Presentation is loading. Please wait.

Presentation is loading. Please wait.

95-752:7-1 Operating System Features. 95-752:7-2 Operating System Features Memory protection Temporary file issues Dead space issues Sandboxing Object.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "95-752:7-1 Operating System Features. 95-752:7-2 Operating System Features Memory protection Temporary file issues Dead space issues Sandboxing Object."— Presentation transcript:

1 95-752:7-1 Operating System Features

2 95-752:7-2 Operating System Features Memory protection Temporary file issues Dead space issues Sandboxing Object Request Brokers

3 95-752:7-3 Separation Physical – processes use different physical objects Temporal – processes use same objects at different times Logical – processes use objects in constrained space Cryptographic – processes use only intelligible objects

4 95-752:7-4 Levels of Protection None Isolation Share all/Share none Share via access limitation Share by capabilities Limited use

5 95-752:7-5 Granularity Volume (physical storage structure) Data collection (file, database, memory) Data element (entry, memory structure) Field (value within data element) Word (addressable memory unit) Byte (character) Bit (1/0) Detail vs. Efficiency

6 95-752:7-6 Mechanisms Fence Register Relocation Base/Bounds Register Tagged Architecture Segmentation Paging Paged Segmentation Capability

7 95-752:7-7 Fence Register Address bounding protected and open memory –Protected, typically operating system –Open, typically user No protection within bounds Operating System User Program Space Fence 0 8192 Max 8193

8 95-752:7-8 Relocation Need to shift programs in memory Programs written using memory 0 and above Operating system translates to actual location Retranslate to shift program in memory Operating System Program A (old) Program A (new) 0 8192 16384 24576

9 95-752:7-9 Base/Bounds Register Starting address for program – base register Max allocated address – bounds register Changed at context switch Operating System Program A Program B 0 8192 16384 24576 Base Bound 16384 20480

10 95-752:7-10 Tagged Architecture Each word of memory has identified access rights Rights tested on each access Typically few distinctions –Data –Pointer –Control D0001D0002D0003P8192CLoad ACAdd BCStore CP16384D0004D0005D0006P10572

11 95-752:7-11 Segmentation Program pieces –Instructions –Data –Constants Access Store separately –Base –bound Protect differently Allow sharing External fragmentation Operating System Program B Data Program Instructions Program A Data Program Constants A Table Data Inst. Con. B Table Data Inst. Con. rw x r wx r

12 95-752:7-12 Paging Equal-size blocks Access Offset > size goes to next page Difficult to protect Less fragmentation Difficult to share a b g d e f h c i j Page table 0f1b2j3e j+53

13 95-752:7-13 Paged Segmentation Segment references translate to page references – –, > Segmentation for sharing/protection Paging for ease of handling

14 95-752:7-14 Capabilities Unforgeable token –Identity of object requested –Rights to object –Signature of broker Control of rights transfer Control of rights propagation Done at structure level

15 95-752:7-15 Temporary File Issues Temporary file – duration for life of process only Intended private and non-invasive Threats –Disclosure –Modification –Misdirection Protection via atomic transactions

16 95-752:7-16 Dead Space Issues What are default values? –Random –Zero –Whatever was there before What are cleared values? –Random –Zero –Pattern –No clearing

17 95-752:7-17 Sandboxing Restricted environment for untrusted code –Web code –Email code –Issues of completeness, operations available Alternative: trust vendor signature(ActiveX) Alternative: carry proof (lab systems) Alternative: cryptography (Microsoft)

18 95-752:7-18 Object Request Brokers Object – code and data bundle, limited access methods Broker – mediate communication between objects CORBA – industry standard Still a lot of discussion about protection

Download ppt "95-752:7-1 Operating System Features. 95-752:7-2 Operating System Features Memory protection Temporary file issues Dead space issues Sandboxing Object."

Similar presentations

Part IV: Memory Management

Part IV: Memory Management
Machine Independent Assembler Features

Machine Independent Assembler Features
Chapter 15 Address Translation Chien-Chung Shen CIS, UD

Chapter 15 Address Translation Chien-Chung Shen CIS, UD
Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.

Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.
CSC 405 Introduction to Computer Security

CSC 405 Introduction to Computer Security
Chapter 11: File System Implementation

Chapter 11: File System Implementation
Day 20 Memory Management. Assumptions A process need not be stored as one contiguous block. The entire process must reside in main memory.

Day 20 Memory Management. Assumptions A process need not be stored as one contiguous block. The entire process must reside in main memory.
Memory Management Design & Implementation Segmentation Chapter 4.

Memory Management Design & Implementation Segmentation Chapter 4.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Memory Organization.

Memory Organization.
Computer Organization and Architecture

Computer Organization and Architecture
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
SE571 Security in Computing

SE571 Security in Computing
Operating System Chapter 7. Memory Management Lynn Choi School of Electrical Engineering.

Operating System Chapter 7. Memory Management Lynn Choi School of Electrical Engineering.
Systems Security & Audit Operating Systems security.

Systems Security & Audit Operating Systems security.
Memory Management Chapter 7.

Memory Management Chapter 7.
Chapter 5 Operating System Support. Outline Operating system - Objective and function - types of OS Scheduling - Long term scheduling - Medium term scheduling.

Chapter 5 Operating System Support. Outline Operating system - Objective and function - types of OS Scheduling - Long term scheduling - Medium term scheduling.
8.4 paging Paging is a memory-management scheme that permits the physical address space of a process to be non-contiguous. The basic method for implementation.

8.4 paging Paging is a memory-management scheme that permits the physical address space of a process to be non-contiguous. The basic method for implementation.
The Structure of Processes (Chap 6 in the book “The Design of the UNIX Operating System”)

The Structure of Processes (Chap 6 in the book “The Design of the UNIX Operating System”)

Similar presentations

Ads by Google