1 / 17

Secure Operating Systems

Secure Operating Systems. Lesson 5: Shared Objects. Where are we?. We have got more of the fundamental security structures of our OS in our heads But now we have to face a real challenge: shared objects. The OS doesn’t HAVE TO…. I’ve used that heading before, but it’s true

diella
Download Presentation

Secure Operating Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Operating Systems Lesson 5: Shared Objects

  2. Where are we? • We have got more of the fundamental security structures of our OS in our heads • But now we have to face a real challenge: shared objects

  3. The OS doesn’t HAVE TO… • I’ve used that heading before, but it’s true • There’s no requirement for our OS to support sharing between users and processes… but it sure comes in handy • Once again, we have a tension between performance and security

  4. Two Parts of the Problem • Sharing actual information • Synchronizing between threads and/or processes

  5. Peterson’s Solution • Two shared variables: • int turn;boolean flag[2] • Code: • flag[i] = TRUE;turn = j;while (flag[j] && turn == j); // Do Critical Sectionflag[i] = FALSE;

  6. Peterson’s Solution II PROCESS 0 PROCESS 1 flag[1] = TRUE;turn = 0;while(flag[0] && turn == 0); // Critical Sectionflag[1] = FALSE; • flag[0] = TRUE;turn = 1;while(flag[1] && turn == 1); // Critical Sectionflag[0] = FALSE;

  7. Hardware Support • The challenge of disabling interrupts is that it’s expensive • Many OS provide a hardware “test and set” instruction, which allows atomic access to a chunk of memory • Swap: void Swap(boolean *a, boolean *b) {boolean temp = *a; *a = *b; *b = temp; }

  8. Implemented as… • do { key = TRUE; while (key == TRUE) swap(&lock, &key); // Critical Section lock = FALSE;} while (TRUE); • Mutual-exclusion with Swap…

  9. Semaphores • wait(S) { while (S <= 0); //nop S--;} • signal(S) { S++;} • This really looks like a spinlock…

  10. Semaphores • wait(semaphore *S) { S->value--; if (S->value < 0) { add this proc to S->list; block(); // SLEEP }} // This will halt until we own the semaphore

  11. Deadlocks • P0 • wait(S);wait(Q);…signal(S);signal(Q); • P1 • wait(Q);wait(S);…signal(Q);signal(S);

  12. Priority Inversion • Imagine we have three procii, L, M and H, where L is Low Priority, M, medium, and H, High • L is holding a resource which is blocking H, but gets swapped out for M • This is known as Priority Inversion… and it’s a real problem! • Probably we should talk about different scheduling approaches

  13. Mars Sojourner • Long running, medium priority Comms task • Low priority weather task • High priority information bus thread • Low priority wx task acquires a mutex for the bus… gets interrupted by the Comms task (long running), blocking the high priority bus thread… tada! Priority Inversion • Can be a security issue too! • Can be solved by priority inheritance

  14. Atomicity • Making sure something is atomic is pretty easy on a single core system • On a more complex system it can get REALLY hard • One approach is transactional memory – move the problem to the memory not the programmer • None of this has even touched on how we SHARE information between processes…

  15. Race Conditions • Poor synchronization can lead to race conditions – a subset of which is called TOCTOU • Race conditions arise from interdependence that is unrealized or incorrectly implemented

  16. Things to Do • Read “An Investigation of the Therac-25 Accidents”, Nancy Leveson, Clark S. Turner

  17. Questions & Comments • What do you want to know?

More Related