SystemsSec 2016W Lecture 4

From Soma-notes
Revision as of 23:33, 2 February 2016 by Jessjohnson (talk | contribs) (Created page with "====Jails==== * better version of chmod * BSD mechanism, not really a Linux thing * limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be du...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jails

  • better version of chmod
  • BSD mechanism, not really a Linux thing
  • limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
  • fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
  • process has a different root dir in kernel, but to the fake root user it still seems like the root dir
  • one kernel space, multiple user spaces
  • kind of like OS virtualization

DD-WRT

  • firmware for routers
  • WRT54G LinkSys router with a Linux kernel on it

Proxy vs VPN tunneling

  • proxies are for HTTP specifically
  • VPN is for any internet traffic
  • TCP IP illustrated, to better understand networking

(Complex Security) Policies

  • "Suck, don’t make them." - Anil, 2016.
  • can’t approximate how humans approach information with logic systems

MULTICS

  • supposed to be a “grown up” OS
  • first OS to take security seriously
  • took a "shotgun approach" to security, too much generality
  • implemented a ring system which was overly complicated

UNIX

  • simplest mechanisms, most usable

Reference Monitor

  • software that mediates all security decisions
  • MULTICS designed to have a reference monitor, which was their ring system
  • UNIX doesn’t really have one, processes (kind of) moderate security decisions together