Recent Changes - Search:

Instructor

  • who: Michael Swift
  • where: Room 7369
  • when: Monday 11-12, Thursday 1:30-2:30
  • email: swift 'at' cs.wisc.edu
  • TAs

Lecture:

HomePage

Resources

edit SideBar

Lectures /

AdvancedOSReview

  1. Unix operating systems rely on the setuid bit in file systems to run programs as the owner of the file rather than the user that invoked the program. Windows instead uses processes that run continuously as a user, and users can send requests to this process to do privileged operations.
    1. What is the key differences between these two approaches?
    2. Which one is more secure, and why?
  2. In Unix, a process can change between the UID/GID assigned to a setuid program and the UID/GID of the user that invoked the program. In Windows, a thread can switch between the UID/GIDs of the process itself and of clients making requests of the process.
    1. Suppose you have a privileged process in Windows accepting requests form ordinary users. How do you drop privileges?
    2. Why does Unix only have an effective UID/GID per process while Windows has one per thread?
  3. Time-of-check-to-time-of-use bugs
    1. The following code has a tocctou bug. Explain the bug and give fixed code: 
    int sys_open(char * filename, int flags) {
       int namelen = strlen(filename);
       if (namelen > MAX_FILE_NAME_LEN) {
           return(ERR_NAME_TOO_LONG);
       }
       char * name = malloc(namelen + 1);
       if (name == NULL) {
           return(ERR_OUT_OF_MEMORY);
       }
       strcpy(name, filename);
       do_file_open(name, flags);
    }
  1. Confinement
    1. What are the operating systems resources that must be protected if you want to prevent a confined process from leaking data through regular (non-covert) channels?
    2. Suppose I create a “low privilege” account for myself: swift.low, and run untrusted code setuid swift.low: 
       -rwsr-xr-x  swift.low swift.low /Users/swift/bad-program
  1. What protection does this offer me compared to running programs normally?
  1. Delegation
    1. In Unix systems, a setuid program handles delegation for a single user: the user invoking the program. In Windows, a privileged process can handle requests from multiple users simultaneously on different threads. Does the Windows model introduce any new security risks?
    2. Both Windows and Linux allow a process using delegation to switch identities between the privileged and unprivileged user. When should the process use each user?
  2. Multi-level security
    1. Design a system of categories and levels useful within a department at a university with classes, instructors, students, TAs, and a department chair. What should the levels be, and what should the categories be? What clearance should each kind of person get, and what should the category be on different kinds of data?
    2. For these data items, explain whether you are more concerned about privacy or integrity:
      1. Exam solution key
      2. Student exams
      3. Student grades
      4. Course web page
Edit - History - Print - Recent Changes - Search
Page last modified on February 26, 2019, at 06:51 PM