lecture9

lecture9 - Operating System Security CS 136 Computer...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
Lecture 9 Page 1 CS 136, Winter 2010 Operating System Security CS 136 Computer Security Peter Reiher February 2, 2010
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 9 Page 2 CS 136, Winter 2010 Outline What does the OS protect? Authentication for operating systems Memory protection Buffer overflows
Background image of page 2
Lecture 9 Page 3 CS 136, Winter 2010 Introduction Operating systems provide the lowest layer of software visible to users Operating systems are close to the hardware Often have complete hardware access If the operating system isn’t protected, the machine isn’t protected Flaws in the OS generally compromise all security at higher levels
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 9 Page 4 CS 136, Winter 2010 Why Is OS Security So Important? The OS controls access to application memory The OS controls scheduling of the processor The OS ensures that users receive the resources they ask for If the OS isn’t doing these things securely, practically anything can go wrong So almost all other security systems must assume a secure OS at the bottom
Background image of page 4
Lecture 9 Page 5 CS 136, Winter 2010 Single User Vs. Multiple User Machines The majority of today’s computers usually support a single user Some computers are still multi-user Often specialized servers Single user machines often run multiple processes, though Often through downloaded code Increasing numbers of embedded machines Effectively no (human) user
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 9 Page 6 CS 136, Winter 2010 Trusted Computing Since OS security is vital, how can we be sure our OS is secure? Partly a question of building in good security mechanisms But also a question of making sure you’re running the right OS And it’s unaltered That’s called trusted computing
Background image of page 6
Lecture 9 Page 7 CS 136, Winter 2010 Booting Issues A vital element of trusted computing The OS usually isn’t present in memory when the system powers up And isn’t initialized Something has to get that done That’s the bootstrap program Security is a concern here
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 9 Page 8 CS 136, Winter 2010 The Bootstrap Process Bootstrap program is usually very short Located in easily defined place Hardware finds it, loads it, runs it Bootstrap then takes care of initializing the OS
Background image of page 8
Lecture 9 Page 9 CS 136, Winter 2010 Security and Bootstrapping Most machine security relies on OS being trustworthy That implies you must run the OS you think you run The bootstrap loader determines which OS to run If it’s corrupted, you’re screwed Bootkit attacks (e.g., the Evil Maid attack)
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Lecture 9 Page 10 CS 136, Winter 2010 Practicalities of Bootstrap Security Most systems make it hard to change bootstrap loader But must have enough flexibility to load different OSes From different places on machine Malware likes to corrupt bootstrap Trusted computing platforms can help secure bootstrapping
Background image of page 10
Lecture 9 Page 11 CS 136, Winter 2010 TPM and Bootstrap Security Trusted Platform Module (TPM)
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 52

lecture9 - Operating System Security CS 136 Computer...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online