Lecture Notes for Operating Systems

File System Reliability and Security, 22 November 1999

These are provisional lecture notes, expect changes.

  1. reliability - data integrity

    1. media failure - bad block list; controller deals with it

    2. backups - large disks; minimal but complete effort

    3. mirrored disks - tandem systems

    4. raid - striped disks; performance and reliability

  2. crash recovery - re-establishing consistency

    1. disk blocks should be either in a file or on the free list

    2. bad blocks are treated appropriately - put on the free list, or in a file

    3. recovery re-establishes syntactic, not semantic, correctness

    4. file system consistency - count file references and make sure directories agree

    5. consistency heuristics - proper permissions, sensible sizes

    6. protecting the user - keeping deleted files

  3. security - policy, mechanism, and assurance

    1. policy - need to know; hierarchical; information flow

    2. mechanism - how you implement policy

    3. assurance - how you make sure mechanism's implementing policy; tiger teams, formal review, security audits

  4. security problems

    1. data loss - disasters, failures, oopses; covert channels

    2. unauthorized access - intruders; privacy

    3. three famous problems - unix, tenex, os360

    4. trojan horses, virus, worms, backdoors

    5. generic security attacks - tiger or penetration teams

  5. security design principles

    1. public design and review - security through secrecy usually doesn't work

    2. sensible defaults - "sensible" meaning secure

    3. repetitive access checks - check and check again

    4. simple, uniform, and built-in security measures

    5. the human factor - social engineering

  6. security mechanisms

    1. user authentication

      1. passwords - good password selection

        1. cracking

        2. salting

        3. one-time passwords - synchronized random numbers

        4. challenge-response - smart cards

      2. physical identification - biometrics; watch the data

    2. reference monitor - the final word on security; where the operating system comes in

    3. protection domains - object-access rights pairs

      1. the current protection domain vettes object operations

      2. example - unix files

        1. domains are defined by uid, gid pairs

        2. access rights are read-write-execute for owner, group, world

      3. protection matrix - domains x objects; elements are access rights

        1. access control lists - store the columns

          1. each object keeps a list of domain-access right pairs

    4. capabilities - store the rows

      1. each domain keeps a list of object-assess right pairs

      2. hardware support, or fast software (caching)

      3. revocation's a problem - indirect capabilities

This page last modified on 7 December 1999.