6 OS Layered Design Subprocesses of User Processes User processes Compilers, Database Managers Utility Functions File Systems, Device Allocation rating System Scheduling Sharing, Memory Management Synchronization, Allocation Operating System Security Functions Kernel Security Kernel Hardware From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
OS Layered Design 6 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
7 Functions Spanning Layers Trusted User Authentication module nterface Mo Authentication Data Comparison Code ∧ authentication From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Functions Spanning Layers 7 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
8 Modular OS Design Users Users ers Users User mode User interface Se ec File ObjectA/V Net ack p Shell System Services Interface 1O Time Synch Memory Comm Primitive services Microkernel Kermel Mode drivers Hardware Interface and Abstraction Hardware From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Modular OS Design 8 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
9 Virtualization With virtualization the os presents each user with just the resources that user should see The user has access to a virtual machine(VM), which contains those resources The user cannot access resources that are available to the os but exist outside the vm A hypervisor, or VM monitor, is the software that implements a vm Translates access requests between the VM and the Os Can support multiple OSs in VMs simultaneously Honeypot: A VM meant to lure an attacker into an environment that can be both controlled and monitored From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Virtualization • With virtualization, the OS presents each user with just the resources that user should see • The user has access to a virtual machine (VM), which contains those resources • The user cannot access resources that are available to the OS but exist outside the VM • A hypervisor, or VM monitor, is the software that implements a VM • Translates access requests between the VM and the OS • Can support multiple OSs in VMs simultaneously • Honeypot: A VM meant to lure an attacker into an environment that can be both controlled and monitored 9 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved
Separation and Sharing Methods of separation Physical Temporal Logical Cryptographic Methods of supporting separation/sharing Do not protect Isolate Share all or share nothing Share but limit access Limit use of an object From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
Separation and Sharing • Methods of separation: • Physical • Temporal • Logical • Cryptographic • Methods of supporting separation/sharing: • Do not protect • Isolate • Share all or share nothing • Share but limit access • Limit use of an object 10 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved