IT420 - Exam 1

Security

defend a system from external and internal attacks

User view

ease of use (primarily) • Desktop computing vs. networked computer vs. mobile device • Embedded systems may have no or little user view

powershell - showing processes

get-process

Point of view

influences what the OS does

Operating system

A program that manages a computer's hardware, and is part of the four main components of a computer system composed of hardware, operating system, application programs and users. The OS controls the hardware and coordinates hardware use between application programs and users

The security problem

A system is secure if: • It is turned off, inside a faraday cage, with no access to the outside world • All resources are used and accessed as intended Neither is reasonable (The second is unachievable) Two parts to the problem: • Threat: Potential for security violation • Attack: Attempt to breach

monolithic system

All aspects are interwoven, not broken in to multiple parts

concurrency

All tasks are making progress towards completion, but may not be completed in the same order, without affecting the end result (Task 1 has to complete before Task 2 can start. Task 2 has to complete before Task 3)

Interrupts

An event is signaled by an interrupt • Software events triggers interrupt by a system call (or monitor call) - Trap or exception are interrupts caused by errors or a user request • Hardware events can be mouse click, keyboard command, disk controller, etc. Interrupts are needed to transfer control

Cryptography

Broadest security tool available: • Can be used in multiple places • Hide private information from plain sight • Prove that you are who you say you are • Make sure you're communicating with the right person Based on secrets Symmetric and Asymmetric • Symmetric uses same key to encrypt and decrypt • Asymmetric using two keys -Inverse of each other -Requires more compute resources

T/F increasing the number of processors increases throughput in a linear fashion

False, there is communication overhead

scheduling

Key to maximizing CPU usage Three main concepts: Queues Schedulers Context Switching

parallelism

Multiple tasks can be completed at the same time on different cores

Storage management

OS provides uniform, logical view of info storage using abstraction • File-System management: Organization, access control, creation/deletion, mapping, etc. • Mass-Storage management: Free-space allocation, storage allocation, disk scheduling • Caching: Cache management and coherency • I/O Systems: Memory management, device driver interfaces

Threats

Program threats: • Process has been compromised • Virus, buffer overflow, logic bombs System and Network Threats: • Abuse of services and connections • Misuse resources • Worms, DoS, Enumeration

System view

Resource allocation and control • Mobile devices have different needs than servers

Defenses

Security is an Onion • Layers of security more beneficial • Training users - Policy • Host firewalls - Protect individual machines • Network firewalls - Protect the network • IDS/IPS - Find intruders Outside resources and companies • Can provide insight that you may not see • Vulnerability Assessment or Penetration Test

Kernel

The one program running at all times on the computer Everything else is either a system program (ships with the operating system) or an application program

Program threats

Trojan Horse: • Code misuses its environment • Disguised as legitimate software • Spyware, Pop-ups, Add-ons Logic Bombs: • Program that runs under certain circumstances Stack/Buffer Overflow: • Exploits bug in program (Memory Buffers) • Occurs when failure to check bounds in code • Write past an argument in to return address • When routine returns, goes to the malicious code Ransomware: • Encrypt a drive and hold it hostage Keyloggers: • Record keystrokes and send to remote server

process

a program loaded into memory and executing • Short in duration • Typically finish or need to perform I/O

Protection

any mechanism for controlling the access of processes or users to the resources defined by a computer system

OS Goals

• Execute user programs and make solving user problems easier -User programs should be supervised (ensure correct use), managed and controlled without user intervention • Make the computer system convenient to use -Users do not need to know the details of manipulating hardware • Use the computer hardware in a fair and efficient manner (allocation of resources)

timesharing (multitasking)

• Extends multiprogramming by switching between jobs frequently from many users • Fast response times are required

process creation

• Functions Fork() - Unix CreateProcess() - Windows • Splits into Parent and Child process

Least privilege

• Given just enough privilege to complete a task • Establish security domains (Users, Processes, and Resources) • Limits damages

Four components of a computer system

• Hardware (CPU, memory, I/O devices) • OS (controls and coordinates) • System and application programs • User(s)

virtualization benefits

• Host system is protected from VMs, VMs are protected from each other • Can freeze, suspend, and shutdown a running VM • Can move somewhere else and resume in exact same state • Can take a snapshot then restore to that at a future time • Can clone VMs (create a copy) • Great for research • Can run multiple OSs on a single host • Templates • Live migration • All benefits combine to form: cloud computing; and/or API/management server for automation

virtual machine components

• Host: physical hardware • Hypervisor: system providing interface • Guest: what is being virtualized

Threads in python

• Import the threading library -import threading • Create a new thread -Requires a function and any arguments -T = threading.Thread(target=<function>, args= (arg1,)) -If your function was Add(num1, num2): T = threading.Thread(target=Add, args=(a, b,) • Start the Thread -T.start()

User vs Kernel mode

• In user mode, control is given to the user application - User programs ask the OS to perform tasks on the user program's behalf through system calls • A trap, interrupt, or system call transfers control back to kernel mode

Open source OS

• Increasing impact of open-source OS • Easier to study and can be modified • Various licensing options (GNU General Public License) • Linux distributions are increasingly popular • VMPlayer and VirtualBox

Both timesharing and multiprogramming require:

• Job scheduling • Memory management (Virtual, Physical, Logical) • CPU scheduling

Memory management activities

• Keeping track of which parts of memory are currently being used and by whom • Deciding which processes (or parts thereof) and data to move into and out of memory • Allocating and deallocating memory space as needed

Bootstrap program

• Loaded at power-up or reboot • Typically stored in ROM or EPROM, generally known as firmware • Initializes all aspects of system • Loads operating system kernel and starts execution

Security violation methods

• Masquerade: Pretending to be someone else • Replay: Resending messages, possibly with modifications • Man-in-the-middle: Receive transmissions, modify or read, then pass on to intended destination • session hijacking: Intercept session to bypass authentication

Fine-grain privilege

• More complex management • More overhead • More protective

Containers

• No full guest OS, use kernel technology to provide isolation -Namespaces for processes, network, mounts, etc -Control groups for resources

Pages sent in live migration

• Page: disk cache (stored info) • R/O pages: info that can only be read • R/W pages: info that can be read and written to • Dirty pages: info that has been modified since transfer started

OS management areas

• Process management • Memory management • Storage management

Process management

• Process needs resources to accomplish its task (CPU, memory, I/O, files, initialization data) • Processes can be single- or multi-threaded and each thread has a program counter • Processes can be operating-system or user processes • Processes can execute concurrently

Domain structure

• Set of access rights • Access right is subset of all valid operations that can be performed

Role-based Access controls

• Simple and effective • User assigned role • Role has certain permissions

context switch

• Switch between User and Kernel mode • Allows multiple processes on same CPU • Switch information between processes and memory -Increase efficiency -Resource intensive

Timer

• Timer prevents infinite loops or monopolization of resources • Timer is set to interrupt in order to allow transfer of control • Typically initialized using a counter that generates an interrupt when it reaches zero

Hypervisor types

• Type 0 - Hardware based (LPARs, LDOMs) -divides physical resources • Type 1 - OS like (VMware, Xenserver) • Type 1 - General Purpose OS (win server running HyperV, centOS running KVM) • Type 2 - Applications (VMware workstation, virtualbox)

What happens when an interrupt occurs?

• Upon interrupt, CPU stops what it is doing and transfers execution to a fixed location - Interrupt vector is an array of addresses for interrupt service routines to carry out next steps • Interrupted instructions must be saved so that they can be resumed after the interrupt - After the interrupt routine completes, continue on where you left up

dual-mode

• User mode and kernel mode • Privileged instructions run in kernel mode • Mode bit (hardware) indicates the mode (kernel=0)

process termination

• exit normally: proper ending, deallocate resources • kill processes: terminate before job is done

multiprogramming

• increases CPU utilization by organizing jobs efficiently (always has a job to execute) • Use job scheduling based on the jobs in memory

Container benefits

• more lightweight • faster to start/stop • better performance • more portable

Goals of protection

•Computer consists of collections of objects (Hardware and software) •Objects have unique name (Allows access through defined operations) •The problem: Ensure each object is accessed correctly; Ensure each object is accessed only by those that are allowed to

Command

○ CLI or shells ○ Reads text and interprets ○ Windows: CMD or PowerShell ○ Linux: sh or bash

Batch

○ Execute files with commands inside ○ Example: autoexec.bat ○ Script files with commands you can enter into a terminal

information maintenance

○ Get and set date/time ○ Get and set system data ○ Get and set process, file, or device attributes

powershell - working with services

○ Get-Service ○ Get-Service | Where-Object {$_.status -eq "running"} ■ Show all running services

high-level language implementation

○ High-level language implementation has advantages ■ Easier to code ■ Tends to be very portable ○ Disadvantages ■ Slower ■ More storage requirements ○ Better data structures, refined critical code, and better memory management help with performance improvements

Mechanisms and policies

○ Mechanism - How something will be done ○ Policy - What will be done

User services

○ Program execution ○ I/O operations ○ File system manipulations ○ Communications ■ Shared memory and memory passing

System services

○ Resource allocation ○ Accounting ○ Protection and Security ■ Access to resources ■ User Authentication

OS design goals

○ User wants convenience, ease of use, and speed ○ System wants to be efficient, reliable, and maintenance free

file and device management

● File management ○ Open, close, create, delete files ○ Read, write to file ○ Get and set attributes ● Device management ○ Request, lock, and release device ○ Get device attributes ○ Attach/Detach devices

powershell scripting and loops

● Filename ends in .ps1 ● Variables are created with $ ○ $firstName, $lastName, etc. ● If/Else Statements ○ if(some equality) {Something} else {SomethingElse} ● DoWhile and While ○ Do { Something} While(some equality) ○ While (something) {SomethingToDo} ● ForEach (item in list) {DoSomething}

Domain controllers

● Good ○ Central location for user management ○ Can create group policies (Put users in groups, then create specific rules for those groups) ● Bad ○ If only one DC, it is a central point of failure

Linux terminal

● Kernel and choice of OS provide commands to ○ Navigate through the system ○ Manage the system ● Command examples: ○ man: manual pages for commands ○ ls: list directory contents ○ rm: delete file or directory ○ du: Show amount of space used by files

communication

● Message passing ○ Direct or indirect (mailboxes) ○ Host and process identifiers used to manage ○ Useful for small amounts of data ● Shared memory ○ Two processes share the same memory, thus can communicate with each other

types of system calls

● Process control ● File management and manipulation ● Device management and manipulation ● Information maintenance ● Communication ● Protection

protection

● Protection needed for multi-user systems and networking ● System calls used to: ○ Control access to resources ○ Get and set permissions ○ Allow or deny user access

OS structure

● Structured to avoid monolithic systems ● Example structures: ○ Simple - MS DOS ○ Layered - Hardware (0) up to user interface (n) ○ Hybrid - Dynamically add functionality as needed (iOS, Android)

System calls

● Used to interface with services from an OS ● Usually written in C or C++ ● Considered an API ○ Application Programming Interface ○ Functions with defined parameters and return values ● Intercept function calls in API, invoke system calls with OS

GUI

● User-friendly desktop interface ● Icons used to represent files, programs, actions, links, etc. ● Mouse buttons can provide different actions ○ Right click, left click, middle click, etc. ● Touch screen interfaces are part of this ○ Virtual keyboard and mouse

process control

● end() and abort() ○ Kills the process. Used in ctrl-x and ctrl-z in linux ● fork() and exec() ○ Create processes ● Allows to wait for events or a signal ● Can allocate and free memory

Thread

• A thread is a group of information needed to complete a task • Each process has at least one thread • Process can run multiple threads at a time (threads can also have multiple processes) • The CPU can work on multiple threads at a time (Improves efficiency)

Memory management

• All data in memory before and after processing • All instructions in memory in order to execute • Memory management determines what is in memory when optimizing CPU utilization and computer response to users

Security violation categories

• Breach of Confidentiality (Reading) • Breach of Integrity (Modification) • Breach of Availability (Destruction) • Theft of service: Using resources you shouldn't be • Denial of service: Prevent legitimate use

caching

• Can be performed in hardware, OS, software • Information in use copied from slower to faster storage temporarily • Faster storage (cache) checked first to determine if information is there - If it is, information used directly from the cache (fast) - If not, data copied to cache and used there

advantages of threads

• Creating separate processes takes more time • Improves responsiveness • Threads share the same address space in terms of resources • Systems are being designed to support multiple cores

Process management activities

• Creating/deleting both user and system processes • Suspending and resuming processes • Providing mechanisms for process synchronization • Providing mechanisms for process communication • Providing mechanisms for deadlock handling

Rough or broad privilege

• Easier management • Simple to understand • Least privilege done in large chunks

Other types of virtualization

• Emulators • Programming environment • Application containment

Passwords

• Encrypt to add layer of security • Only available to high privilege users • Never stored in decrypted state • Add a "salt" to avoid password being encrypted to same value

process communication

• Exchange information through memory -Message queue or shared memory •Shared memory -Quick, but possible collision •Message Queue -Slow, but efficient. -Can run out of space if too many messages

5 states of a process

new, running, waiting, ready, terminated

OS services

- Users need services that the OS provides to programs - Services make using the system: ■ More efficient ■ Convenient for programmers ■ Easier for users - Can divide into two categories ■ Helpful to user ■ Efficient operation of system

Storage-device hierarchy (from Expensive/fast/small/volatile to cheap/slow/large/permanent)

- registers - cache - main memory - solid-state disk - magnetic disk - optical disk - magnetic tapes

User interface

-batch -command -gui

Queues

-job queue: all processes -ready queue: waiting to execute -device queue: waiting for some I/O

schedulers

-long term (job scheduler): which programs are allowed in -short term (CPU scheduler): send ready processes to CPU; quick (every 100ms)

Live migration

1. Guest source is running 2. establish connection with target 3. create guest target 4. send R/O pages 5. send R/W pages 6. send dirty pages (repeatedly) 7. run guest target 8. terminate guest source

Multiprocessors (parallel systems, tightly-coupled systems) advantages

1. Increased throughput 2. Economy of scale 3. Increased reliability - graceful degradation or fault tolerance

OS is ____ driven

interrupt

CPU instructions load only from ______ ______

main memory (RAM)