SystemsSec 2016W Lecture 4

From Soma-notes
Jump to navigation Jump to search

Topics & Readings

  • chroot jails
  • MULTICS

Class Notes

Jails

  • better version of chmod
  • BSD mechanism, not really a Linux thing
  • limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
  • fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
  • process has a different root dir in kernel, but to the fake root user it still seems like the root dir
  • one kernel space, multiple user spaces
  • kind of like OS virtualization

DD-WRT

  • firmware for routers
  • WRT54G LinkSys router with a Linux kernel on it

Proxy vs VPN tunneling

  • proxies are for HTTP specifically
  • VPN is for any internet traffic
  • TCP IP illustrated, to better understand networking

(Complex Security) Policies

  • "Suck, don’t make them." - Anil, 2016.
  • can’t approximate how humans approach information with logic systems

MULTICS

  • supposed to be a “grown up” OS
  • first OS to take security seriously
  • took a "shotgun approach" to security, too much generality
  • implemented a ring system which was overly complicated

UNIX

  • simplest mechanisms, most usable

Reference Monitor

  • software that mediates all security decisions
  • MULTICS designed to have a reference monitor, which was their ring system
  • UNIX doesn’t really have one, processes (kind of) moderate security decisions together

Important Concepts

Jails

  • What is an OS jail?
  • What would happen if a user broke out of a jail?

MULTICS

  • What is it?
  • What was good/bad about MULTICS?
  • How did MULTICS affect UNIX?

Reference Monitor

  • What is it?
  • What is it's role in an OS?
  • How is it implemented in UNIX and MULTICS?
Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=SystemsSec_2016W_Lecture_4&oldid=20667"