https://homeostasis.scs.carleton.ca/wiki/api.php?action=feedcontributions&feedformat=atom&user=LucSoma-notes - User contributions [en]2026-06-02T22:42:08ZUser contributionsMediaWiki 1.42.1https://homeostasis.scs.carleton.ca/wiki/index.php?title=SystemsSec_2018W_Lecture_20&diff=21602SystemsSec 2018W Lecture 202018-03-31T05:36:42Z<p>Luc: /* Notes */</p>
<hr />
<div>==Audio==<br />
<br />
[https://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec20-26Mar2018.m4a Lecture 20 Audio]<br />
<br />
==Notes==<br />
Senses of Virtual:<br />
JVM/CLR<br />
Hardware virtual machines<br />
--> Hypervisors<br />
Virtual Memory<br />
Virtual Reality<br />
Virtual Functions<br />
VFS Layer (Virtual File System)<br />
<br />
What is really meant by virtual in this context?<br />
-Portability<br />
-Hardware -> Software (Made into)<br />
-Level of abstraction<br />
--Resource Abstraction<br />
<br />
Subject ---> Resource<br />
^Virtualization breaks this connection, becoming:<br />
<br />
Subject --->Resource<br />
|-----> Abstraction |<br />
<br />
Example:<br />
File containing digits of pi, is really just a function that generates digits<br />
From the perspective of the Subject the Abstraction is the resource, it's the same thing as having an actual file<br />
<br />
Why is this a general strategy for security?<br />
Abstraction is a means of control<br />
Controlling the abstraction controls what the subject perceives. It's not what is actual there, it's keeping the subject "safe"<br />
Social control?<br />
Buy into an abstraction of reality<br />
Abstraction<br />
Tool for how people perceive reality<br />
Civil instutions, money, politics<br />
Live in the real world, but abstraction within out minds<br />
Lots of power in abstractions<br />
Abstraction is a method of control<br />
<br />
Note: By controlling the abstraction we can enforce security properties that would otherwise be very difficult.<br />
<br />
Virtual Memory<br />
Each program gets it's own memory<br />
You can escape the box when you can't see the box<br />
All the memory they see, is their's<br />
It thinks it has its whole address range<br />
Enforces memory safety in allocation, but also prevents programs of messing with eachother<br />
<br />
Virtual Functions<br />
A place you can excicibit control<br />
Basically a direction table<br />
But also leads to less to security in the sense that the table can be manipulated<br />
<br />
<br />
Hardware Virtual Machines<br />
OS is running, thinks it's accessing the hardware, but it is accessing the hypervisor. THis allows for "windows in a window", multiple os running<br />
Unfortunately<br />
Somethings go to the abstraction, some go to resources<br />
Running directly on the CPU/Memory, go straight to cpu, why? faster/simpler<br />
When does hypervisor come in?<br />
When you want to anything that normally requires privileges<br />
Change page tables<br />
Allocate memory<br />
Access the disk<br />
These get routed through the hypervisor<br />
How?<br />
Classic OS:<br />
Processes<br />
[System calls]<br />
OS - Kernel<br />
[Hypervisor (Provides a hardware-like interface to the Kernel)]<br />
Hardware<br />
<br />
Process interacts with the Kernel through System calls<br />
Function Call vs System<br />
Function is a jump to another bit of code in the address space<br />
Access space of the process<br />
System call<br />
Access something out of the address space<br />
Special CPU instruction / Software interrupt<br />
What is an interrupt?<br />
Are CPU mechanism which allows the CPU to be interrupted<br />
Logical equivalent to office talking to student. Someone knocks on the door. Hold on let me talk to him. (Interrupt)<br />
Not part of the normal execution path<br />
External signal <br />
Interrupt Table<br />
List of: Interrupt -> address<br />
Addresses here are the addresses in the Kernel Memory<br />
Normal CPU runs in usermode<br />
Usermode doesn't have access to all resources, CPU has supervisor mode, which see's everything<br />
**Code for interrupt runs in supervisor mode<br />
Keyboard presses, calls interrupt<br />
What is hardware virtualization?<br />
You give the Kernel a fake interrupt table<br />
Modern CPU support Hypervisor<br />
Whenever a privileged operation is run, it goes through the hypervisors Interrupt table. <br />
System call:<br />
Normally<br />
Userspace (proc)-> System call -> Kernel<br />
(Special Instruction, cpu changes to supervisor code)<br />
Hypervisor<br />
Userspace (proc) -> Hypervisor -> Kernel<br />
(Same as normal, but with middleman. <br />
<br />
Ring 0 - 3 Privledge levels on CPU<br />
Modern system has Ring -1 -> 3<br />
Ring -1 is the Hypervisor<br />
Allows the hypervisor to choose with Kerne gets the operation<br />
<br />
<br />
Guest knowing about the hypervisor is dangerou sin a secuirty sense<br />
Expanded interface, lines of communication that you didn't have before<br />
What prevents the guest from compromising the hypervisor?<br />
Information leakage<br />
Possible or prcoess to see the other kernels (Same physical memory / cpu)<br />
Language run times mostly just go through the abstraction and never have a direct connection to the resources<br />
<br />
JVM call some methods that have more provledgess that you do. Equivalents of sudo / setuid. All inside the same address space, enforce permission boundaries inside one address space, have to use software for midigation.</div>Luc