Security
- Pretty much everything runs on top of an operating system
- The OS is the ultimate target
- Subvert the OS and nothing else matters!
What Are We Protecting?
- examine or alter any process’s memory
- read, write, delete or corrupt any file
- change the scheduling or even halt execution of any process
- send any message to anywhere
- enable or disable any peripheral device give any process access to any other process’s resources
- arbitrarily take away any resource a process controls
- respond to any system call with a maximally harmful lie
TMP
- Trusted Platform Module - provided assurance that you were booting the version of the operating system you intended to, protecting you from attacks that tried to boot compromised versions of the system.
- Not perfect just raises the degree of difficultly when cracking a system.
Goals of the OS
- Confidentiality -If some piece of information is supposed to be hidden from others, don’t allow them to find it out.
- Integrity - If some piece of information or component of a system is supposed to be in a particular state, don’t allow an adversary to change it
- Availability - If some information or service is supposed to be available for your own or others' use, make sure an attacker cannot prevent its use.
Secure Programming
- C is working against us!
- SDL