View on GitHub

os202

OS202

HOME


Top 10 List of Week 02

  1. Program Threats
    Program threats, by themselves, pose serious security risks. Most non-program security events have as their goal causing a program threat. Processes, along with the kernel, are the only means of accomplishing work on a computer. That’s why writing a program that creates a breach of security or causing a normal process to change behavior and create a breach is a common goal of attacker. Common methods by which program cause security breaches are Malware, Code-Injection, Viruses and Worms, etc.

  2. System and Network Threats
    The more open an operating system is, the more services it has enambled. The more functions it allows, the more likely it is that bug is available to exploit it. To read more about it, please check OSC book in the link attached. Also, I found an interesting case related to system and network threats, this article shows a real case of a team mitigating a Denial of Service. Please kindly read!

  3. Encryption VS Hashing
    Encryption is a two-way function, is encrypted can be decrypted with the proper key. Hashing is a one-way function that scrambles plain text to produce a unique message digest.

  4. Cryptography as a Security Tool
    Methods of preventing or detecting security incidents include an up-to-date security policy, intrusion-detection system, antivirus software, auditing and logging system of events, system-call monitoring, code signing, sandboxing, and firewalls.

  5. Security Defense Sumarrized
    Applying appropriate layers of defense can keep system safe from all but the most persistent attackers. The layers of defense may include educate users about safe computing and prevent phishing attack, use secure communication, physically protect computer’s hardware, and 12 more. Read more in OSC book page 661 or in the link attached!

  6. Goals of Protection
    We need to provide protection because of the need to prevent mischievous, intentional violation of an access restriction by a user. Also, because of the need to ensure that each object is accessed correctly and only by those processes that are allowed to do so.

  7. Principles of Protection
    A key, time-testes guiding principle for protection is principle of least privilege. The principle of least privilege are defined permissions()static or dynamic), compartmentalization, audit trail, and defense in depth. For more explanation please read OSC book part 17.2.

  8. Protection Rings: ARM Architechture in Real Life
    The main component of modern OS is the kernel, which manages access to system resources and hardware. The kernel, by definition, is a trusted and privileged component and therefore must run with a higher level of privileges than user processes. To carry out this privilege separation, hardware support is required. Indeed, all modern hardware supports the notion of separate execution levels, though implementations vary somewhat. A popular model of privilege is that of protection rings. Click the link attached to read ARM architechture in real life.

  9. Access Matrix
    Access matrix is the general model of protection can be viewed as a matrix. The rows of the access matrix represent domains, and the column represent objects. Each entry in the matrix consists of a set of access right, because the column defines objects explicitly. The entry access (i,j) defines the set of operations that a process executing in domain Di can invoke on object Ij.

  10. Implementation of The Access Matrix
    Matrix can be implemented effectively with global table, access list for objects, capability lists for domains, a lock-key mechanism, and comparison. To understand the details of each implementation method, please read more in OSC book part 17.6.