CIT 480: Securing Computer Systems. Operating System Concepts

Similar documents
Module 1: Virtualization. Types of Interfaces

Dan Noé University of New Hampshire / VeloBit

The Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand


CS 550 Operating Systems Spring Introduction to Virtual Machines

Virtual Machines. Part 2: starting 19 years ago. Operating Systems In Depth IX 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Virtualization Overview NSRC

1 Virtualization Recap

CSCI 8530 Advanced Operating Systems. Part 19 Virtualization

Processes. Sanzheng Qiao. December, Department of Computing and Software

518 Lecture Notes Week 3

Virtualization. Pradipta De

KVM Guest Management With Virt-Manager On Ubuntu 8.10

Operating Systems 4/27/2015

CSCE Introduction to Computer Systems Spring 2019

Overview of System Virtualization: The most powerful platform for program analysis and system security. Zhiqiang Lin

Chap 4, 5: Process. Dongkun Shin, SKKU

Lecture 7. Xen and the Art of Virtualization. Paul Braham, Boris Dragovic, Keir Fraser et al. 16 November, Advanced Operating Systems

Operating System Security

CrashOS: Hypervisor testing tool

Secure Containers with EPT Isolation

Hypervisor security. Evgeny Yakovlev, DEFCON NN, 2017

Lecture 1 OS Introduction. Bo 2018, Spring

Virtualization. Santa Clara Valley Chapter of the IEEE Communication Society June 20, 2007 Scott Lurndal, 3Leaf Systems

Processes. Dr. Yingwu Zhu

LINUX Virtualization. Running other code under LINUX

Red Hat Enterprise Linux 8.0 Beta

CIT 480: Securing Computer Systems. Authentication

Operating System Labs. Yuanbin Wu

Virtual machine architecture and KVM analysis D 陳彥霖 B 郭宗倫

Reducing CPU usage of a Toro Appliance

CompTIA Linux+ Guide to Linux Certification Fourth Edition. Chapter 2 Linux Installation and Usage

Processes. Process Management Chapter 3. When does a process gets created? When does a process gets terminated?

CHAPTER 1 Introduction to Computers and Java

ECE 550D Fundamentals of Computer Systems and Engineering. Fall 2017

ENGR 3950U / CSCI 3020U Midterm Exam SOLUTIONS, Fall 2012 SOLUTIONS

Advanced Operating Systems (CS 202) Virtualization

Introduction to Android

Figure 1: Creating new VM in VirtualBox. Please change the parameters and options, and make them exactly like the following figure.

Transplantation of VirtualBox to the NOVA microhypervisor. Norman Feske

(MCQZ-CS604 Operating Systems)

CS2506 Quick Revision

CS 326: Operating Systems. Process Execution. Lecture 5

Privilege Escalation

CSC 5930/9010 Cloud S & P: Virtualization

Virtual Machine Security

Virtualization Device Emulator Testing Technology. Speaker: Qinghao Tang Title 360 Marvel Team Leader

Nested Virtualization and Server Consolidation

PROCESS MANAGEMENT. Operating Systems 2015 Spring by Euiseong Seo

Lecture 5: February 3


Processes. CS3026 Operating Systems Lecture 05

Installing MediaWiki using VirtualBox

CIT 480: Securing Computer Systems

Unix Processes. What is a Process?

How to Install Oracle VM VirtualBox and Create a Virtual Machine

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1

General-purpose computing with VirtualBox on Genode/NOVA. Norman Feske

DOUG GOLDSTEIN STAR LAB XEN SUMMIT AUG 2016 ATTACK SURFACE REDUCTION

COMP 3430 Robert Guderian

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1

Linux Operating System

What is Cloud Computing? Cloud computing is the dynamic delivery of IT resources and capabilities as a Service over the Internet.

CS370: Operating Systems [Spring 2017] Dept. Of Computer Science, Colorado State University

Virtual Data Center (vdc) Manual

Processes. OS Structure. OS Structure. Modes of Execution. Typical Functions of an OS Kernel. Non-Kernel OS. COMP755 Advanced Operating Systems

Introduction to containers

Operating System Structure

SNS COLLEGE OF ENGINEERING

Virtualization. Starting Point: A Physical Machine. What is a Virtual Machine? Virtualization Properties. Types of Virtualization

Virtualization. ! Physical Hardware Processors, memory, chipset, I/O devices, etc. Resources often grossly underutilized

Mid Term from Feb-2005 to Nov 2012 CS604- Operating System

Chapter 3. Operating Systems Pearson Addison-Wesley. All rights reserved

COLORADO, USA; 2 Usov Aleksey Yevgenyevich - Technical Architect, RUSSIAN GOVT INSURANCE, MOSCOW; 3 Kropachev Artemii Vasilyevich Manager,

Kernel Support for Paravirtualized Guest OS

Processes in linux. What s s a process? process? A dynamically executing instance of a program. David Morgan. David Morgan

Linux Essentials. Smith, Roderick W. Table of Contents ISBN-13: Introduction xvii. Chapter 1 Selecting an Operating System 1

CIT 480: Securing Computer Systems. Putting It All Together

OS Structure. Kevin Webb Swarthmore College January 25, Relevant xkcd:

Operating System Control Structures

LIA. Large Installation Administration. Virtualization

SEEDAndroid User Manual

Engineering Robust Server Software

CS 5460/6460 Operating Systems

Virtualization with XEN. Trusted Computing CS599 Spring 2007 Arun Viswanathan University of Southern California

Chapter 3: Processes

Chapter 3: Processes. Operating System Concepts 9 th Edit9on

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

Virtualization Introduction

Underlying computer system = hardware + software

TDDI04, K. Arvidsson, IDA, Linköpings universitet Operating System Structures. Operating System Structures Overview. Operating System Services

Introduction Construction State of the Art. Virtualization. Bernhard Kauer OS Group TU Dresden Dresden,

SaaSaMe Transport Workload Snapshot Export for. Alibaba Cloud

HW isolation for automotive environment BoF

Chapter 5 C. Virtual machines

CS-580K/480K Advanced Topics in Cloud Computing. VM Virtualization II

Virtualization. Operating Systems, 2016, Meni Adler, Danny Hendler & Amnon Meisels

Using VMware Player 3.0 with USB Pocket Hard Drive For IT Curriculum

Transcription:

CIT 480: Securing Computer Systems Operating System Concepts

Topics 1. What is an OS? 2. Processes 3. Memory management 4. Filesystems 5. Virtual machines

A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory (RAM), input/output (I/O) devices, and long-term storage. I/O CPU 0 1 2 3 4 5 6 7 8 9... RAM Disk Drive

OS Concepts An operating system (OS) provides interface between the users of a computer and that computer s hardware. Handles multiple users Handles multiple programs per user Manages resource allocation CPU RAM Disk Network and other hardware access

The Kernel Core of operating system. Always in RAM. Layer between hardware and applications.

CPU Management Protection rings Lower number=higher privilege Certain CPU instructions only available in lower rings. Windows/Linux ring use Kernel runs in ring 0. User programs run in ring 3. Changing rings Interrupts change to ring 0. Interrupts also changes location of current CPU instruction to address in kernel.

Multitasking Multitasking Give each running program a slice of the CPU s time. The CPU is running so fast that to any user it appears that the computer is running all the programs simultaneously. A program runs until one of the following occurs: 1. It has used up its entire time slice. 2. It asks the kernel to access a resource. 3. An interrupt occurs.

System Calls User applications can t access hardware directly as it requires privileged CPU instructions, and thus must ask kernel to access hardware via system calls. System calls setup a data structure describing the request to make and then cause an interrupt. Examples: File I/O: open, close, read, write Request memory: brk Creation process: fork Running application: exec

Interrupts

What is a process? A process is a program in execution. Program code + dynamic execution context. Virtualization Processes provide virtual CPU + virtual memory. Kernel refers to processes as tasks.

What is in a process? A process consists of: Process ID (PID) Program code. Address space. Data. Resources: Open files Network connections If you run a program 3 times, you created 3 different processes.

Top: highest CPU processes

fork() and exec() model fork() creates a new process New PID New address space Same program code and data exec() replaces code with that of a new program $ ls fork() creates a copy of the bash shell exec() loads and runs the ls program exit() terminates ls program

Process Creation and Termination

The Process Tree OS kernel creates first process init, PID 1. All other processes created by init or by processes created by init via fork() and exec(). There init is the parent or great n - grandparent of all processes..

Viewing the Process Tree with ps

Multitasking Processes

Memory Management OS manages physical RAM. Gives each process a virtual address space. On a 32-bit machine, 2 32 bytes=4gb maximum RAM Process sees 3GB for itself. 1GB reserved for OS kernel. By creating a page table for each process. Memory is divided into pages of ~ 4KB each Address divided into page number + offset. Page table is a map from virtual pages to physical pages. CPU uses page table to translate virtual addresses to physical addresses. Only the kernel can modify a page table. A process cannot access memory of other processes since its page table does not contain mappings to their memory pages.

Virtual Address Translation

Virtual Memory OS gives each process 4GB Most processes do not use that much RAM. Many page table entries are blank. A single process cannot use more than 3GB (1GB reserved for OS kernel.) All processes together may require more RAM than is physically available. OS can map pages to the hard disk to handle that case.

Page Table Metadata Pages have permissions Read No execute (NX) A page fault interrupt is generated by kernel when Memory access attempted that would violate permissions. Page is marked as not valid (not mapped to a physical page.)

Page Faults 1. Process requests virtual address not in memory, causing a page fault. 2. Paging supervisor pages Process Blocks in physical memory read 0110101 Page fault, let me fix that. Paging supervisor out an old block of physical memory. old 3. Paging supervisor locates requested block on the disk and brings it into RAM memory. new External disk

Memory Layout of a Process

Input/Output The input/output devices of a computer include things like its keyboard, mouse, video display, and network card, as well as other more optional devices, like a scanner, Wi-Fi interface, video camera, USB ports, etc. Each such device is represented in an operating system using a device driver, which encapsulates the details of how interaction with that device should be done. The application programmer interface (API), which the device drivers present to application programs, allows those programs to interact with those devices at a fairly high level, while the operating system does the heavy lifting of performing the low-level interactions that make such devices actually work.

Filesystems A filesystem is an abstraction of how external storage of the computer is organized. An OS can support multiple filesystems. Examples: ext4fs, iso9660, YAFFS, etc. Operating systems typically organize files hierarchically into folders, also called directories. Each folder may contain files and/or subfolders. Thus, a filesystem consists of a collection of nested folders that form a tree. The topmost folder is the root of this tree and is also called the root folder.

File System Example

Virtual Machines Virtual machine: Software that emulates a computer system so that another OS can run on top of the existing OS. Benefits: Hardware Efficiency Portability Security Management Public domain image from http://commons.wikimedia.org/wiki/file:vmm-type2.jpg

Virtualization adds Hypervisor OS In a VM, apps run on guest OS. Guest OS runs on top of a hypervisor OS.

Each VM has own Guest OS Linux BSD W2k8 Virtual Machines Physical Machine

Hypervisor Security Vulnerability consequences Guest code execution with privilege VM Escape (Host code execution) Vendor CVEs KVM 32 QEMU 23 VirtualBox 9 VMware 126 Xen 86 Xen CVE-2008-1943 VBox CVE-2010-3583

Key Points 1. An OS is a layer btw applications and hardware 1. Manages users, processes, and hardware resources. 2. A process is a program in execution 1. PID identifies process. 2. fork() creates a copy of a process. 3. exec() runs a new program into address space. 3. A process runs until 1. Its time slice expires. 2. It requests OS help via a system call. 3. An interrupt occurs. 4. Each process has its own virtual address space 1. Setup by kernel created page table. 2. CPU translates virtual to physical addresses via table. 3. Page fault occurs when page is mapped to disk (or does not exist.)

References 1. Anderson, Security Engineering 2 nd Edition, Wiley, 2008. 2. Bishop, Computer Security: Art and Science, Addison-Wesley, 2002. 3. Goodrich and Tammasia, Introduction to Computer Security, Pearson, 2011. 4. Sudhakar Govindavajhala and Andrew W. Appel, Using Memory Errors to Attack a Virtual Machine, July 2003.

Released under CC BY-SA 3.0 This presentation is released under the Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license You are free: to Share to copy and redistribute the material in any medium to Adapt to remix, build, and transform upon the material to use part or all of this presentation in your own classes Under the following conditions: Attribution You must attribute the work to James Walden, but cannot do so in a way that suggests that he endorses you or your use of these materials. Share Alike If you remix, transform, or build upon this material, you must distribute the resulting work under this or a similar open license. Details and full text of the license can be found at https://creativecommons.org/licenses/by-nc-sa/3.0/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback