SystemsSec 2016W Lecture 4

From Soma-notes

Topics & Readings


  • chroot jails
  • MULTICS

Class Notes


Jails

  • better version of chmod
  • BSD mechanism, not really a Linux thing
  • limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
  • fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
  • process has a different root dir in kernel, but to the fake root user it still seems like the root dir
  • one kernel space, multiple user spaces
  • kind of like OS virtualization
DD-WRT

DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, the WRT54G series.

Proxy vs VPN tunneling

  • proxies are for HTTP specifically
  • VPN is for any internet traffic
  • TCP IP illustrated, to better understand networking

(Complex Security) Policies

  • "Suck, don’t make them." - Anil, 2016.
  • can’t approximate how humans approach information with logic systems

MULTICS

  • supposed to be a “grown up” OS
  • first OS to take security seriously
  • took a "shotgun approach" to security, too much generality
  • implemented a ring system which was overly complicated

UNIX

  • simplest mechanisms, most usable

Reference Monitor

  • software that mediates all security decisions
  • MULTICS designed to have a reference monitor, which was their ring system
  • UNIX doesn’t really have one, processes (kind of) moderate security decisions together

Important Questions


Jails

  • What is an OS jail?
  • What would happen if a user broke out of a jail?

MULTICS

  • What is it?
  • What was good/bad about MULTICS?
  • How did MULTICS affect UNIX?

Reference Monitor

  • What is it?
  • What is it's role in an OS?
  • How is it implemented in UNIX and MULTICS?