https://homeostasis.scs.carleton.ca/wiki/index.php?action=history&feed=atom&title=SystemsSec_2016W_Lecture_2SystemsSec 2016W Lecture 2 - Revision history2026-06-02T23:07:00ZRevision history for this page on the wikiMediaWiki 1.42.1https://homeostasis.scs.carleton.ca/wiki/index.php?title=SystemsSec_2016W_Lecture_2&diff=20509&oldid=prevDusanrozman at 20:33, 14 January 20162016-01-14T20:33:49Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 20:33, 14 January 2016</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l40">Line 40:</td>
<td colspan="2" class="diff-lineno">Line 40:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* file system permissions</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* file system permissions</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Applications don't interact with untrusted sources or are "locked down"</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Applications don't interact with untrusted sources or are "locked down"<ins style="font-weight: bold; text-decoration: none;">.</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>boot process</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>boot process</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr>
</table>Dusanrozmanhttps://homeostasis.scs.carleton.ca/wiki/index.php?title=SystemsSec_2016W_Lecture_2&diff=20508&oldid=prevDusanrozman: Added notes for Jan 12th lecture. Work done by Dusan Rozman Xiusan Zhou2016-01-14T20:32:54Z<p>Added notes for Jan 12th lecture. Work done by Dusan Rozman Xiusan Zhou</p>
<p><b>New page</b></p><div>'''Topics & Readings'''<br />
<br />
* Operating system security<br />
* Trusted computing<br />
<br />
'''Class Notes:''' <br />
<br />
Security mechanisms in a Unix system:<br />
<br />
* All processes have a user, group, and "effective user". <br />
* users<br />
** passwords<br />
** users have file permissions<br />
** User input may cause vulnerabilities therefore the OS must control the input in some way.<br />
<br />
*Networks<br />
** IP tables: allows system admin to configure tables provided by Linux kernel firewall<br />
** firewall used to protect system and restrict communication from untrusted sources.<br />
** Just like not all programs can be trusted neither can all networks. <br />
** Firewalls aren't only way to limit connections. Example, TCP wrappers: /etc/host.allow and /etc/host.deny<br />
<br />
<br />
* Disk encryption<br />
**Used to protect the information stored on disk from unauthorized users. <br />
* SSH (secure shell).<br />
** Used to remotely log into a unix system. <br />
**SSH key is used to authenticate the user. <br />
* Notion of secure downloads on Ubuntu using "apt-get". It's Utility used to install software packages and even upgrade the OS.<br />
<br />
<br />
<br />
'''Important Concepts:'''<br />
<br />
We briefly discussed the concept of what makes an OS secure.<br />
<br />
What to trust in an OS?<br />
* Kernel<br />
* all root priviledged code<br />
* daemons + set UID programs<br />
* file system permissions<br />
<br />
Applications don't interact with untrusted sources or are "locked down"<br />
boot process<br />
<br />
The modern OS is a mess. That is with the amount of complexity (the millions of lines of code) in a modern OS it's difficult (close to impossible) to ensure security.<br />
<br />
Trusted Computing Base (TCB). TCB is synonymous with "trust model". In other words it defines software and data that OS relies on to enforce it's security goals. Ideally, the TCB should be minimal.</div>Dusanrozman