SystemsSec 2016W Lecture 2: Difference between revisions

From Soma-notes
Added notes for Jan 12th lecture. Work done by Dusan Rozman Xiusan Zhou
 
No edit summary
 
Line 40: Line 40:
* file system permissions
* file system permissions


Applications don't interact with untrusted sources or are "locked down"
Applications don't interact with untrusted sources or are "locked down".
 
boot process
boot process



Latest revision as of 20:33, 14 January 2016

Topics & Readings

  • Operating system security
  • Trusted computing

Class Notes:

Security mechanisms in a Unix system:

  • All processes have a user, group, and "effective user".
  • users
    • passwords
    • users have file permissions
    • User input may cause vulnerabilities therefore the OS must control the input in some way.
  • Networks
    • IP tables: allows system admin to configure tables provided by Linux kernel firewall
    • firewall used to protect system and restrict communication from untrusted sources.
    • Just like not all programs can be trusted neither can all networks.
    • Firewalls aren't only way to limit connections. Example, TCP wrappers: /etc/host.allow and /etc/host.deny


  • Disk encryption
    • Used to protect the information stored on disk from unauthorized users.
  • SSH (secure shell).
    • Used to remotely log into a unix system.
    • SSH key is used to authenticate the user.
  • Notion of secure downloads on Ubuntu using "apt-get". It's Utility used to install software packages and even upgrade the OS.


Important Concepts:

We briefly discussed the concept of what makes an OS secure.

What to trust in an OS?

  • Kernel
  • all root priviledged code
  • daemons + set UID programs
  • file system permissions

Applications don't interact with untrusted sources or are "locked down".

boot process

The modern OS is a mess. That is with the amount of complexity (the millions of lines of code) in a modern OS it's difficult (close to impossible) to ensure security.

Trusted Computing Base (TCB). TCB is synonymous with "trust model". In other words it defines software and data that OS relies on to enforce it's security goals. Ideally, the TCB should be minimal.