Transcript Win32 Programming
Secure Operating Systems Lesson 2: OS Fundamentals Security Very informally, protecting us for Bad Things™ More formally: Confidentiality Integrity Availability It is VERY hard for an application to be secure if the OS it is running on doesn’t help this What OS Do Four levels: Hardware OS Applications Users OS is the program most intimately involved with the hardware Borders of the OS hard to define… Minesweeper? Computer Systems Organization Parts: CPU Main memory IO (disk controller) USB Graphics adapter Connected by a bus (or two…) The OS helps all this work together Computer Systems Architecture Lots of different architectures Von Neumann Single Process Multiprocessor Symmetric/asymmetric multiprocessing Multicore Clustered systems OS Structure Multiprogramming Doing more than one thing Helps drive up CPU utilization Time sharing/multitasking Processes, and threads, and… Swapping, virtual memory Operating System Operations Most modern OS are interrupt drive A trap or exception drives control from the user process to the OS This leads to “dual mode operation” Must be able to tell the difference between user code and the OS code Implemented with a “mode bit” Often called User mode and Kernel mode Privilege The OS wants to be sure it can always regain control Need a timer – has to have hardware force the control change Some instructions should also only be callable from kernel (system) mode Example: timer management Process Management OS needs to schedule processes and threads Create and delete processes Suspend and resume processes Ideally, allow for process synchronization and process communication These can get iffy with respect to security Memory Management Managing physical memory is a nightmare Is memory executable? Virtual addresses v. Physical OS must track who is using what Often the implementation depends on the hardware support Protection and Security Protection: any mechanism that controls access to something (typically, a resource) Security: slightly more subtle. Things can be technically working, but still insecure (think: lost password) Will consider UIDs a lot, and permissions… also capabilities Special Purpose Systems Real time systems Handhelds Distributed Open and Closed Source Different design methodologies Classically, Windows versus Linux – lots of tradeoffs here, you could do a whole class on it Assignment Make sure you can access the SVN Read Chapter 1 of OSC Make sure you have a Gentoo Linux VM and a Windows XP 32-bit VM up and running (unless you want to experiment on live machines) Questions & Comments What do you want to know?