SystemsSec 2016W Lecture 4: Difference between revisions
Jessjohnson (talk | contribs) |
Jessjohnson (talk | contribs) |
||
Line 1: | Line 1: | ||
===Topics & Readings=== | ===Topics & Readings=== | ||
---- | |||
* chroot jails | * chroot jails | ||
* MULTICS | * MULTICS |
Revision as of 00:27, 5 February 2016
Topics & Readings
- chroot jails
- MULTICS
Class Notes
Jails
- better version of chmod
- BSD mechanism, not really a Linux thing
- limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
- fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
- process has a different root dir in kernel, but to the fake root user it still seems like the root dir
- one kernel space, multiple user spaces
- kind of like OS virtualization
DD-WRT
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, the WRT54G series.
Proxy vs VPN tunneling
- proxies are for HTTP specifically
- VPN is for any internet traffic
- TCP IP illustrated, to better understand networking
(Complex Security) Policies
- "Suck, don’t make them." - Anil, 2016.
- can’t approximate how humans approach information with logic systems
MULTICS
- supposed to be a “grown up” OS
- first OS to take security seriously
- took a "shotgun approach" to security, too much generality
- implemented a ring system which was overly complicated
UNIX
- simplest mechanisms, most usable
Reference Monitor
- software that mediates all security decisions
- MULTICS designed to have a reference monitor, which was their ring system
- UNIX doesn’t really have one, processes (kind of) moderate security decisions together
Important Questions
Jails
- What is an OS jail?
- What would happen if a user broke out of a jail?
MULTICS
- What is it?
- What was good/bad about MULTICS?
- How did MULTICS affect UNIX?
Reference Monitor
- What is it?
- What is it's role in an OS?
- How is it implemented in UNIX and MULTICS?