1 / 14

CS 3204 Operating Systems

CS 3204 Operating Systems. Godmar Back. Lecture 38. Announcements. Project 4 due Wed, May 3, 11:59pm

cpatti
Download Presentation

CS 3204 Operating Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 3204Operating Systems Godmar Back Lecture 38

  2. Announcements • Project 4 due Wed, May 3, 11:59pm • Coming up rapidly, should have finished buffer cache implementation & testing and have designed inode format; should be working on extensible files (if you follow suggested implementation order) • Skim 16.1-16.5 (security) • Read chapter 13 (networking) CS 3204 Spring 2006

  3. Security & Protection

  4. Trusted Systems • MLS-Multilevel Security • Unclassified • Confidential • Secret • Top Secret • No read up • No write down • *-property • Properties: • Complete mediation (mandatory access control on every access) • Isolated/tamper-proof reference monitor • Verification (the hardest) CS 3204 Spring 2006

  5. Some Attacks • Abuse of valid privilege • Admin decides to delete your mp3s • Denial of service attack • Run this loop on your P4: • while (1) { mkdir(“x”); chdir(“x”); } • Sniffing/Listening attack • Trojan Horse • Worm or virus CS 3204 Spring 2006

  6. Simple Stack Overflow Example #include <stdio.h> #include <unistd.h> #include <fcntl.h> int main() { char buf[8]; printf("Enter your name: "); gets(buf); printf("Your name is: %s\n", buf); } void remove_all_files() { printf("remove all files called!\n"); } > nm ./stackattack | grep remove_all_file 080483e4 T remove_all_files > od -h badinput 0000000 83e4 0804 83e4 0804 83e4 0804 83e4 0804 * 0000120 > ./stackattack < badinput Enter your name: Your name is: ä remove all files called! • In practice, attacker usually sends position-independent code along that exec()’s a shell CS 3204 Spring 2006

  7. Some Countermeasures • Logging: • Keep an audit log of all actions performed • Protect log (from theft & forgery) • Principle of least privilege • “need-to-know” basis • hard to implement: how can you be sure the program will still work? How can you be sure you’ve given just enough privileges and not more? • example: Linux SE • Verification & Proofs • Problem of verifying the specification vs. implementation CS 3204 Spring 2006

  8. Networking (Most slides from Kurose/Ross: Computer Networking – A Top Approach Featuring The Internet)

  9. millions of connected computing devices: hosts = end systems running network apps communication links fiber, copper, radio, satellite transmission rate = bandwidth routers: forward packets router workstation server mobile local ISP regional ISP company network The Internet: “nuts and bolts” view CS 3204 Spring 2006

  10. protocolscontrol sending, receiving of msgs e.g., TCP, IP, HTTP, FTP, PPP Internet: “network of networks” loosely hierarchical public Internet versus private intranets Internet vs internet Internet standards RFC: Request for comments IETF: Internet Engineering Task Force The Internet: “nuts and bolts” view router workstation server mobile local ISP regional ISP company network CS 3204 Spring 2006

  11. ESnet vBNS Internet2 Example:Net.Work.Virginia Architecture Backbone / Internet Gateway Source: www.networkvirginia.net Internet SprintLink Router DS3 OC3 Sprint WTN OC3 OC3 Sprint RIC OC3 Sprint ROA

  12. communication infrastructure enables distributed applications: Web, email, games, e-commerce, file sharing communication services provided to apps: Connectionless unreliable Connection-oriented reliable The Internet: a service view CS 3204 Spring 2006

  13. a human protocol and a computer network protocol: TCP connection response Get http://www.awl.com/kurose-ross Got the time? 2:00 <file> time What’s a protocol? Hi TCP connection req Hi CS 3204 Spring 2006

  14. human protocols: “what’s the time?” “I have a question” introductions … specific msgs sent … specific actions taken when msgs received, or other events network protocols: machines rather than humans all communication activity in Internet governed by protocols What’s a protocol? protocols define format, order of msgs sent and received among network entities, and actions taken on msg transmission, receipt CS 3204 Spring 2006

More Related