95-752:7-1 Operating System Features

95-752:7-2 Operating System Features Memory protection Temporary file issues Dead space issues Sandboxing Object Request Brokers

95-752:7-3 Separation Physical – processes use different physical objects Temporal – processes use same objects at different times Logical – processes use objects in constrained space Cryptographic – processes use only intelligible objects

95-752:7-4 Levels of Protection None Isolation Share all/Share none Share via access limitation Share by capabilities Limited use

95-752:7-5 Granularity Volume (physical storage structure) Data collection (file, database, memory) Data element (entry, memory structure) Field (value within data element) Word (addressable memory unit) Byte (character) Bit (1/0) Detail vs. Efficiency

95-752:7-6 Mechanisms Fence Register Relocation Base/Bounds Register Tagged Architecture Segmentation Paging Paged Segmentation Capability

95-752:7-7 Fence Register Address bounding protected and open memory –Protected, typically operating system –Open, typically user No protection within bounds Operating System User Program Space Fence Max 8193

95-752:7-8 Relocation Need to shift programs in memory Programs written using memory 0 and above Operating system translates to actual location Retranslate to shift program in memory Operating System Program A (old) Program A (new)

95-752:7-9 Base/Bounds Register Starting address for program – base register Max allocated address – bounds register Changed at context switch Operating System Program A Program B Base Bound

95-752:7-10 Tagged Architecture Each word of memory has identified access rights Rights tested on each access Typically few distinctions –Data –Pointer –Control D0001D0002D0003P8192CLoad ACAdd BCStore CP16384D0004D0005D0006P10572

95-752:7-11 Segmentation Program pieces –Instructions –Data –Constants Access Store separately –Base –bound Protect differently Allow sharing External fragmentation Operating System Program B Data Program Instructions Program A Data Program Constants A Table Data Inst. Con. B Table Data Inst. Con. rw x r wx r

95-752:7-12 Paging Equal-size blocks Access Offset > size goes to next page Difficult to protect Less fragmentation Difficult to share a b g d e f h c i j Page table 0f1b2j3e j+53

95-752:7-13 Paged Segmentation Segment references translate to page references – –, > Segmentation for sharing/protection Paging for ease of handling

95-752:7-14 Capabilities Unforgeable token –Identity of object requested –Rights to object –Signature of broker Control of rights transfer Control of rights propagation Done at structure level

95-752:7-15 Temporary File Issues Temporary file – duration for life of process only Intended private and non-invasive Threats –Disclosure –Modification –Misdirection Protection via atomic transactions

95-752:7-16 Dead Space Issues What are default values? –Random –Zero –Whatever was there before What are cleared values? –Random –Zero –Pattern –No clearing

95-752:7-17 Sandboxing Restricted environment for untrusted code –Web code – code –Issues of completeness, operations available Alternative: trust vendor signature(ActiveX) Alternative: carry proof (lab systems) Alternative: cryptography (Microsoft)

95-752:7-18 Object Request Brokers Object – code and data bundle, limited access methods Broker – mediate communication between objects CORBA – industry standard Still a lot of discussion about protection