX File and Directory Permissions
More information3/7/18. Secure Coding. CYSE 411/AIT681 Secure Software Engineering. Race Conditions. Concurrency
Secure Coding CYSE 411/AIT681 Secure Software Engineering Topic #13. Secure Coding: Race Conditions Instructor: Dr. Kun Sun String management Pointer Subterfuge Dynamic memory management Integer security
More informationSymlink attacks. Do not assume that symlinks are trustworthy: Example 1
Symlink attacks Do not assume that symlinks are trustworthy: Example 1 Application A creates a file for writing in /tmp. It assumes that since the file name is unusual, or because it encodes A's name or
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More informationOS Security III: Sandbox and SFI
1 OS Security III: Sandbox and SFI Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 VMs on lab machine Extension? 3 Users and processes FACT: although ACLs use users as subject, the OS
More informationCYSE 411/AIT681 Secure Software Engineering Topic #13. Secure Coding: Race Conditions
CYSE 411/AIT681 Secure Software Engineering Topic #13. Secure Coding: Race Conditions Instructor: Dr. Kun Sun 1 Secure Coding String management Pointer Subterfuge Dynamic memory management Integer security
More informationPROCESS CONTROL BLOCK TWO-STATE MODEL (CONT D)
MANAGEMENT OF APPLICATION EXECUTION PROCESS CONTROL BLOCK Resources (processor, I/O devices, etc.) are made available to multiple applications The processor in particular is switched among multiple applications
More informationCS 326: Operating Systems. Process Execution. Lecture 5
CS 326: Operating Systems Process Execution Lecture 5 Today s Schedule Process Creation Threads Limited Direct Execution Basic Scheduling 2/5/18 CS 326: Operating Systems 2 Today s Schedule Process Creation
More informationAnnouncements Processes: Part II. Operating Systems. Autumn CS4023
Operating Systems Autumn 2018-2019 Outline Announcements 1 Announcements 2 Announcements Week04 lab: handin -m cs4023 -p w04 ICT session: Introduction to C programming Outline Announcements 1 Announcements
More informationCS 380S. TOCTTOU Attacks. Don Porter. Some slides courtesy Vitaly Shmatikov and Emmett Witchel. slide 1
CS 380S TOCTTOU Attacks Don Porter Some slides courtesy Vitaly Shmatikov and Emmett Witchel slide 1 Definitions TOCTTOU Time of Check To Time of Use Check Establish some precondition (invariant), e.g.,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationOperating Systems Linux 1-2 Measurements Background material
Operating Systems Linux 1-2 Measurements Background material Introduction The Linux measurements were designed to allow you to have an impression about the administration of Linux severs along with providing
More informationADVANCED OPERATING SYSTEMS
ADVANCED OPERATING SYSTEMS UNIT I INTRODUCTION TO UNIX/LINUX KERNEL BY MR.PRASAD SAWANT Prof.Prasad Sawant,Assitiant Professor,Dept. Of CS PCCCS PREREQUISITES: 1. Working knowledge of C programming. 2.
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More informationInf2C - Computer Systems Lecture 16 Exceptions and Processor Management
Inf2C - Computer Systems Lecture 16 Exceptions and Processor Management Boris Grot School of Informatics University of Edinburgh Class party! When: Friday, Dec 1 @ 8pm Where: Bar 50 on Cowgate Inf2C Computer
More informationCS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Fall 2016 Lecture 5 Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 User Operating System Interface - CLI CLI
More information? Resource. Announcements. Access control. Access control in operating systems. References. u Homework Due today. Next assignment out next week
Announcements Access control John Mitchell u Homework Due today. Next assignment out next week u Graders If interested in working as grader, send email to Anupam u Projects Combine some of the project
More informationProcess Time. Steven M. Bellovin January 25,
Multiprogramming Computers don t really run multiple programs simultaneously; it just appears that way Each process runs to completion, but intermixed with other processes Process 1 6 ticks Process 2 Process
More informationKeys and Passwords. Steven M. Bellovin October 17,
Keys and Passwords Steven M. Bellovin October 17, 2010 1 Handling Long-Term Keys Where do cryptographic keys come from? How should they be handled? What are the risks? As always, there are tradeoffs Steven
More information(In columns, of course.)
CPS 310 first midterm exam, 10/9/2013 Your name please: Part 1. Fun with forks (a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always the same.
More informationDynamic Detection and Prevention of Race Conditions in File Accesses
Dynamic Detection and Prevention of Race Conditions in File Accesses Eugene Tsyrklevich eugene@securityarchitects.com Outline What are race conditions? How can we prevent them? Implementation description
More informationMon Sep 17, 2007 Lecture 3: Process Management
Mon Sep 17, 2007 Lecture 3: Process Management September 19, 2007 1 Review OS mediates between hardware and user software QUIZ: Q: Name three layers of a computer system where the OS is one of these layers.
More informationSystem Programming. Introduction to Unix
Content : by Dr. B. Boufama School of Computer Science University of Windsor Instructor: Dr. A. Habed adlane@cs.uwindsor.ca http://cs.uwindsor.ca/ adlane/60-256 Content Content 1 Introduction 2 3 Introduction
More informationCS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES
CS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES Your name: SUNet ID: In accordance with both the letter and the spirit of the Stanford Honor Code, I did not cheat on this exam. Furthermore,
More informationCSC 405 Computer Security Linux Security
CSC 405 Computer Security Linux Security Alexandros Kapravelos akaprav@ncsu.edu Unix / Linux Started in 1969 at AT&T / Bell Labs Split into a number of popular branches BSD, System V (commercial, AT&T),
More informationCS2506 Quick Revision
CS2506 Quick Revision OS Structure / Layer Kernel Structure Enter Kernel / Trap Instruction Classification of OS Process Definition Process Context Operations Process Management Child Process Thread Process
More informationOutline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components
UNIX security Ulf Larson (modified by Erland Jonsson/Magnus Almgren) Computer security group Dept. of Computer Science and Engineering Chalmers University of Technology, Sweden Outline UNIX security ideas
More informationTHE PROCESS ABSTRACTION. CS124 Operating Systems Winter , Lecture 7
THE PROCESS ABSTRACTION CS124 Operating Systems Winter 2015-2016, Lecture 7 2 The Process Abstraction Most modern OSes include the notion of a process Term is short for a sequential process Frequently
More informationENGR 3950U / CSCI 3020U Midterm Exam SOLUTIONS, Fall 2012 SOLUTIONS
SOLUTIONS ENGR 3950U / CSCI 3020U (Operating Systems) Midterm Exam October 23, 2012, Duration: 80 Minutes (10 pages, 12 questions, 100 Marks) Instructor: Dr. Kamran Sartipi Question 1 (Computer Systgem)
More informationThe Kernel Abstraction. Chapter 2 OSPP Part I
The Kernel Abstraction Chapter 2 OSPP Part I Kernel The software component that controls the hardware directly, and implements the core privileged OS functions. Modern hardware has features that allow
More informationUnix Basics. UNIX Introduction. Lecture 14
Unix Basics Lecture 14 UNIX Introduction The UNIX operating system is made up of three parts; the kernel, the shell and the programs. The kernel of UNIX is the hub of the operating system: it allocates
More informationProcesses. Dr. Yingwu Zhu
Processes Dr. Yingwu Zhu Process Growing Memory Stack expands automatically Data area (heap) can grow via a system call that requests more memory - malloc() in c/c++ Entering the kernel (mode) Hardware
More informationNon-atomic check and use aka TOCTOU (Time of Check, Time of Use) or race conditions. Erik Poll Digital Security group Radboud University Nijmegen
Non-atomic check and use aka TOCTOU (Time of Check, Time of Use) or race conditions Erik Poll Digital Security group Radboud University Nijmegen A classic source of (security) problems race condition aka
More informationLecture 4: Process Management
Lecture 4: Process Management (Chapters 2-3) Process: execution context of running program. A process does not equal a program! Process is an instance of a program Many copies of same program can be running
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationCS61 Scribe Notes Lecture 18 11/6/14 Fork, Advanced Virtual Memory
CS61 Scribe Notes Lecture 18 11/6/14 Fork, Advanced Virtual Memory Roger, Ali, and Tochi Topics: exploits fork shell programming rest of course announcements/ending (for later info) final (not as time
More informationOS security mechanisms:
OS security mechanisms: Memory Protection: One of the important aspects of Operating system security is Memory Protection. Memory provides powerful indirect way for an attacker to circumvent security mechanism,
More informationThe Kernel. wants to be your friend
The Kernel wants to be your friend Boxing them in Buggy apps can crash other apps App 1 App 2 App 3 Operating System Reading and writing memory, managing resources, accessing I/O... Buggy apps can crash
More informationChapter 6. File Systems
Chapter 6 File Systems 6.1 Files 6.2 Directories 6.3 File system implementation 6.4 Example file systems 350 Long-term Information Storage 1. Must store large amounts of data 2. Information stored must
More informationServer. Client LSA. Winlogon LSA. Library SAM SAM. Local logon NTLM. NTLM/Kerberos. EIT060 - Computer Security 2
Local and Domain Logon User accounts and groups Access tokens Objects and security descriptors The Register Some features in Windows 7 and Windows 8 Windows XP evolved from Windows 2000 Windows 10, 8,
More informationOperating System Architecture. CS3026 Operating Systems Lecture 03
Operating System Architecture CS3026 Operating Systems Lecture 03 The Role of an Operating System Service provider Provide a set of services to system users Resource allocator Exploit the hardware resources
More informationBasic Linux Security. Roman Bohuk University of Virginia
Basic Linux Security Roman Bohuk University of Virginia What is Linux? An open source operating system Project started by Linus Torvalds kernel Kernel: core program that controls everything else (controls
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationOperating System Services
CSE325 Principles of Operating Systems Operating System Services David Duggan dduggan@sandia.gov January 22, 2013 Reading Assignment 3 Chapter 3, due 01/29 1/23/13 CSE325 - OS Services 2 What Categories
More informationOutline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines
Outline Operating System Security CS 239 Computer Security February 23, 2004 Introduction Memory protection Interprocess communications protection File protection Page 1 Page 2 Introduction Why Is OS Security
More information(MCQZ-CS604 Operating Systems)
command to resume the execution of a suspended job in the foreground fg (Page 68) bg jobs kill commands in Linux is used to copy file is cp (Page 30) mv mkdir The process id returned to the child process
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path TCP wrappers Race conditions NOTE: filenames may differ between OS/distributions
More informationECE 550D Fundamentals of Computer Systems and Engineering. Fall 2017
ECE 550D Fundamentals of Computer Systems and Engineering Fall 2017 The Operating System (OS) Prof. John Board Duke University Slides are derived from work by Profs. Tyler Bletsch and Andrew Hilton (Duke)
More informationThe Kernel Abstraction
The Kernel Abstraction Debugging as Engineering Much of your time in this course will be spent debugging In industry, 50% of software dev is debugging Even more for kernel development How do you reduce
More informationCS5460: Operating Systems
CS5460: Operating Systems Lecture 5: Processes and Threads (Chapters 3-4) Context Switch Results lab2-15 gamow home 3.8 us 1.6 us 1.0 us VirtualBox on lab2-25 VirtualBox on gamow VirtualBox on home 170
More informationPrivilege Escalation
Privilege Coleman Kane Coleman.Kane@ge.com February 9, 2015 Security Vulnerability Assessment Privilege 1 / 14 root, or Privilege or Elevation is the act of gaining access to resources which were intended
More informationMidterm Exam CPS 210: Operating Systems Spring 2013
Your name: Sign for your honor: Midterm Exam CPS 210: Operating Systems Spring 2013 The last page of this exam is a list of terms used in this class, and whose meanings you should know. You may detach
More informationOperating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
More informationEECS 482 Introduction to Operating Systems
EECS 482 Introduction to Operating Systems Winter 2018 Harsha V. Madhyastha Recap: Page Replacement LRU OPT for realistic workloads Leverage temporal locality to reduce page faults Clock replacement is
More informationCPSC 341 OS & Networks. Processes. Dr. Yingwu Zhu
CPSC 341 OS & Networks Processes Dr. Yingwu Zhu Process Concept Process a program in execution What is not a process? -- program on a disk A process is an active object, but a program is just a file It
More informationCS61 Scribe Notes Date: Topic: Fork, Advanced Virtual Memory. Scribes: Mitchel Cole Emily Lawton Jefferson Lee Wentao Xu
CS61 Scribe Notes Date: 11.6.14 Topic: Fork, Advanced Virtual Memory Scribes: Mitchel Cole Emily Lawton Jefferson Lee Wentao Xu Administrivia: Final likely less of a time constraint What can we do during
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
More informationCSE 127: Computer Security. Security Concepts. Kirill Levchenko
CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify
More informationUnix Processes. What is a Process?
Unix Processes Process -- program in execution shell spawns a process for each command and terminates it when the command completes Many processes all multiplexed to a single processor (or a small number
More informationSoftware Security and Exploitation
COMS E6998-9: 9: Software Security and Exploitation Lecture 8: Fail Secure; DoS Prevention; Evaluating Components for Security Hugh Thompson, Ph.D. hthompson@cs.columbia.edu Failing Securely and Denial
More informationCS 200. User IDs, Passwords, Permissions & Groups. User IDs, Passwords, Permissions & Groups. CS 200 Spring 2017
CS 200 User IDs, Passwords, Permissions & Groups 1 Needed to control access to sharepoints and their contents Because Macs & PCs now support multiple accounts, user IDs and passwords are also needed on
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path Race conditions NOTE: filenames may differ between OS/distributions Principals
More informationAdvanced Systems Security: Confused Deputy
Advanced Systems Security: Confused Deputy Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University 1 Talk Outline
More informationG54ADM Sample Exam Questions and Answers
G54ADM Sample Exam Questions and Answers Question 1 Compulsory Question (34 marks) (a) i. Explain the purpose of the UNIX password file. (2 marks) ii. Why doesn t the password file contain passwords? (2
More informationMid Term from Feb-2005 to Nov 2012 CS604- Operating System
Mid Term from Feb-2005 to Nov 2012 CS604- Operating System Latest Solved from Mid term Papers Resource Person Hina 1-The problem with priority scheduling algorithm is. Deadlock Starvation (Page# 84) Aging
More informationCPSC 341 OS & Networks. Introduction. Dr. Yingwu Zhu
CPSC 341 OS & Networks Introduction Dr. Yingwu Zhu What to learn? Concepts Processes, threads, multi-processing, multithreading, synchronization, deadlocks, CPU scheduling, networks, security Practice:
More informationCPS221 Lecture: Operating System Protection
Objectives CPS221 Lecture: Operating System Protection last revised 9/5/12 1. To explain the use of two CPU modes as the basis for protecting privileged instructions and memory 2. To introduce basic protection
More informationCS197U: A Hands on Introduction to Unix
CS197U: A Hands on Introduction to Unix Lecture 4: My First Linux System Tian Guo University of Massachusetts Amherst CICS 1 Reminders Assignment 2 was due before class Assignment 3 will be posted soon
More informationOperating Systems. Lecture 05
Operating Systems Lecture 05 http://web.uettaxila.edu.pk/cms/sp2013/seosbs/ February 25, 2013 Process Scheduling, System Calls Execution (Fork,Wait,Exit,Exec), Inter- Process Communication Schedulers Long
More informationCSCE Operating Systems Interrupts, Exceptions, and Signals. Qiang Zeng, Ph.D. Fall 2018
CSCE 311 - Operating Systems Interrupts, Exceptions, and Signals Qiang Zeng, Ph.D. Fall 2018 Previous Class Process state transition Ready, blocked, running Call Stack Execution Context Process switch
More informationCapability and System Hardening
P a g e 1 Date Assigned: mm/dd/yyyy Date Due: mm/dd/yyyy by hh:mm Educational Objectives Capability and System Hardening This lab is designed to help you gain a better understanding of system hardening
More informationI m paranoid, but am I paranoid enough? Steven M. Bellovin February 20,
I m paranoid, but am I paranoid enough? Steven M. Bellovin February 20, 2007 1 Special Techniques for Secure Programs Buffer overflows are bad in any case Some problems are only a risk for secure programs
More informationIntroduction to Computer Security
Introduction to Computer Security UNIX Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Genesis: UNIX vs. MULTICS MULTICS (Multiplexed Information and Computing Service) a high-availability,
More informationDistributed Systems CSCI-B 534/ENGR E-510. Spring 2019 Instructor: Prateek Sharma
Distributed Systems CSCI-B 534/ENGR E-510 Spring 2019 Instructor: Prateek Sharma Two Generals Problem Two Roman Generals want to co-ordinate an attack on the enemy Both must attack simultaneously. Otherwise,
More informationSTING: Finding Name Resolution Vulnerabilities in Programs
STING: Finding Name Resolution ulnerabilities in Programs Hayawardh ijayakumar, Joshua Schiffman, Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department
More informationOperating Systems Lab 1 (Users, Groups, and Security)
Operating Systems Lab 1 (Users, Groups, and Security) Overview This chapter covers the most common commands related to users, groups, and security. It will also discuss topics like account creation/deletion,
More informationELEC 377 Operating Systems. Week 1 Class 2
Operating Systems Week 1 Class 2 Labs vs. Assignments The only work to turn in are the labs. In some of the handouts I refer to the labs as assignments. There are no assignments separate from the labs.
More informationCS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching
CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring 2004 Lecture 18: Naming, Directories, and File Caching 18.0 Main Points How do users name files? What is a name? Lookup:
More informationDirty COW Attack Lab
SEED Labs Dirty COW Attack Lab 1 Dirty COW Attack Lab Copyright 2017 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation under Award
More informationCommand-line interpreters
Command-line interpreters shell Wiki: A command-line interface (CLI) is a means of interaction with a computer program where the user (or client) issues commands to the program in the form of successive
More informationPROCESS MANAGEMENT. Operating Systems 2015 Spring by Euiseong Seo
PROCESS MANAGEMENT Operating Systems 2015 Spring by Euiseong Seo Today s Topics Process Concept Process Scheduling Operations on Processes Interprocess Communication Examples of IPC Systems Communication
More informationCS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching
CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring 2002 Lecture 18: Naming, Directories, and File Caching 18.0 Main Points How do users name files? What is a name? Lookup:
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationSecure Architecture Principles
CS 155 Spring 2017 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Secure Architecture Principles Isolation
More informationCS 290 Host-based Security and Malware. Christopher Kruegel
CS 290 Host-based Security and Malware Christopher Kruegel chris@cs.ucsb.edu Windows Windows > 90 % of all computers run Windows when dealing with security issues, it is important to have (some) knowledge
More informationAnnouncement. Exercise #2 will be out today. Due date is next Monday
Announcement Exercise #2 will be out today Due date is next Monday Major OS Developments 2 Evolution of Operating Systems Generations include: Serial Processing Simple Batch Systems Multiprogrammed Batch
More informationCS 5460/6460 Operating Systems
CS 5460/6460 Operating Systems Fall 2009 Instructor: Matthew Flatt Lecturer: Kevin Tew TAs: Bigyan Mukherjee, Amrish Kapoor 1 Join the Mailing List! Reminders Make sure you can log into the CADE machines
More informationCSE 390a Lecture 2. Exploring Shell Commands, Streams, Redirection, and Processes
CSE 390a Lecture 2 Exploring Shell Commands, Streams, Redirection, and Processes slides created by Marty Stepp, modified by Jessica Miller & Ruth Anderson http://www.cs.washington.edu/390a/ 1 2 Lecture
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More information