Security

• Pretty much everything runs on top of an operating system
• The OS is the ultimate target
• Subvert the OS and nothing else matters!

What Are We Protecting?

• examine or alter any process’s memory
• read, write, delete or corrupt any file
• change the scheduling or even halt execution of any process
• send any message to anywhere
• enable or disable any peripheral device give any process access to any other process’s resources
• arbitrarily take away any resource a process controls
• respond to any system call with a maximally harmful lie

TMP

• Trusted Platform Module - provided assurance that you were booting the version of the operating system you intended to, protecting you from attacks that tried to boot compromised versions of the system.
• Not perfect just raises the degree of difficultly when cracking a system.

Goals of the OS

• Confidentiality -If some piece of information is supposed to be hidden from others, don’t allow them to find it out.
• Integrity - If some piece of information or component of a system is supposed to be in a particular state, don’t allow an adversary to change it
• Availability - If some information or service is supposed to be available for your own or others' use, make sure an attacker cannot prevent its use.

Secure Programming

• C is working against us!
• SDL

Zero Days

• Zerodium
• CVE