Security Architecture and Design

Chapter 4Part 2

Pages 319 to 357

Virtual Memory

Virtual Memory

Process Isolation

• Protects processes from each other.• Encapsulated – no other process has access to

another process’ internal code.• Data Hiding – no other process knows how a

process work• Interact with another process through its API

Time Multiplexing

Name Distinction

• Process ID (PID)

RAM

• Dynamic Random Access Memory• Millions of transistors and capacitors• Capacitor stores 1 or 0• 1 = several electrons stored in it• Need to be read and rewritten regularly

Static RAM (SRAM)

• Does not require continuous refreshing• Faster than DRAM• More expensive and smaller capacity• Used for Cache memory

Memory Management

Dynamic Link Libra (DLL)

• Crypt32.dll

Buffer Overflow

Buffer Overflow

Buffer Overflow

char buf[10];gets(buff)

Memory Protection Techniques

• Windows “Address Space Layout Randomization”

• Randomly rearrange key data areas in memory– Starting address of function– Stack address– Libraries

• Prevents attackers guessing through trial and error

Prevent Buffer Overflow

• Use Java or C#• Buffer = new char[10];• Buffer[20] causes an exception to be thrown

Memory Leak

• Languages like C++• Buffer = new int[100];• Delete(buffer);• Can be used for a Denial of Service Attack

(DoS)• Java and C# have garbage collection

I/O Device

• Block devices– Disk– Transfers sectors

• Character devices– Printers, mouse– Stream of characters

I/O

• Handled by the OS device driver• Communicates with the device controller

Interrupts

• OS schedules I/O• I/O with Direct Memory Access• Devices sends an interrupt when I/O is

completed• OS moved process from blocked to waiting• OS schedules next I/O on device

CPU Architecture

• Figure page 343

Ring Architecture

• Figure 4-15 on page 344• OS Kernel– Communicates with I/O devices– Schedules processes– Handles interrupts

• Application Program Interface (API)• Windows only uses Rings 0 and 3• Attack: replace DLL with malicious code

Operating System Architecture

• Monolithic– Figure 4-16 on page 347

• Microkernel Architecture– Figure 4-18 on page 350– Small kernel– Operating systems utilities are invoked in user

mode

Virtual Machines

• Figure 4-21 on page 356• List on pages 356-7