SlideShare a Scribd company logo

Protection in Operating System Layer

Sidharth D
Sidharth D

The document discusses protection in operating systems. It explains that resources require protection from illegitimate access to ensure only allowed processes can access objects. The principle of least privilege is discussed, where programs are given just enough privileges to perform tasks. Threats can come from malicious or buggy code. Protection is provided through type-safe languages, hardware support using a kernel, supervisor mode, address spaces, and traps invoked through system calls.

EducationTechnology
1 of 20
Download to read offline
PROTECTION IN OPERATING SYSTEMS DISTRIBUTED COMPUTING - SEMINAR 1 Sidharth D | sidharth363@gmail.com
What Protection is About? ● Resources require protection from illegitimate access. ● That is, ensure that each object is accessed correctly and only by those processes that are allowed to do so. 2 Sidharth D | sidharth363@gmail.com
Principle of Protection PRINCIPLE OF LEAST PRIVILEGE Programs, users and systems should be given just enough privileges to perform their tasks 3 Sidharth D | sidharth363@gmail.com
Sources of Threats MALICIOUS CODE BUGGY CODE 4 Sidharth D | sidharth363@gmail.com
How to tackle illegitimate access? Type – Safe Language Hardware Support 5 Sidharth D | sidharth363@gmail.com
What is a Type – Safe Language? ● Module A can access Module B only by using method calls provided by programmer of B. ● No pointers can be made up. ● A module cannot change another module's variables arbitrarily. 6 Sidharth D | sidharth363@gmail.com
Examples C Type-safe! C++ Non-type-safe! 7 Sidharth D | sidharth363@gmail.com
Protection by Hardware Support Modules can be protected from one another at the level of individual invocations. Made possible by : KERNEL 8 Sidharth D | sidharth363@gmail.com
Kernel ● Runs always ● Has complete access privileges for the physical resources. ● Makes sure that other codes run legitimately. 9 Sidharth D | sidharth363@gmail.com
Modes of Execution Kernel processes Supervisor mode (privileged) Other processes User mode (unprivileged) 10 Sidharth D | sidharth363@gmail.com
Use of Address Spaces ● Address space – collection of ranges of virtual memory locations assigned to each process. ● Kernel sets up address spaces. ● Each address space has defined access rights example: read-only, read-write etc. ● A process cannot access memory outside its address space. 11 Sidharth D | sidharth363@gmail.com
User Process ● Also called user–level process. ● Executes in user mode. ● Has user-level address space. implication Restricted Memory Access Rights 12 Sidharth D | sidharth363@gmail.com
Use of Address Spaces (contd.) Process Application code Kernel code User-level address space Kernel's address space 13 Sidharth D | sidharth363@gmail.com
Use of Address Spaces (contd.) User-level address space TRAP Kernel's address space 14 Sidharth D | sidharth363@gmail.com
TRAP ● Invocation mechanism for resources managed by the kernel. ● System call trap implemented by machine-level TRAP instruction. Processor TRAP Supervisor mode 15 Sidharth D | sidharth363@gmail.com
TRAP (contd.) ● On TRAP, hardware forces processor to execute a kernel – supplied handler function. ● Result : no process gains illicit control of the hardware. 16 Sidharth D | sidharth363@gmail.com
Price for Protection User-level address space Simple procedure or method call Many processor cycles Kernel's address space TRAP 17 Sidharth D | sidharth363@gmail.com
Winding Up... ● Resources require protection from illegitimate access. ● Principle of least privilege. ● Sources – malicious code, buggy code. ● Type-safe languages. ● Hardware support (kernel). ● Supervisor mode, privileged mode. ● User address space, kernel's address space. ● Price for protection. Sidharth D | sidharth363@gmail.com 18
Reference [1] G. Coulouris, et. al., “Operating system support,” in Distributed Systems Concepts and Design, 4 th ed. Noida, India: Dorling Kindersley(India) Pvt. Ltd., 2009, ch. 6, sec. 3, pp. 210-211 19 Sidharth D | sidharth363@gmail.com
Thank you... 20 Sidharth D | sidharth363@gmail.com

Recommended

Operating system support in distributed system
Operating system support in distributed systemOperating system support in distributed system
Operating system support in distributed system
ishapadhy
 
Design Goals of Distributed System
Design Goals of Distributed SystemDesign Goals of Distributed System
Design Goals of Distributed System
Ashish KC
 
Inter Process Communication
Inter Process CommunicationInter Process Communication
Inter Process Communication
Adeel Rasheed
 
MEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLMEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROL
junnubabu
 
Operating System-Ch8 memory management
Operating System-Ch8 memory managementOperating System-Ch8 memory management
Operating System-Ch8 memory management
Syaiful Ahdan
 
Os structure
Os structureOs structure
Os structureMohd Arif
 
Program security
Program securityProgram security
Program security
G Prachi
 
Chapter 6 os
Chapter 6 osChapter 6 os
Chapter 6 osAbDul ThaYyal
 

Recommended

Operating system support in distributed system
Operating system support in distributed systemOperating system support in distributed system
Operating system support in distributed system
ishapadhy
 
Design Goals of Distributed System
Design Goals of Distributed SystemDesign Goals of Distributed System
Design Goals of Distributed System
Ashish KC
 
Inter Process Communication
Inter Process CommunicationInter Process Communication
Inter Process Communication
Adeel Rasheed
 
MEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLMEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROL
junnubabu
 
Operating System-Ch8 memory management
Operating System-Ch8 memory managementOperating System-Ch8 memory management
Operating System-Ch8 memory management
Syaiful Ahdan
 
Os structure
Os structureOs structure
Os structureMohd Arif
 
Program security
Program securityProgram security
Program security
G Prachi
 
Chapter 6 os
Chapter 6 osChapter 6 os
Chapter 6 osAbDul ThaYyal
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed System
Sunita Sahu
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
Distributed objects & components of corba
Distributed objects & components of corbaDistributed objects & components of corba
Distributed objects & components of corbaMayuresh Wadekar
 
Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Ravindra Raju Kolahalam
 
data replication
data replicationdata replication
data replication
Hassanein Alwan
 
Parallel Programming
Parallel ProgrammingParallel Programming
Parallel ProgrammingUday Sharma
 
file system in operating system
file system in operating systemfile system in operating system
file system in operating systemtittuajay
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Lecture 3 threads
Lecture 3 threadsLecture 3 threads
Lecture 3 threads
Kumbirai Junior Muzavazi
 
Kernel I/O subsystem
Kernel I/O subsystemKernel I/O subsystem
Kernel I/O subsystem
AtiKa Bhatti
 
Dead Lock in operating system
Dead Lock in operating systemDead Lock in operating system
Dead Lock in operating system
Ali Haider
 
Replication in Distributed Systems
Replication in Distributed SystemsReplication in Distributed Systems
Replication in Distributed Systems
Kavya Barnadhya Hazarika
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure call
Sunita Sahu
 
Mac addresses(media access control)
Mac addresses(media access control)Mac addresses(media access control)
Mac addresses(media access control)Ismail Mukiibi
 
Coda file system
Coda file systemCoda file system
Coda file system
Sneh Pahilwani
 
File models and file accessing models
File models and file accessing modelsFile models and file accessing models
File models and file accessing models
ishmecse13
 
Inter-Process Communication in distributed systems
Inter-Process Communication in distributed systemsInter-Process Communication in distributed systems
Inter-Process Communication in distributed systems
Aya Mahmoud
 
Underlying principles of parallel and distributed computing
Underlying principles of parallel and distributed computingUnderlying principles of parallel and distributed computing
Underlying principles of parallel and distributed computing
GOVERNMENT COLLEGE OF ENGINEERING,TIRUNELVELI
 
remote procedure calls
remote procedure calls remote procedure calls
remote procedure callsAshish Kumar
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed system
Sunita Sahu
 
Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010
lincolng
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportAjit Gaddam
 

More Related Content

What's hot

Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed System
Sunita Sahu
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
Distributed objects & components of corba
Distributed objects & components of corbaDistributed objects & components of corba
Distributed objects & components of corbaMayuresh Wadekar
 
Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Ravindra Raju Kolahalam
 
data replication
data replicationdata replication
data replication
Hassanein Alwan
 
Parallel Programming
Parallel ProgrammingParallel Programming
Parallel ProgrammingUday Sharma
 
file system in operating system
file system in operating systemfile system in operating system
file system in operating systemtittuajay
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Lecture 3 threads
Lecture 3 threadsLecture 3 threads
Lecture 3 threads
Kumbirai Junior Muzavazi
 
Kernel I/O subsystem
Kernel I/O subsystemKernel I/O subsystem
Kernel I/O subsystem
AtiKa Bhatti
 
Dead Lock in operating system
Dead Lock in operating systemDead Lock in operating system
Dead Lock in operating system
Ali Haider
 
Replication in Distributed Systems
Replication in Distributed SystemsReplication in Distributed Systems
Replication in Distributed Systems
Kavya Barnadhya Hazarika
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure call
Sunita Sahu
 
Mac addresses(media access control)
Mac addresses(media access control)Mac addresses(media access control)
Mac addresses(media access control)Ismail Mukiibi
 
Coda file system
Coda file systemCoda file system
Coda file system
Sneh Pahilwani
 
File models and file accessing models
File models and file accessing modelsFile models and file accessing models
File models and file accessing models
ishmecse13
 
Inter-Process Communication in distributed systems
Inter-Process Communication in distributed systemsInter-Process Communication in distributed systems
Inter-Process Communication in distributed systems
Aya Mahmoud
 
Underlying principles of parallel and distributed computing
Underlying principles of parallel and distributed computingUnderlying principles of parallel and distributed computing
Underlying principles of parallel and distributed computing
GOVERNMENT COLLEGE OF ENGINEERING,TIRUNELVELI
 
remote procedure calls
remote procedure calls remote procedure calls
remote procedure callsAshish Kumar
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed system
Sunita Sahu
 

What's hot (20)

Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed System
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Distributed objects & components of corba
Distributed objects & components of corbaDistributed objects & components of corba
Distributed objects & components of corba
 
Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]Inter Process Communication Presentation[1]
Inter Process Communication Presentation[1]
 
data replication
data replicationdata replication
data replication
 
Parallel Programming
Parallel ProgrammingParallel Programming
Parallel Programming
 
file system in operating system
file system in operating systemfile system in operating system
file system in operating system
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Lecture 3 threads
Lecture 3 threadsLecture 3 threads
Lecture 3 threads
 
Kernel I/O subsystem
Kernel I/O subsystemKernel I/O subsystem
Kernel I/O subsystem
 
Dead Lock in operating system
Dead Lock in operating systemDead Lock in operating system
Dead Lock in operating system
 
Replication in Distributed Systems
Replication in Distributed SystemsReplication in Distributed Systems
Replication in Distributed Systems
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure call
 
Mac addresses(media access control)
Mac addresses(media access control)Mac addresses(media access control)
Mac addresses(media access control)
 
Coda file system
Coda file systemCoda file system
Coda file system
 
File models and file accessing models
File models and file accessing modelsFile models and file accessing models
File models and file accessing models
 
Inter-Process Communication in distributed systems
Inter-Process Communication in distributed systemsInter-Process Communication in distributed systems
Inter-Process Communication in distributed systems
 
Underlying principles of parallel and distributed computing
Underlying principles of parallel and distributed computingUnderlying principles of parallel and distributed computing
Underlying principles of parallel and distributed computing
 
remote procedure calls
remote procedure calls remote procedure calls
remote procedure calls
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed system
 

Viewers also liked

Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010
lincolng
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportAjit Gaddam
 
Jaundice
Jaundice Jaundice
Jaundice
Jayesh Naik
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Jayesh Naik
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
Security Session
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Introduction To Linux Security
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux Security
Michael Boman
 
Security Configuration Management for Dummies
Security Configuration Management for DummiesSecurity Configuration Management for Dummies
Security Configuration Management for Dummies
Tripwire
 
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?
Michael Boelen
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyone
Anne Nicolas
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Anne Nicolas
 
SELinux basics
SELinux basicsSELinux basics
SELinux basics
Lubomir Rintel
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Securitypankaj009
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
Shawn Wells
 
Linux Security Scanning with Lynis
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with Lynis
Michael Boelen
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
Michael Boelen
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for Developers
Michael Boelen
 
Linux Security, from Concept to Tooling
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to Tooling
Michael Boelen
 

Viewers also liked (20)

Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010Unitrends Sales Presentation 2010
Unitrends Sales Presentation 2010
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability report
 
Jaundice
Jaundice Jaundice
Jaundice
 
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
Application hardening, Secure Socket Layer(SSL) & Secure Electronic Transacti...
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
Introduction To Linux Security
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux Security
 
Security Configuration Management for Dummies
Security Configuration Management for DummiesSecurity Configuration Management for Dummies
Security Configuration Management for Dummies
 
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyone
 
Linux Security
Linux SecurityLinux Security
Linux Security
 
Threats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in LinuxThreats, Vulnerabilities & Security measures in Linux
Threats, Vulnerabilities & Security measures in Linux
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
 
SELinux basics
SELinux basicsSELinux basics
SELinux basics
 
Basic Linux Security
Basic Linux SecurityBasic Linux Security
Basic Linux Security
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
 
Linux Security Scanning with Lynis
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with Lynis
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for Developers
 
Linux Security, from Concept to Tooling
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to Tooling
 

Similar to Protection in Operating System Layer

8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix
Jorge Orchilles
 
Layers, ports and adapters
Layers, ports and adaptersLayers, ports and adapters
Layers, ports and adapters
Matthias Noback
 
Leave me alone; app level protection against runtime information gathering on...
Leave me alone; app level protection against runtime information gathering on...Leave me alone; app level protection against runtime information gathering on...
Leave me alone; app level protection against runtime information gathering on...
Joon Young Park
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
Aditya K Sood
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?
APIsecure_ Official
 
Cassandra Lunch #90: Securing Apache Cassandra
Cassandra Lunch #90: Securing Apache CassandraCassandra Lunch #90: Securing Apache Cassandra
Cassandra Lunch #90: Securing Apache Cassandra
Anant Corporation
 
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerDEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
Jorge Orchilles
 
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyLooking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad Savitsky
Vlad Savitsky
 
The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)
Ron Munitz
 
PAI Unit 2 Protection in 80386 segmentation
PAI Unit 2 Protection in 80386 segmentationPAI Unit 2 Protection in 80386 segmentation
PAI Unit 2 Protection in 80386 segmentation
KanchanPatil34
 
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
Ron Munitz
 
Analyzing RDP traffc with Bro
Analyzing RDP traffc with BroAnalyzing RDP traffc with Bro
Analyzing RDP traffc with Bro
Josh Liburdi
 
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Codemotion
 
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
Ron Munitz
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel Hacking
Develer S.r.l.
 
Automotive Grade Linux and systemd
Automotive Grade Linux and systemdAutomotive Grade Linux and systemd
Automotive Grade Linux and systemd
Alison Chaiken
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating system
Abdullah Khosa
 
Android Security, From the Ground Up
Android Security, From the Ground UpAndroid Security, From the Ground Up
Android Security, From the Ground Up
Opersys inc.
 
COM Hijacking Techniques - Derbycon 2019
COM Hijacking Techniques - Derbycon 2019COM Hijacking Techniques - Derbycon 2019
COM Hijacking Techniques - Derbycon 2019
David Tulis
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
Sander Alberink
 

Similar to Protection in Operating System Layer (20)

8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix8.8 Las Vegas - Adversary Emulation con C2 Matrix
8.8 Las Vegas - Adversary Emulation con C2 Matrix
 
Layers, ports and adapters
Layers, ports and adaptersLayers, ports and adapters
Layers, ports and adapters
 
Leave me alone; app level protection against runtime information gathering on...
Leave me alone; app level protection against runtime information gathering on...Leave me alone; app level protection against runtime information gathering on...
Leave me alone; app level protection against runtime information gathering on...
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?2022 APIsecure_Are your APIs Rugged Enough?
2022 APIsecure_Are your APIs Rugged Enough?
 
Cassandra Lunch #90: Securing Apache Cassandra
Cassandra Lunch #90: Securing Apache CassandraCassandra Lunch #90: Securing Apache Cassandra
Cassandra Lunch #90: Securing Apache Cassandra
 
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLockerDEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
DEFCON Safe Mode - Red Team Village - Emulating Evil Corp and WastedLocker
 
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyLooking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad Savitsky
 
The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)
 
PAI Unit 2 Protection in 80386 segmentation
PAI Unit 2 Protection in 80386 segmentationPAI Unit 2 Protection in 80386 segmentation
PAI Unit 2 Protection in 80386 segmentation
 
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
 
Analyzing RDP traffc with Bro
Analyzing RDP traffc with BroAnalyzing RDP traffc with Bro
Analyzing RDP traffc with Bro
 
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
 
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel Hacking
 
Automotive Grade Linux and systemd
Automotive Grade Linux and systemdAutomotive Grade Linux and systemd
Automotive Grade Linux and systemd
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating system
 
Android Security, From the Ground Up
Android Security, From the Ground UpAndroid Security, From the Ground Up
Android Security, From the Ground Up
 
COM Hijacking Techniques - Derbycon 2019
COM Hijacking Techniques - Derbycon 2019COM Hijacking Techniques - Derbycon 2019
COM Hijacking Techniques - Derbycon 2019
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
 

Recently uploaded

Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
deeptiverma2406
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
Mohammed Sikander
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
Krisztián Száraz
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
The Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptxThe Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptx
DhatriParmar
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Atul Kumar Singh
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 

Recently uploaded (20)

Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
The Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptxThe Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptx
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 

Protection in Operating System Layer

  • 1. PROTECTION IN OPERATING SYSTEMS DISTRIBUTED COMPUTING - SEMINAR 1 Sidharth D | sidharth363@gmail.com
  • 2. What Protection is About? ● Resources require protection from illegitimate access. ● That is, ensure that each object is accessed correctly and only by those processes that are allowed to do so. 2 Sidharth D | sidharth363@gmail.com
  • 3. Principle of Protection PRINCIPLE OF LEAST PRIVILEGE Programs, users and systems should be given just enough privileges to perform their tasks 3 Sidharth D | sidharth363@gmail.com
  • 4. Sources of Threats MALICIOUS CODE BUGGY CODE 4 Sidharth D | sidharth363@gmail.com
  • 5. How to tackle illegitimate access? Type – Safe Language Hardware Support 5 Sidharth D | sidharth363@gmail.com
  • 6. What is a Type – Safe Language? ● Module A can access Module B only by using method calls provided by programmer of B. ● No pointers can be made up. ● A module cannot change another module's variables arbitrarily. 6 Sidharth D | sidharth363@gmail.com
  • 8. Protection by Hardware Support Modules can be protected from one another at the level of individual invocations. Made possible by : KERNEL 8 Sidharth D | sidharth363@gmail.com
  • 9. Kernel ● Runs always ● Has complete access privileges for the physical resources. ● Makes sure that other codes run legitimately. 9 Sidharth D | sidharth363@gmail.com
  • 10. Modes of Execution Kernel processes Supervisor mode (privileged) Other processes User mode (unprivileged) 10 Sidharth D | sidharth363@gmail.com
  • 11. Use of Address Spaces ● Address space – collection of ranges of virtual memory locations assigned to each process. ● Kernel sets up address spaces. ● Each address space has defined access rights example: read-only, read-write etc. ● A process cannot access memory outside its address space. 11 Sidharth D | sidharth363@gmail.com
  • 12. User Process ● Also called user–level process. ● Executes in user mode. ● Has user-level address space. implication Restricted Memory Access Rights 12 Sidharth D | sidharth363@gmail.com
  • 13. Use of Address Spaces (contd.) Process Application code Kernel code User-level address space Kernel's address space 13 Sidharth D | sidharth363@gmail.com
  • 14. Use of Address Spaces (contd.) User-level address space TRAP Kernel's address space 14 Sidharth D | sidharth363@gmail.com
  • 15. TRAP ● Invocation mechanism for resources managed by the kernel. ● System call trap implemented by machine-level TRAP instruction. Processor TRAP Supervisor mode 15 Sidharth D | sidharth363@gmail.com
  • 16. TRAP (contd.) ● On TRAP, hardware forces processor to execute a kernel – supplied handler function. ● Result : no process gains illicit control of the hardware. 16 Sidharth D | sidharth363@gmail.com
  • 17. Price for Protection User-level address space Simple procedure or method call Many processor cycles Kernel's address space TRAP 17 Sidharth D | sidharth363@gmail.com
  • 18. Winding Up... ● Resources require protection from illegitimate access. ● Principle of least privilege. ● Sources – malicious code, buggy code. ● Type-safe languages. ● Hardware support (kernel). ● Supervisor mode, privileged mode. ● User address space, kernel's address space. ● Price for protection. Sidharth D | sidharth363@gmail.com 18
  • 19. Reference [1] G. Coulouris, et. al., “Operating system support,” in Distributed Systems Concepts and Design, 4 th ed. Noida, India: Dorling Kindersley(India) Pvt. Ltd., 2009, ch. 6, sec. 3, pp. 210-211 19 Sidharth D | sidharth363@gmail.com
  • 20. Thank you... 20 Sidharth D | sidharth363@gmail.com