Transcript Win32 Programming

Secure Operating Systems
Lesson 2: OS Fundamentals
Security


Very informally, protecting us for Bad Things™
More formally:




Confidentiality
Integrity
Availability
It is VERY hard for an application to be secure if
the OS it is running on doesn’t help this
What OS Do

Four levels:





Hardware
OS
Applications
Users
OS is the program most intimately involved
with the hardware

Borders of the OS hard to define…
Minesweeper?
Computer Systems Organization

Parts:







CPU
Main memory
IO (disk controller)
USB
Graphics adapter
Connected by a bus (or two…)
The OS helps all this work together
Computer Systems Architecture




Lots of different architectures
Von Neumann
Single Process
Multiprocessor



Symmetric/asymmetric multiprocessing
Multicore
Clustered systems
OS Structure

Multiprogramming



Doing more than one thing
Helps drive up CPU utilization
Time sharing/multitasking


Processes, and threads, and…
Swapping, virtual memory
Operating System Operations




Most modern OS are interrupt drive
A trap or exception drives control from the
user process to the OS
This leads to “dual mode operation”
Must be able to tell the difference between
user code and the OS code


Implemented with a “mode bit”
Often called User mode and Kernel mode
Privilege

The OS wants to be sure it can always regain
control


Need a timer – has to have hardware force the
control change
Some instructions should also only be callable
from kernel (system) mode

Example: timer management
Process Management




OS needs to schedule processes and threads
Create and delete processes
Suspend and resume processes
Ideally, allow for process synchronization and
process communication

These can get iffy with respect to security
Memory Management




Managing physical memory is a nightmare
Is memory executable?
Virtual addresses v. Physical
OS must track who is using what

Often the implementation depends on the
hardware support
Protection and Security



Protection: any mechanism that controls
access to something (typically, a resource)
Security: slightly more subtle. Things can be
technically working, but still insecure (think:
lost password)
Will consider UIDs a lot, and permissions…
also capabilities
Special Purpose Systems



Real time systems
Handhelds
Distributed
Open and Closed Source


Different design methodologies
Classically, Windows versus Linux – lots of
tradeoffs here, you could do a whole class on
it
Assignment



Make sure you can access the SVN
Read Chapter 1 of OSC
Make sure you have a Gentoo Linux VM and
a Windows XP 32-bit VM up and running
(unless you want to experiment on live
machines)
Questions & Comments

What do you want to know?