SystemsSec 2016W Lecture 4: Difference between revisions

From Soma-notes
Line 25: Line 25:
====(Complex Security) Policies====
====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
* "Suck, don’t make them." - Anil, 2016.
* can’t approximate how humans approach information with logic systems
We can’t approximate how humans approach information with logic systems, so we shouldn't try. If we could we would have solved the AI problem.


====MULTICS====
====MULTICS====

Revision as of 00:28, 5 February 2016

Topics & Readings


  • chroot jails
  • MULTICS

Class Notes


Jails

  • better version of chmod
  • BSD mechanism, not really a Linux thing
  • limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
  • fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
  • process has a different root dir in kernel, but to the fake root user it still seems like the root dir
  • one kernel space, multiple user spaces
  • kind of like OS virtualization
DD-WRT

DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, the WRT54G series.

Proxy vs VPN tunneling

  • proxies are for HTTP specifically
  • VPN is for any internet traffic
  • TCP IP illustrated, to better understand networking

(Complex Security) Policies

  • "Suck, don’t make them." - Anil, 2016.

We can’t approximate how humans approach information with logic systems, so we shouldn't try. If we could we would have solved the AI problem.

MULTICS

  • supposed to be a “grown up” OS
  • first OS to take security seriously
  • took a "shotgun approach" to security, too much generality
  • implemented a ring system which was overly complicated

UNIX

  • simplest mechanisms, most usable

Reference Monitor

  • software that mediates all security decisions
  • MULTICS designed to have a reference monitor, which was their ring system
  • UNIX doesn’t really have one, processes (kind of) moderate security decisions together

Important Questions


Jails

  • What is an OS jail?
  • What would happen if a user broke out of a jail?

MULTICS

  • What is it?
  • What was good/bad about MULTICS?
  • How did MULTICS affect UNIX?

Reference Monitor

  • What is it?
  • What is it's role in an OS?
  • How is it implemented in UNIX and MULTICS?