DOC PREVIEW
CMU CS 15410 - Lecture

This preview shows page 1-2-3-4-26-27-28-53-54-55-56 out of 56 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 56 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 56 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 56 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 56 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 56 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 56 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 56 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 56 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 56 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 56 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 56 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 56 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Slide 47Slide 48Slide 49Slide 50Slide 51Slide 52Slide 53Slide 54Slide 55Slide 5615-410, F’04- 1 -ProtectionNov. 22, 2004Dave EckhardtDave EckhardtBruce MaggsBruce MaggsL31_Protection15-410“...1969 > 1999?...”15-410, F’04- 1 -SynchronizationPlease fill out P3/P4 registration form by midnight+Please fill out P3/P4 registration form by midnight+On the “Projects” web pageWe need to know whom to grade when...Some of you need a p3extra hand-in directory...Debugging is a skill....Debugging is a skill....15-41215-412If this was fun...If you want to see how it's done “in real life”,If you want to write real OS code used by real people,Consider 15-412 (Spring '05)15-410, F’04- 1 -SynchronizationProject 4 optionsProject 4 optionsVirtual consolesN virtual screens/keyboards“Hot-key” switch among themPipespipe(), read(), write(), ...Integration with readline(), print()See writeup on Projects page15-410, F’04- 1 -SynchronizationIntel Labs Iternet Suspend/Resume positionIntel Labs Iternet Suspend/Resume positionIntel is seeking a “full-time intern”Position available DecemberSolid OS backgroundPerl, C, Red Hat Linux, ApacheDistributed file systemsMulti-activity positionSystem deployment, development, maintenanceMay turn into a full-time developer positionLast occupant didhttp://www.cs.cmu.edu/~davide/intel-intern.htmlRésumé to: [email protected], F’04- 1 -OutlineProtection (Chapter 18)Protection (Chapter 18)Protection vs. SecurityDomains (Unix, Multics)Access MatrixConcept, ImplementationRevocation – not really covered today (see text)Mentioning EROSMentioning EROS15-410, F’04- 1 -Protection vs. SecurityTextbook's distinctionTextbook's distinctionProtection happens inside a computerWhich parts may access which other parts (how)?Security considers external threatsIs the system's model intact or compromised?15-410, F’04- 1 -ProtectionGoalsGoalsPrevent intentional attacks“Prove” access policies are always obeyedDetect bugs“Wild pointer” examplePolicy specificationsPolicy specificationsSystem administratorsUsers - May want to add new privileges to system15-410, F’04- 1 -ObjectsHardwareHardwareSingle-use: printer, serial port, CD writer, ...Aggregates: CPU, memory, disks, screenLogicalLogical objects objectsFilesProcessesTCP port 25Database tables15-410, F’04- 1 -OperationsDepend on objectDepend on objectCPU: execute(...)CD-ROM: read(...)Disk: read_sector(), write_sector()15-410, F’04- 1 -Access ControlBasicBasicYour processes should access only “your stuff”Implemented by many systemsPrinciple of least privilegePrinciple of least privilege(text: “need-to-know”)cc -c foo.cshould read foo.c, stdio.h, ...should write foo.oshould not write ~/.cshrcThis is harder15-410, F’04- 1 -Who Can Do What?access right = (object, operations)access right = (object, operations)/etc/passwd, r/etc/passwd, r/wprocess process protection domainprotection domainP0  de0u, P1  bmm, ...protection domain protection domain  list of access rights list of access rightsde0u  (/etc/passwd, r), (/afs/andrew/usr/de0u/.cshrc, w)15-410, F’04- 1 -Protection Domain ExampleDomain 1Domain 1/dev/null, read/write/usr/davide/.cshrc, read/write/usr/smuckle/.cshrc, readDomain 2Domain 2/dev/null, read/write/usr/smuckle/.cshrc, read/write/usr/davide/.cshrc, read15-410, F’04- 1 -Protection Domain UsageLeast privilege requires Least privilege requires domain changesdomain changesDoing different jobs requires different privilegesOne printer daemon, N usersPrint each user's file with minimum necessary privileges...Two general approachesTwo general approaches“process  domain” mapping constantRequires domains to add and drop privilegesUser “printer” gets, releases permission to read your fileDomain privileges constantProcesses domain-switch between high-privilege, low-privilege domainsPrinter process opens file as you, opens printer as “printer”15-410, F’04- 1 -Protection Domain ModelsThree modelsThree modelsDomain = userDomain = processDomain = procedure15-410, F’04- 1 -Domain = UserObject permissions depend on Object permissions depend on who you arewho you areAll processes you are running share privilegesAll processes you are running share privilegesDomain switch = Log off, log onDomain switch = Log off, log on15-410, F’04- 1 -Domain = ProcessResources managed by special processesResources managed by special processesPrinter daemon, file server process, ...Domain switchDomain switchObjects cross domain boundaries via IPC“Please send these bytes to the printer” (pieces missing) s = socket(AF_UNIX, SOCK_STREAM, 0); connect(s, pserver, sizeof pserver); mh->cmsg_type = SCM_RIGHTS; mh->cmsg_len[0] = open(“/my/file”, 0, 0); sendmsg(s, &mh, 0);15-410, F’04- 1 -Domain = ProcedureProcessor limits access at fine grainProcessor limits access at fine grainHardware protection on a per-variable basis!Domain switch – Domain switch – Inter-domain procedure callInter-domain procedure callnr = print(strlen(buf), buf);“The correct domain” for print()Access to OS's data structuresPermission to call OS's internal putbytes()Permission to read user's bufIdeally, correct domain automatically created by hardwareCommon case: “user mode” vs. “kernel mode”15-410, F’04- 1 -Unix “setuid” conceptAssume Unix domain = numeric user idAssume Unix domain = numeric user idNot the whole story! This overlooks:Group id, group vectorProcess group, controlling terminalSuperuserBut let's pretendDomain switch via Domain switch via setuid executablesetuid executableSpecial permission bit set with chmodMeaning: exec() changes uid to executable file's ownerGatekeeper programs“lpr” run by anybody can access printer's queue files15-410, F’04- 1 -Access Matrix


View Full Document

CMU CS 15410 - Lecture

Download Lecture
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?