I/O Protection  User process may accidentally or purposefully attempt to disrupt normal operation via illegal I/O instructions All I/O instructions defined to be privileged I/O must be performed via system calls  Memory-mapped and I/O port memory locations must be protected too Operating System Concepts with Java – 8th Edition 12.46 Silberschatz, Galvin and Gagne ©2009
View full slide show




I/O Protection  User process may accidentally or purposefully attempt to disrupt normal operation via illegal I/O instructions  All I/O instructions defined to be privileged  I/O must be performed via system calls  Memory-mapped and I/O port memory locations must be protected too Operating System Concepts – 8th Edition 13.26 Silberschatz, Galvin and Gagne ©2009
View full slide show




I/O Protection  User process may accidentally or purposefully attempt to disrupt normal operation via illegal I/O instructions  All I/O instructions defined to be privileged  I/O must be performed via system calls  Memory-mapped and I/O port memory locations must be protected too Operating System Concepts – 9th Edition 13.31 Silberschatz, Galvin and Gagne ©2013
View full slide show




Information Security Student Assessment of Exploits 1 Below is a list of attempts to open a session based on defaults of the system. Sometimes the passwords are easy to guess, and other times they have no passwords (i.e. guest; attempts to hit defaults; dictionary attacks running through a list of common words. This approach might work when passwords are not changed from defaults, making it sometimes easy to break into a system. If you look below, there are some users like FTP, Oracle, Tomcat, ID Linux, Internet, etc which usually indicate server names that connect to other servers. These names are the ID’s that defaulted by many systems (like Oracle’s Database) that connect to a main server, and the password provided could be a default to try to break in. Apr  9 14:32:12 vm-ljsst8 sshd[17365]: Illegal user info from 125.248.144.98 Apr  9 14:32:14 vm-ljsst8 sshd[17367]: Illegal user ftp from 125.248.144.98 Apr  9 14:32:16 vm-ljsst8 sshd[17369]: Illegal user httpd from 125.248.144.98 Apr  9 14:32:18 vm-ljsst8 sshd[17371]: Illegal user dany from 125.248.144.98 Apr  9 14:32:20 vm-ljsst8 sshd[17373]: Illegal user susan from 125.248.144.98 Apr  9 14:32:22 vm-ljsst8 sshd[17375]: Illegal user oracle from 125.248.144.98 Apr  9 14:32:24 vm-ljsst8 sshd[17377]: Illegal user tomcat from 125.248.144.98 Apr  9 14:32:28 vm-ljsst8 sshd[17381]: Illegal user id from 125.248.144.98 Apr  9 14:32:30 vm-ljsst8 sshd[17383]: Illegal user sgi from 125.248.144.98 Apr  9 14:32:32 vm-ljsst8 sshd[17385]: Illegal user postgres from 125.248.144.98 Apr  9 14:32:34 vm-ljsst8 sshd[17387]: Illegal user flowers from 125.248.144.98 Apr  9 14:32:36 vm-ljsst8 sshd[17389]: Illegal user linux from 125.248.144.98 Apr  9 14:32:37 vm-ljsst8 sshd[17391]: Illegal user internet from 125.248.144.98 Apr  9 14:32:39 vm-ljsst8 sshd[17393]: Illegal user server from 125.248.144.98 Apr  9 14:32:41 vm-ljsst8 sshd[17395]: Illegal user nokia from 125.248.144.98 11
View full slide show




C:\UMBC\331\java> java.ext.dirs=C:\JDK1.2\JRE\lib\ext java.io.tmpdir=C:\WINDOWS\TEMP\ os.name=Windows 95 java.vendor=Sun Microsystems Inc. java.awt.printerjob=sun.awt.windows.WPrinterJob java.library.path=C:\JDK1.2\BIN;.;C:\WINDOWS\SYSTEM;C:\... java.vm.specification.vendor=Sun Microsystems Inc. sun.io.unicode.encoding=UnicodeLittle file.encoding=Cp1252 java.specification.vendor=Sun Microsystems Inc. user.language=en user.name=nicholas java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport... java.vm.name=Classic VM java.class.version=46.0 java.vm.specification.name=Java Virtual Machine Specification sun.boot.library.path=C:\JDK1.2\JRE\bin os.version=4.10 java.vm.version=1.2 java.vm.info=build JDK-1.2-V, native threads, symcjit java.compiler=symcjit path.separator=; file.separator=\ user.dir=C:\UMBC\331\java sun.boot.class.path=C:\JDK1.2\JRE\lib\rt.jar;C:\JDK1.2\JR... user.name=nicholas user.home=C:\WINDOWS C:\UMBC\331\java>java envSnoop -- listing properties -java.specification.name=Java Platform API Specification awt.toolkit=sun.awt.windows.WToolkit java.version=1.2 java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment user.timezone=America/New_York java.specification.version=1.2 java.vm.vendor=Sun Microsystems Inc. user.home=C:\WINDOWS java.vm.specification.version=1.0 os.arch=x86 java.awt.fonts= java.vendor.url=http://java.sun.com/ user.region=US file.encoding.pkg=sun.io java.home=C:\JDK1.2\JRE java.class.path=C:\Program Files\PhotoDeluxe 2.0\Adob... line.separator=
View full slide show




Using Interview Results To Construct Personas Step 2: Map interview subjects to behavioral variables User 8 Place each interviewee variable’s range of values. User 7 within each User User 3 Variable 1: Frequency of photo-taking (in photos/month) User 5 0 Variable 2: Frequency of photo- Never viewing Variable 3: User 9 Frequency of photoNever sharing 1 2 3 4 User User 4 10 7 User 2 User Rarely User 8 User 1 Rarely Variable 4: Photo User 8 User 4 CS 321 organization Lesson Six strategy Unorganized Date Only Personas Page 7 User 6 User 9 10 1 User 4 User User 6 Occasionally User 3 User 2 Occasionally User 7 User 2 User 1 Date & Site 5 User 2 6 User 8 User 3 User 1 7 User 9 Frequently User 7 User 5 User 4 8+ Daily User User 10 6 Frequently Daily User User 10 3 User 9 User 6 User 5 Date & Person All 3
View full slide show




Using Interview Results To Construct Personas Step 3: Identify significant behavior patterns Look for sets of subjects who cluster in several Users 1, 4, & 7 variables. User take few User User pictures and are Variable 1: User User User User User 7 10 Frequency of pretty average 9 5 4 1 6 photo-taking in viewing, 0 1 2 3 4 5 6 7 (in sharing, and User photos/mont Users 5&6 organizing. User User User 8 h) share photos 10 User 4 User User User 3 rather heavily Variable 7 2 6 1 and want 2: Rarel Occasionall Frequentl maximum Frequency Never y y Usery organization. of photoUsers 2 & 3 are User User User User 7 viewing User heavy photo 3 5 Variable User User User User 8 10 9 takers, but only 3: 1 2 4 6 average when it Frequency Never Rarel Occasionall Frequentl comes to of photoy y y User viewing, sharing User 7 User Variable 4: sharing, and User User User 2 User 10 Photo CS 321 organizing. 4 1 3 organizatio 8 Lesson Six Personas n strategyUnorganize Date Only Date & Site Date & Page 8 d Person User 8 User 3 2 8 + User 9 Daily Daily User User 9 User 6 5 All 3
View full slide show




Memory-Mapped File Technique for all I/O  Some OSes uses memory mapped files for standard I/O  Process can explicitly request memory mapping a file via mmap() system call   Now file mapped into process address space For standard I/O (open(), read(), write(), close()), mmap anyway  But map file into kernel address space  Process still does read() and write()   Copies data to and from kernel space and user space Uses efficient memory management subsystem  Avoids needing separate subsystem  COW can be used for read/write non-shared pages  Memory mapped files can be used for shared memory (although again via separate system calls) Operating System Concepts Essentials – 8th Edition 8.60 Silberschatz, Galvin and Gagne ©2011
View full slide show




Memory-Mapped File Technique for all I/O  Some OSes uses memory mapped files for standard I/O  Process can explicitly request memory mapping a file via mmap() system call   Now file mapped into process address space For standard I/O (open(), read(), write(), close()), mmap anyway  But map file into kernel address space  Process still does read() and write()   Copies data to and from kernel space and user space Uses efficient memory management subsystem  Avoids needing separate subsystem  COW can be used for read/write non-shared pages  Memory mapped files can be used for shared memory (although again via separate system calls) Operating System Concepts – 9th Edition 9.58 Silberschatz, Galvin and Gagne ©2013
View full slide show




Example spoof Web exploits (the count listed first) 10 WEB-PHP xmlrpc.php post attempt 131.178.5.110 10 WEB-PHP xmlrpc.php post attempt 132.248.103.108 10 WEB-PHP xmlrpc.php post attempt 151.36.102.85 10 WEB-PHP xmlrpc.php post attempt 159.148.132.143 10 WEB-PHP xmlrpc.php post attempt 193.230.177.34 10 WEB-PHP xmlrpc.php post attempt 195.250.24.66 10 WEB-PHP xmlrpc.php post attempt 195.5.12.239 12 WEB-PHP xmlrpc.php post attempt 200.29.167.105 10 WEB-PHP xmlrpc.php post attempt 200.93.229.210 10 WEB-PHP xmlrpc.php post attempt 201.144.178.179 10 WEB-PHP xmlrpc.php post attempt 201.15.239.10 10 WEB-PHP xmlrpc.php post attempt 201.18.137.170 10 WEB-PHP xmlrpc.php post attempt 202.107.204.207 10 WEB-PHP xmlrpc.php post attempt 202.108.248.58
View full slide show




Chapter 2: Operating-System Structures  Operating System Services  User Operating System Interface  System Calls  Types of System Calls  System Programs  Operating System Design and Implementation  Operating System Structure  Virtual Machines  Operating System Debugging  Operating System Generation  System Boot Operating System Concepts – 8th Edition 2.2 Silberschatz, Galvin and Gagne ©2009
View full slide show




Chapter 2: Operating-System Structures  Operating System Services  User Operating System Interface  System Calls  Types of System Calls  System Programs  Operating System Design and Implementation  Operating System Structure  Virtual Machines  Operating System Debugging  Operating System Generation  System Boot Operating System Concepts – 8th Edition 2.2 Silberschatz, Galvin and Gagne ©2009
View full slide show




Protection in Java 2  Protection is handled by the Java Virtual Machine (JVM)  A class is assigned a protection domain when it is loaded by the JVM.  The protection domain indicates what operations the class can (and cannot) perform.  If a library method is invoked that performs a privileged operation, the stack is inspected to ensure the operation can be performed by the library.  Note that you need to trust the stack! Operating System Concepts – 8th Edition 14.18 Silberschatz, Galvin and Gagne ©2009
View full slide show




I/O Protection  The I/O system must protect against either accidental or deliberate erroneous I/O.  All I/O instructions are privileged instructions.  User applications are not allowed to perform I/O in user mode - All I/O requests are handled through system calls that must be performed in kernel mode. Operating System Concepts with Java – 8th Edition 1.43 Silberschatz, Galvin and Gagne ©2009
View full slide show




Operating-System Operations  Interrupt driven by hardware  Software error or request creates exception or trap  Division by zero, request for operating system service  Other process problems include infinite loop, processes modifying each other or the operating system  Dual-mode operation allows OS to protect itself and other system components  User mode and kernel mode  Mode bit provided by hardware  Provides ability to distinguish when system is running user code or kernel code  Some instructions designated as privileged, only executable in kernel mode  System call changes mode to kernel, return from call resets it to user Operating System Concepts with Java – 8th Edition 1.30 Silberschatz, Galvin and Gagne ©2009
View full slide show




Chapter 2: Operating-System Structures  Operating System Services  User Operating System Interface  System Calls  Types of System Calls  System Programs  Operating System Design and Implementation  Operating System Structure  Virtual Machines  Operating System Debugging  Operating System Generation  System Boot Operating System Concepts Essentials – 8th Edition 2.2 Silberschatz, Galvin and Gagne ©2011
View full slide show




Contiguous Allocation (Cont)  Multiple-partition allocation  To allocate available memory to various processes waiting to be brought into memory  Hole – block of available memory; holes of various size are scattered throughout memory  When a process arrives, it is allocated memory from a hole large enough to accommodate it  Operating system maintains information in a table about: a) allocated partitions b) free partitions (hole) OS OS OS OS process 5 process 5 process 5 process 5 process 9 process 9 process 8 process 2 process 10 process 2 Operating System Concepts with Java – 8th Edition process 2 8.19 process 2 Silberschatz, Galvin and Gagne ©2009
View full slide show




Operating System Services (Cont.)  Another set of OS functions exists for ensuring the efficient operation of the system itself via resource sharing  Resource allocation - When multiple users or multiple jobs running concurrently, resources must be allocated to each of them  Many types of resources - Some (such as CPU cycles, main memory, and file storage) may have special allocation code, others (such as I/O devices) may have general request and release code  Accounting - To keep track of which users use how much and what kinds of computer resources  Protection and security - The owners of information stored in a multiuser or networked computer system may want to control use of that information, concurrent processes should not interfere with each other  Protection involves ensuring that all access to system resources is controlled  Security of the system from outsiders requires user authentication, extends to defending external I/O devices from invalid access attempts  If a system is to be protected and secure, precautions must be instituted throughout it. A chain is only as strong as its weakest link. Operating System Concepts – 8th Edition 2.6 Silberschatz, Galvin and Gagne ©2009
View full slide show




Operating System Services (Cont)  Another set of OS functions exists for ensuring the efficient operation of the system itself via resource sharing  Resource allocation - When multiple users or multiple jobs running concurrently, resources must be allocated to each of them  Many types of resources - Some (such as CPU cycles, main memory, and file storage) may have special allocation code, others (such as I/O devices) may have general request and release code  Accounting - To keep track of which users use how much and what kinds of computer resources  Protection and security - The owners of information stored in a multiuser or networked computer system may want to control use of that information, concurrent processes should not interfere with each other  Protection involves ensuring that all access to system resources is controlled  Security of the system from outsiders requires user authentication, extends to defending external I/O devices from invalid access attempts  If a system is to be protected and secure, precautions must be instituted throughout it. A chain is only as strong as its weakest link. Operating System Concepts – 8th Edition 2.7 Silberschatz, Galvin and Gagne ©2009
View full slide show




Operating-System Operations Interrupt driven by hardware  Software error or request creates exception or trap  Division by zero, request for operating system service  Other process problems include infinite loop, processes modifying each other or the operating system  Dual-mode operation allows OS to protect itself and other system components  User mode and kernel mode  Mode bit provided by hardware  Provides ability to distinguish when system is running user code or kernel code  Some instructions designated as privileged, only executable in kernel mode  System call changes mode to kernel, return from call resets it to user  Operating System Concepts – 8th Edition 1.28 Silberschatz, Galvin and Gagne ©2009
View full slide show