Lecture 4 -17082009-

Today's lecture is about Operating System Security. 

Operating systems provide the fundamental mechanisms for securing computer processing. Recently, the importance of ensuring security of operating system is increasingly obvious.

The  items in operating system that need protection are memory, sharable I/O devices, serially reusable I/O devices, sharable programs and sub procedures, and sharable data.

The most fundamental security issue for modern operating systems is SEPARATION. The operating system must keep users separate from each other as well as separating individual process. Separation can be done in several way include physical separation, temporal separation, logical separation and cryptographic separation. Physical separation is done where users are restricted to separate devices. This provides a strong form of separation, but it is often impractical. Temporal separation can be enforced where processes execute one at a time. This eliminates many problems that arise due to concurrency and simplify the job of the operating system. Logical separation can be implemented through sandboxing, where each process has its own sandbox. A process is free to do almost anything within its sandbox, but it’s highly restricted as to what it can do outside of its sandbox. Cryptographic separation can be used to make information unintelligible to an outsider. Various combinations of these separation methods can be used as well.

 

The second fundamental issue of Operating System is memory protection which En.Mohd Zaki put major focuses on this issue. Memory protection is protection for the memory that the Operating System itself uses as well as the memory of user processes. There are several method used for memory protection include fence, relocation, base/bound registers, tagged architecture, segmentation, paging and paging combined with segmentation.

 

Fence is introduced in single-user OS. A fence is a particular address that users and their processes cannot cross, only the OS can operate on one side of the fence, and users are restricted to the other side. A fence could be static in which case there is a fixed fence address. A major drawback to this approach is that it places a strict limit on the size of the OS. An alternative is dynamic fences which can be implemented using a fence register to specify the current fence address.

 

On the other hand, relocation is important in a multi-user OS environment. The process of relocation is taking a program written as if it begins at address 0 and changing all addresses to reflect the actual address at which the program is located.

Then, we come to Base/Bound Registers. Base registers also known as Variable fence register. These registers contain the lower and upper address limits of a particular user (or process) space. All address is offset from the base registers. It only provide a lower bound ( a starting address) but not an upper bound. To overcome this problem, second registers called Bound register which is an upper address limit is added.

 

The following is the tagged architecture. This is a way to solve the problem in base/bounds register. By using Tag Architecture, every word of machine memory has one or more extra bits to identify the access right to that word. However, there are problems with tagged architecture which is code compatibility and locked into convention despite low cost of memory.

 

The most common methods of memory protection are segmentation and paging. Segmentation divides the memory into logical units, such as individual procedures or the data in one array. Different access control can be enforced on different segments. Properties of segment include:

- Each segment has a unique name.

- A code or date item within a segment is addressed as the pair

- The pair is adequate to access to any data or instruction to which program should have access.

- Segment can be separately relocated.

One serious drawback to segmentation is that the segments are of variable sizes. As a result, when the OS reference it must also know the size of the segment in order to be sure that the requested address is within the segment. But some segments – such as those that include dynamic memory allocation, can grow during execution. Consequently, the OS must keep track of segment sizes that can vary.

 

The last method used for memory protection is paging. Paging is similar to segmentation, except that all segments are of fixed size while paging contains no variable segment sizes. With paging, access to a particular page uses a pair of the form . The advantages of paging include improving efficiency and no fragmentation is used. However, the disadvantages are that there is no logical unity to pages, which makes it more difficult to determine the proper access control to apply to a given page. 

 

Combined paging with segmentation is another means to solve the problem by paging method. Each segment is broken into equal sized pages. Thus, this can gain advantage of segment permissions coupled with reduction in fragmentation offered by paging.