Operating Systems 2015F Lecture 22: Difference between revisions
Created page with "==Video== The video for the lecture given on November 25, 2015 [http://homeostasis.scs.carleton.ca/~soma/os-2015f/lectures/comp3000-2015f-lec21-25Nov2015.mp4 is now available..." |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
==Video== | ==Video== | ||
The video for the lecture given on November | The video for the lecture given on November 27, 2015 [http://homeostasis.scs.carleton.ca/~soma/os-2015f/lectures/comp3000-2015f-lec22-27Nov2015.mp4 is now available]. | ||
==Notes== | ==Notes== | ||
<pre> | <pre> | ||
Lecture | Lecture 22 | ||
---------- | ---------- | ||
Project | |||
- you need to pass the oral to get credit for it | |||
- Due December 4th by midnight, late penalty is 20%/day | |||
Patching | |||
Malware detection & operating systems | |||
* Most Linux systems don't run "antivirus" | |||
* Most Macs don't run antivirus | |||
* iOS devices don't | |||
* some Android devices do | |||
What does this tell us about those operating systems? | |||
- | - not that much | ||
- | - it is more about what exists today rather than what could exist | ||
Ideally your OS should only allow you to run "good" code. | |||
Antivirus is what you get when you are likely to run "bad" code. | |||
How do operating systems keep out bad code? | |||
* user authentication (accounts and passwords) | |||
* otherwise, mostly isolation | |||
* user permissions (not all users can access all | |||
resources) | |||
("users" are now often applications) | |||
* firewalls (isolate network connections to apps) | |||
* supervisor versus user mode on the CPU | |||
(kernel vs userspace) | |||
* memory protection (virtual memory) | |||
* CPU & I/O scheduling to prevent programs from | |||
monopolizing resources | |||
* Desktop OSs assume installed applications can be trusted | |||
- they are allowed to do arbitrary damage | |||
* Mobile OSs do not trust most applications, or greatly limit trust | |||
Android | |||
- applications can be trusted in different ways | |||
- user can decide what apps are trustworthy for different | |||
things | |||
- users will look at an app's permissions and decide | |||
whether it is worthy of the trust level requested | |||
- regular users are not sufficiently knowledgeable to make such trust decision | |||
- every app runs as a different user. Each app can only access its own files | |||
- but, then we have processes that accept requests from apps to access just about anything else | |||
* iOS sandboxing | |||
- OS-level virtualization: every app gets its own userspace | |||
- then iOS puts things in that "sandbox" that it deems | |||
safe to access | |||
On Android, you've always been able to install keyboards | |||
On iOS, only recently have keyboards been added | |||
- and they can't be used for passwords | |||
on iOS, Apple-supplied apps have always had more access | |||
What is antivirus? | |||
- | - downloader's remorse | ||
- | - or, I really shouldn't have installed that | ||
How does antivirus work? | |||
- tech equivalent to criminal profiling | |||
- their history | |||
- their behavior | |||
- their friends | |||
- profiling is fundamentally hard and limited | |||
- profiling is especially hard because of lies | |||
How do you catch the lies of programs? | |||
- surveillance | |||
all antivirus need kernel-level help to work | |||
why can't malware have kernel-level help? | |||
- that's a kernel-level rootkit | |||
Nexus (border control) for operating systems is... | |||
- code signing | |||
Code signing in any sort of "open context" is suspect | |||
App store signing is not bad | |||
Traditional OSs are for running "trusted" code | |||
We have the technology for running untrusted code. | |||
It is called a web browser. | |||
</pre> | </pre> |
Latest revision as of 20:42, 27 November 2015
Video
The video for the lecture given on November 27, 2015 is now available.
Notes
Lecture 22 ---------- Project - you need to pass the oral to get credit for it - Due December 4th by midnight, late penalty is 20%/day Patching Malware detection & operating systems * Most Linux systems don't run "antivirus" * Most Macs don't run antivirus * iOS devices don't * some Android devices do What does this tell us about those operating systems? - not that much - it is more about what exists today rather than what could exist Ideally your OS should only allow you to run "good" code. Antivirus is what you get when you are likely to run "bad" code. How do operating systems keep out bad code? * user authentication (accounts and passwords) * otherwise, mostly isolation * user permissions (not all users can access all resources) ("users" are now often applications) * firewalls (isolate network connections to apps) * supervisor versus user mode on the CPU (kernel vs userspace) * memory protection (virtual memory) * CPU & I/O scheduling to prevent programs from monopolizing resources * Desktop OSs assume installed applications can be trusted - they are allowed to do arbitrary damage * Mobile OSs do not trust most applications, or greatly limit trust Android - applications can be trusted in different ways - user can decide what apps are trustworthy for different things - users will look at an app's permissions and decide whether it is worthy of the trust level requested - regular users are not sufficiently knowledgeable to make such trust decision - every app runs as a different user. Each app can only access its own files - but, then we have processes that accept requests from apps to access just about anything else * iOS sandboxing - OS-level virtualization: every app gets its own userspace - then iOS puts things in that "sandbox" that it deems safe to access On Android, you've always been able to install keyboards On iOS, only recently have keyboards been added - and they can't be used for passwords on iOS, Apple-supplied apps have always had more access What is antivirus? - downloader's remorse - or, I really shouldn't have installed that How does antivirus work? - tech equivalent to criminal profiling - their history - their behavior - their friends - profiling is fundamentally hard and limited - profiling is especially hard because of lies How do you catch the lies of programs? - surveillance all antivirus need kernel-level help to work why can't malware have kernel-level help? - that's a kernel-level rootkit Nexus (border control) for operating systems is... - code signing Code signing in any sort of "open context" is suspect App store signing is not bad Traditional OSs are for running "trusted" code We have the technology for running untrusted code. It is called a web browser.