Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Operating Systems Lesson 5: Shared Objects.

Similar presentations

Presentation on theme: "Secure Operating Systems Lesson 5: Shared Objects."— Presentation transcript:

1 Secure Operating Systems Lesson 5: Shared Objects

2 Where are we?  We have got more of the fundamental security structures of our OS in our heads  But now we have to face a real challenge: shared objects

3 The OS doesn’t HAVE TO…  I’ve used that heading before, but it’s true  There’s no requirement for our OS to support sharing between users and processes… but it sure comes in handy  Once again, we have a tension between performance and security

4 Two Parts of the Problem  Sharing actual information  Synchronizing between threads and/or processes

5 Peterson’s Solution  Two shared variables: int turn; boolean flag[2]  Code: flag[i] = TRUE; turn = j; while (flag[j] && turn == j); // Do Critical Section flag[i] = FALSE;

6 Peterson’s Solution II PROCESS 0  flag[0] = TRUE; turn = 1; while(flag[1] && turn == 1); // Critical Section flag[0] = FALSE; PROCESS 1  flag[1] = TRUE; turn = 0; while(flag[0] && turn == 0); // Critical Section flag[1] = FALSE;

7 Hardware Support  The challenge of disabling interrupts is that it’s expensive  Many OS provide a hardware “test and set” instruction, which allows atomic access to a chunk of memory  Swap: void Swap(boolean *a, boolean *b) { boolean temp = *a; *a = *b; *b = temp; }

8 Implemented as…  do { key = TRUE; while (key == TRUE) swap(&lock, &key); // Critical Section lock = FALSE; } while (TRUE);  Mutual-exclusion with Swap…

9 Semaphores  wait(S) { while (S <= 0); //nop S--; }  signal(S) { S++; }  This really looks like a spinlock…

10 Semaphores  wait(semaphore *S) { S->value--; if (S->value list; block(); // SLEEP } } // This will halt until we own the semaphore

11 Deadlocks  P0 wait(S); wait(Q); … signal(S); signal(Q);  P1 wait(Q); wait(S); … signal(Q); signal(S);

12 Priority Inversion  Imagine we have three procii, L, M and H, where L is Low Priority, M, medium, and H, High  L is holding a resource which is blocking H, but gets swapped out for M  This is known as Priority Inversion… and it’s a real problem!  Probably we should talk about different scheduling approaches

13 Mars Sojourner  Long running, medium priority Comms task  Low priority weather task  High priority information bus thread  Low priority wx task acquires a mutex for the bus… gets interrupted by the Comms task (long running), blocking the high priority bus thread… tada! Priority Inversion  Can be a security issue too! Can be solved by priority inheritance

14 Atomicity  Making sure something is atomic is pretty easy on a single core system  On a more complex system it can get REALLY hard  One approach is transactional memory – move the problem to the memory not the programmer  None of this has even touched on how we SHARE information between processes…

15 Race Conditions  Poor synchronization can lead to race conditions – a subset of which is called TOCTOU  Race conditions arise from interdependence that is unrealized or incorrectly implemented

16 Things to Do  Read “An Investigation of the Therac-25 Accidents”, Nancy Leveson, Clark S. Turner

17 Questions & Comments  What do you want to know?

Download ppt "Secure Operating Systems Lesson 5: Shared Objects."

Similar presentations

Ads by Google