SlideShare ist ein Scribd-Unternehmen logo

Protection in Operating System Layer

Sidharth D
Sidharth D

The document discusses protection in operating systems. It explains that resources require protection from illegitimate access to ensure only allowed processes can access objects. The principle of least privilege is discussed, where programs are given just enough privileges to perform tasks. Threats can come from malicious or buggy code. Protection is provided through type-safe languages, hardware support using a kernel, supervisor mode, address spaces, and traps invoked through system calls.

BildungTechnologie
1 von 20
Downloaden Sie, um offline zu lesen
PROTECTION IN OPERATING SYSTEMS DISTRIBUTED COMPUTING - SEMINAR 1 Sidharth D | sidharth363@gmail.com
What Protection is About? ● Resources require protection from illegitimate access. ● That is, ensure that each object is accessed correctly and only by those processes that are allowed to do so. 2 Sidharth D | sidharth363@gmail.com
Principle of Protection PRINCIPLE OF LEAST PRIVILEGE Programs, users and systems should be given just enough privileges to perform their tasks 3 Sidharth D | sidharth363@gmail.com
Sources of Threats MALICIOUS CODE BUGGY CODE 4 Sidharth D | sidharth363@gmail.com
How to tackle illegitimate access? Type – Safe Language Hardware Support 5 Sidharth D | sidharth363@gmail.com
What is a Type – Safe Language? ● Module A can access Module B only by using method calls provided by programmer of B. ● No pointers can be made up. ● A module cannot change another module's variables arbitrarily. 6 Sidharth D | sidharth363@gmail.com
Examples C Type-safe! C++ Non-type-safe! 7 Sidharth D | sidharth363@gmail.com
Protection by Hardware Support Modules can be protected from one another at the level of individual invocations. Made possible by : KERNEL 8 Sidharth D | sidharth363@gmail.com
Kernel ● Runs always ● Has complete access privileges for the physical resources. ● Makes sure that other codes run legitimately. 9 Sidharth D | sidharth363@gmail.com
Modes of Execution Kernel processes Supervisor mode (privileged) Other processes User mode (unprivileged) 10 Sidharth D | sidharth363@gmail.com
Use of Address Spaces ● Address space – collection of ranges of virtual memory locations assigned to each process. ● Kernel sets up address spaces. ● Each address space has defined access rights example: read-only, read-write etc. ● A process cannot access memory outside its address space. 11 Sidharth D | sidharth363@gmail.com
User Process ● Also called user–level process. ● Executes in user mode. ● Has user-level address space. implication Restricted Memory Access Rights 12 Sidharth D | sidharth363@gmail.com
Use of Address Spaces (contd.) Process Application code Kernel code User-level address space Kernel's address space 13 Sidharth D | sidharth363@gmail.com
Use of Address Spaces (contd.) User-level address space TRAP Kernel's address space 14 Sidharth D | sidharth363@gmail.com
TRAP ● Invocation mechanism for resources managed by the kernel. ● System call trap implemented by machine-level TRAP instruction. Processor TRAP Supervisor mode 15 Sidharth D | sidharth363@gmail.com
TRAP (contd.) ● On TRAP, hardware forces processor to execute a kernel – supplied handler function. ● Result : no process gains illicit control of the hardware. 16 Sidharth D | sidharth363@gmail.com
Price for Protection User-level address space Simple procedure or method call Many processor cycles Kernel's address space TRAP 17 Sidharth D | sidharth363@gmail.com
Winding Up... ● Resources require protection from illegitimate access. ● Principle of least privilege. ● Sources – malicious code, buggy code. ● Type-safe languages. ● Hardware support (kernel). ● Supervisor mode, privileged mode. ● User address space, kernel's address space. ● Price for protection. Sidharth D | sidharth363@gmail.com 18
Reference [1] G. Coulouris, et. al., “Operating system support,” in Distributed Systems Concepts and Design, 4 th ed. Noida, India: Dorling Kindersley(India) Pvt. Ltd., 2009, ch. 6, sec. 3, pp. 210-211 19 Sidharth D | sidharth363@gmail.com
Thank you... 20 Sidharth D | sidharth363@gmail.com

Empfohlen

2. Distributed Systems Hardware & Software concepts
2. Distributed Systems Hardware & Software concepts2. Distributed Systems Hardware & Software concepts
2. Distributed Systems Hardware & Software conceptsPrajakta Rane
 
Communication primitives
Communication primitivesCommunication primitives
Communication primitivesStudent
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure callSunita Sahu
 
Operating System Process Synchronization
Operating System Process SynchronizationOperating System Process Synchronization
Operating System Process SynchronizationHaziq Naeem
 
Distributed dbms
Distributed dbmsDistributed dbms
Distributed dbmsReachLocal Services India
 
Swap-space Management
Swap-space ManagementSwap-space Management
Swap-space ManagementAgnas Jasmine
 
Message passing ( in computer science)
Message passing ( in computer science)Message passing ( in computer science)
Message passing ( in computer science)Computer_ at_home
 
operating system lecture notes
operating system lecture notesoperating system lecture notes
operating system lecture notesAVC College of Engineering
 

Empfohlen

2. Distributed Systems Hardware & Software concepts
2. Distributed Systems Hardware & Software concepts2. Distributed Systems Hardware & Software concepts
2. Distributed Systems Hardware & Software conceptsPrajakta Rane
 
Communication primitives
Communication primitivesCommunication primitives
Communication primitivesStudent
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure callSunita Sahu
 
Operating System Process Synchronization
Operating System Process SynchronizationOperating System Process Synchronization
Operating System Process SynchronizationHaziq Naeem
 
Distributed dbms
Distributed dbmsDistributed dbms
Distributed dbmsReachLocal Services India
 
Swap-space Management
Swap-space ManagementSwap-space Management
Swap-space ManagementAgnas Jasmine
 
Message passing ( in computer science)
Message passing ( in computer science)Message passing ( in computer science)
Message passing ( in computer science)Computer_ at_home
 
operating system lecture notes
operating system lecture notesoperating system lecture notes
operating system lecture notesAVC College of Engineering
 
Shared memory
Shared memoryShared memory
Shared memoryAbhishek Khune
 
Thrashing allocation frames.43
Thrashing allocation frames.43Thrashing allocation frames.43
Thrashing allocation frames.43myrajendra
 
Deadlock Prevention
Deadlock PreventionDeadlock Prevention
Deadlock Preventionprachi mewara
 
directory structure and file system mounting
directory structure and file system mountingdirectory structure and file system mounting
directory structure and file system mountingrajshreemuthiah
 
Grasp patterns and its types
Grasp patterns and its typesGrasp patterns and its types
Grasp patterns and its typesSyed Hassan Ali
 
Communication costs in parallel machines
Communication costs in parallel machinesCommunication costs in parallel machines
Communication costs in parallel machinesSyed Zaid Irshad
 
Hardware multithreading
Hardware multithreadingHardware multithreading
Hardware multithreadingFraboni Ec
 
Introduction to System Calls
Introduction to System CallsIntroduction to System Calls
Introduction to System CallsVandana Salve
 
Sockets in unix
Sockets in unixSockets in unix
Sockets in unixswtjerin4u
 
Types of Addressing modes- COA
Types of Addressing modes- COATypes of Addressing modes- COA
Types of Addressing modes- COARuchi Maurya
 
Design issues for the layers
Design issues for the layersDesign issues for the layers
Design issues for the layersjayaprakash
 
Message and Stream Oriented Communication
Message and Stream Oriented CommunicationMessage and Stream Oriented Communication
Message and Stream Oriented CommunicationDilum Bandara
 
Distributed System ppt
Distributed System pptDistributed System ppt
Distributed System pptOECLIB Odisha Electronics Control Library
 
Two pass Assembler
Two pass AssemblerTwo pass Assembler
Two pass AssemblerSatyamevjayte Haxor
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Process synchronization
Process synchronizationProcess synchronization
Process synchronizationSyed Hassan Ali
 
Distributed Systems Naming
Distributed Systems NamingDistributed Systems Naming
Distributed Systems NamingAhmed Magdy Ezzeldin, MSc.
 
Introduction to distributed database
Introduction to distributed databaseIntroduction to distributed database
Introduction to distributed databaseSonia Panesar
 
Performance analysis(Time & Space Complexity)
Performance analysis(Time & Space Complexity)Performance analysis(Time & Space Complexity)
Performance analysis(Time & Space Complexity)swapnac12
 
Process synchronization in Operating Systems
Process synchronization in Operating SystemsProcess synchronization in Operating Systems
Process synchronization in Operating SystemsRitu Ranjan Shrivastwa
 
Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010lincolng
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportAjit Gaddam
 

Weitere ähnliche Inhalte

Was ist angesagt?

Thrashing allocation frames.43
Thrashing allocation frames.43Thrashing allocation frames.43
Thrashing allocation frames.43myrajendra
 
directory structure and file system mounting
directory structure and file system mountingdirectory structure and file system mounting
directory structure and file system mountingrajshreemuthiah
 
Grasp patterns and its types
Grasp patterns and its typesGrasp patterns and its types
Grasp patterns and its typesSyed Hassan Ali
 
Communication costs in parallel machines
Communication costs in parallel machinesCommunication costs in parallel machines
Communication costs in parallel machinesSyed Zaid Irshad
 
Hardware multithreading
Hardware multithreadingHardware multithreading
Hardware multithreadingFraboni Ec
 
Introduction to System Calls
Introduction to System CallsIntroduction to System Calls
Introduction to System CallsVandana Salve
 
Sockets in unix
Sockets in unixSockets in unix
Sockets in unixswtjerin4u
 
Types of Addressing modes- COA
Types of Addressing modes- COATypes of Addressing modes- COA
Types of Addressing modes- COARuchi Maurya
 
Design issues for the layers
Design issues for the layersDesign issues for the layers
Design issues for the layersjayaprakash
 
Message and Stream Oriented Communication
Message and Stream Oriented CommunicationMessage and Stream Oriented Communication
Message and Stream Oriented CommunicationDilum Bandara
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Introduction to distributed database
Introduction to distributed databaseIntroduction to distributed database
Introduction to distributed databaseSonia Panesar
 
Performance analysis(Time & Space Complexity)
Performance analysis(Time & Space Complexity)Performance analysis(Time & Space Complexity)
Performance analysis(Time & Space Complexity)swapnac12
 
Process synchronization in Operating Systems
Process synchronization in Operating SystemsProcess synchronization in Operating Systems
Process synchronization in Operating SystemsRitu Ranjan Shrivastwa
 

Was ist angesagt? (20)

Shared memory
Shared memoryShared memory
Shared memory
 
Thrashing allocation frames.43
Thrashing allocation frames.43Thrashing allocation frames.43
Thrashing allocation frames.43
 
Deadlock Prevention
Deadlock PreventionDeadlock Prevention
Deadlock Prevention
 
directory structure and file system mounting
directory structure and file system mountingdirectory structure and file system mounting
directory structure and file system mounting
 
Grasp patterns and its types
Grasp patterns and its typesGrasp patterns and its types
Grasp patterns and its types
 
Communication costs in parallel machines
Communication costs in parallel machinesCommunication costs in parallel machines
Communication costs in parallel machines
 
Hardware multithreading
Hardware multithreadingHardware multithreading
Hardware multithreading
 
Introduction to System Calls
Introduction to System CallsIntroduction to System Calls
Introduction to System Calls
 
Sockets in unix
Sockets in unixSockets in unix
Sockets in unix
 
Types of Addressing modes- COA
Types of Addressing modes- COATypes of Addressing modes- COA
Types of Addressing modes- COA
 
Design issues for the layers
Design issues for the layersDesign issues for the layers
Design issues for the layers
 
Message and Stream Oriented Communication
Message and Stream Oriented CommunicationMessage and Stream Oriented Communication
Message and Stream Oriented Communication
 
Distributed System ppt
Distributed System pptDistributed System ppt
Distributed System ppt
 
Two pass Assembler
Two pass AssemblerTwo pass Assembler
Two pass Assembler
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Process synchronization
Process synchronizationProcess synchronization
Process synchronization
 
Distributed Systems Naming
Distributed Systems NamingDistributed Systems Naming
Distributed Systems Naming
 
Introduction to distributed database
Introduction to distributed databaseIntroduction to distributed database
Introduction to distributed database
 
Performance analysis(Time & Space Complexity)
Performance analysis(Time & Space Complexity)Performance analysis(Time & Space Complexity)
Performance analysis(Time & Space Complexity)
 
Process synchronization in Operating Systems
Process synchronization in Operating SystemsProcess synchronization in Operating Systems
Process synchronization in Operating Systems
 

Andere mochten auch

Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010lincolng
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportAjit Gaddam
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Jayesh Naik
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Introduction To Linux Security
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux SecurityMichael Boman
 
Security Configuration Management for Dummies
Security Configuration Management for DummiesSecurity Configuration Management for Dummies
Security Configuration Management for DummiesTripwire
 
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?Michael Boelen
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneAnne Nicolas
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsAnne Nicolas
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Securitypankaj009
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security OverviewShawn Wells
 
Linux Security Scanning with Lynis
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with LynisMichael Boelen
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for DevelopersMichael Boelen
 
Linux Security, from Concept to Tooling
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to ToolingMichael Boelen
 

Andere mochten auch (20)

Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability report
 
Jaundice
Jaundice Jaundice
Jaundice
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
Introduction To Linux Security
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux Security
 
Security Configuration Management for Dummies
Security Configuration Management for DummiesSecurity Configuration Management for Dummies
Security Configuration Management for Dummies
 
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyone
 
Linux Security
Linux SecurityLinux Security
Linux Security
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
 
SELinux basics
SELinux basicsSELinux basics
SELinux basics
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Security
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
 
Linux Security Scanning with Lynis
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with Lynis
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for Developers
 
Linux Security, from Concept to Tooling
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to Tooling
 

Ähnlich wie Protection in Operating System Layer

8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 MatrixJorge Orchilles
 
Layers, ports and adapters
Layers, ports and adaptersLayers, ports and adapters
Layers, ports and adaptersMatthias Noback
 
Leave me alone; app level protection against runtime information gathering on...
Leave me alone; app level protection against runtime information gathering on...Leave me alone; app level protection against runtime information gathering on...
Leave me alone; app level protection against runtime information gathering on...Joon Young Park
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?APIsecure_ Official
 
Cassandra Lunch #90: Securing Apache Cassandra
Cassandra Lunch #90: Securing Apache CassandraCassandra Lunch #90: Securing Apache Cassandra
Cassandra Lunch #90: Securing Apache CassandraAnant Corporation
 
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerDEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerJorge Orchilles
 
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyLooking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyVlad Savitsky
 
The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)Ron Munitz
 
PAI Unit 2 Protection in 80386 segmentation
PAI Unit 2 Protection in 80386 segmentationPAI Unit 2 Protection in 80386 segmentation
PAI Unit 2 Protection in 80386 segmentationKanchanPatil34
 
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)Ron Munitz
 
Analyzing RDP traffc with Bro
Analyzing RDP traffc with BroAnalyzing RDP traffc with Bro
Analyzing RDP traffc with BroJosh Liburdi
 
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Codemotion
 
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)Ron Munitz
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel HackingDeveler S.r.l.
 
Automotive Grade Linux and systemd
Automotive Grade Linux and systemdAutomotive Grade Linux and systemd
Automotive Grade Linux and systemdAlison Chaiken
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating systemAbdullah Khosa
 
Android Security, From the Ground Up
Android Security, From the Ground UpAndroid Security, From the Ground Up
Android Security, From the Ground UpOpersys inc.
 
COM Hijacking Techniques - Derbycon 2019
COM Hijacking Techniques - Derbycon 2019COM Hijacking Techniques - Derbycon 2019
COM Hijacking Techniques - Derbycon 2019David Tulis
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depthSander Alberink
 

Ähnlich wie Protection in Operating System Layer (20)

8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix
 
Layers, ports and adapters
Layers, ports and adaptersLayers, ports and adapters
Layers, ports and adapters
 
Leave me alone; app level protection against runtime information gathering on...
Leave me alone; app level protection against runtime information gathering on...Leave me alone; app level protection against runtime information gathering on...
Leave me alone; app level protection against runtime information gathering on...
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?
 
Cassandra Lunch #90: Securing Apache Cassandra
Cassandra Lunch #90: Securing Apache CassandraCassandra Lunch #90: Securing Apache Cassandra
Cassandra Lunch #90: Securing Apache Cassandra
 
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerDEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
 
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyLooking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad Savitsky
 
The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)
 
PAI Unit 2 Protection in 80386 segmentation
PAI Unit 2 Protection in 80386 segmentationPAI Unit 2 Protection in 80386 segmentation
PAI Unit 2 Protection in 80386 segmentation
 
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
 
Analyzing RDP traffc with Bro
Analyzing RDP traffc with BroAnalyzing RDP traffc with Bro
Analyzing RDP traffc with Bro
 
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
 
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel Hacking
 
Automotive Grade Linux and systemd
Automotive Grade Linux and systemdAutomotive Grade Linux and systemd
Automotive Grade Linux and systemd
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating system
 
Android Security, From the Ground Up
Android Security, From the Ground UpAndroid Security, From the Ground Up
Android Security, From the Ground Up
 
COM Hijacking Techniques - Derbycon 2019
COM Hijacking Techniques - Derbycon 2019COM Hijacking Techniques - Derbycon 2019
COM Hijacking Techniques - Derbycon 2019
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
 

Kürzlich hochgeladen

Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxcallscotland1987
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 

Kürzlich hochgeladen (20)

Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 

Protection in Operating System Layer

  • 1. PROTECTION IN OPERATING SYSTEMS DISTRIBUTED COMPUTING - SEMINAR 1 Sidharth D | sidharth363@gmail.com
  • 2. What Protection is About? ● Resources require protection from illegitimate access. ● That is, ensure that each object is accessed correctly and only by those processes that are allowed to do so. 2 Sidharth D | sidharth363@gmail.com
  • 3. Principle of Protection PRINCIPLE OF LEAST PRIVILEGE Programs, users and systems should be given just enough privileges to perform their tasks 3 Sidharth D | sidharth363@gmail.com
  • 4. Sources of Threats MALICIOUS CODE BUGGY CODE 4 Sidharth D | sidharth363@gmail.com
  • 5. How to tackle illegitimate access? Type – Safe Language Hardware Support 5 Sidharth D | sidharth363@gmail.com
  • 6. What is a Type – Safe Language? ● Module A can access Module B only by using method calls provided by programmer of B. ● No pointers can be made up. ● A module cannot change another module's variables arbitrarily. 6 Sidharth D | sidharth363@gmail.com
  • 8. Protection by Hardware Support Modules can be protected from one another at the level of individual invocations. Made possible by : KERNEL 8 Sidharth D | sidharth363@gmail.com
  • 9. Kernel ● Runs always ● Has complete access privileges for the physical resources. ● Makes sure that other codes run legitimately. 9 Sidharth D | sidharth363@gmail.com
  • 10. Modes of Execution Kernel processes Supervisor mode (privileged) Other processes User mode (unprivileged) 10 Sidharth D | sidharth363@gmail.com
  • 11. Use of Address Spaces ● Address space – collection of ranges of virtual memory locations assigned to each process. ● Kernel sets up address spaces. ● Each address space has defined access rights example: read-only, read-write etc. ● A process cannot access memory outside its address space. 11 Sidharth D | sidharth363@gmail.com
  • 12. User Process ● Also called user–level process. ● Executes in user mode. ● Has user-level address space. implication Restricted Memory Access Rights 12 Sidharth D | sidharth363@gmail.com
  • 13. Use of Address Spaces (contd.) Process Application code Kernel code User-level address space Kernel's address space 13 Sidharth D | sidharth363@gmail.com
  • 14. Use of Address Spaces (contd.) User-level address space TRAP Kernel's address space 14 Sidharth D | sidharth363@gmail.com
  • 15. TRAP ● Invocation mechanism for resources managed by the kernel. ● System call trap implemented by machine-level TRAP instruction. Processor TRAP Supervisor mode 15 Sidharth D | sidharth363@gmail.com
  • 16. TRAP (contd.) ● On TRAP, hardware forces processor to execute a kernel – supplied handler function. ● Result : no process gains illicit control of the hardware. 16 Sidharth D | sidharth363@gmail.com
  • 17. Price for Protection User-level address space Simple procedure or method call Many processor cycles Kernel's address space TRAP 17 Sidharth D | sidharth363@gmail.com
  • 18. Winding Up... ● Resources require protection from illegitimate access. ● Principle of least privilege. ● Sources – malicious code, buggy code. ● Type-safe languages. ● Hardware support (kernel). ● Supervisor mode, privileged mode. ● User address space, kernel's address space. ● Price for protection. Sidharth D | sidharth363@gmail.com 18
  • 19. Reference [1] G. Coulouris, et. al., “Operating system support,” in Distributed Systems Concepts and Design, 4 th ed. Noida, India: Dorling Kindersley(India) Pvt. Ltd., 2009, ch. 6, sec. 3, pp. 210-211 19 Sidharth D | sidharth363@gmail.com
  • 20. Thank you... 20 Sidharth D | sidharth363@gmail.com