Secure Architectures and Systems - Operating Systems: Introduction

class: center, middle

### Secure Computer Architecture and Systems
***
# Operating Systems: Introduction

---
# What is an Operating System?

.leftcol[
- A piece of software that **manages hardware and software resources**
- Acts as an interface between users and hardware
- Examples: Windows, Linux, MacOS

- Provides a **convenient** and **secure** interface for applications to use the machine
]

.rightcol[
<div style="text-align:center"><img src="include/os-layer.svg" width=300 /></div>
]

---
# Functions of an Operating System
<div style="text-align:center"><img src="include/overview-1.svg" width=800 /></div>

---
# Functions of an Operating System
<div style="text-align:center"><img src="include/overview-2.svg" width=800 /></div>

---
# Functions of an Operating System
<div style="text-align:center"><img src="include/overview-3.svg" width=800 /></div>

---
# Functions of an Operating System
<div style="text-align:center"><img src="include/overview-4.svg" width=800 /></div>

---
# Functions of an Operating System
<div style="text-align:center"><img src="include/overview-5.svg" width=800 /></div>

---
# Functions of an Operating System
<div style="text-align:center"><img src="include/overview-6.svg" width=800 /></div>

---
# Functions of an Operating System
<div style="text-align:center"><img src="include/overview-7.svg" width=800 /></div>

---
# Functions of an Operating System
<div style="text-align:center"><img src="include/overview-8.svg" width=800 /></div>

---
# A Brief History of Operating Systems

.leftcol[
- 1950s–1960s: ***monitors* (batch systems)**
  - Jobs submitted as a queue (magnetic tape), run one after the other
  - Example: IBM IBSYS (for its mainframe computers)  
- 1970s: **time-sharing systems**  
  - Multiple users share a single computer  
  - Example: UNIX (Bell Labs) inspired many successors
]

.rightcol[
<div style="text-align:center"><img src="include/Pdp-11-40.jpg" width=300 /></div>
.center[.small[
    PDP/11-40 [Wikipedia](https://en.wikipedia.org/wiki/PDP-11)
]
]
]

---
# A Brief History of OSes (2)

- 1980s **personal computers** become popular 
  - Examples: MS-DOS, early Macintosh OS  
- 1990s–2000s: **GUI-based OS**: Windows, Linux, MacOS  
  - Rise of networking and internet support  
- Modern Era: **Mobile OS** (Android, iOS), **Cloud & Virtualisation** (VMs, containers)  
  - Security and multi-core support

- **Embedded/real time OSes**
  - Started in the 1980s with the rise of microcontrollers
  - Specific constraints
  - Very relevant today (e.g. IoT)

---

# OS Architectures

- **Monolithic Kernel:**  
  - All OS services in one large kernel binary (e.g., Linux)  
- **Microkernel:**  
  - Minimal kernel (IPC, scheduling) runs with full privilege, deprivileged services such as drivers (e.g., Minix, QNX)
  - Hybrid monolithic/microkernel: Windows NT
- More exotic/research models:
  - Multikernel, Exokernel, Unikernel
- More on architectures in a future lecture

---
# OS Kernel vs. Distribution

- **Kernel:**  
  - Core part of the OS that manages hardware (CPU, memory, devices)  
  - Examples: Linux kernel, Windows NT kernel, XNU (MacOS)  
- **Distribution:**  
  - Kernel + system utilities, libraries, package manager, UI, apps  
  - Examples: Ubuntu (Linux), Fedora (Linux), Debian (Linux)

.leftlargecol[
<div style="text-align:center"><img src="include/kernel.svg" width=440 /></div>
]

.rightsmallcol[
    In this course unit, **OS means kernel**
]

---
# Security Aspects

- **Goals of an OS:**
  - Provide convenient *resources mechanisms* for applications: processes, file systems, memory management, etc.
  - Efficiently multiplex (schedule) access by applications to the resources
  - **Ensure the security of all applications**
--

- Security implies correct design and implementation of resources and scheduling
  - Can't let an app access the address space of another app
  - Can't let an app writing to a file overwrite the disk space allocated to another file
  - Can't let an app hog the CPU at the expense of other apps
--

- Such issues can happen when misusing OS mechanisms inadvertently (*fault tolerance*), and most importantly maliciously (*adversarial context*)

---
# Security Aspects (2)

- Concept of a **secure operating system**: oxymoron, ideal goal
  - No system of modern complexity is fully secure

--
- Security goals generally stated as what **subjects** (e.g. applications, users) can perform what **operations** (e.g. read, write) on what **objects** (e.g. files, socket, bytes in memory)
  - Try to apply the principle of least privilege and maintain confidentiality/integrity/availability
  - Often at odds with other goals of OSes: performance, convenience of usage

---
# Operating Systems: Trust Models

.leftlargecol[

- **Trusted Computing Base (TCB)** is the set of components enforcing security goals
- TCB needs to:
      1. Mediates all security sensitive operations
      2. Be correct
      3. Not be tampered with by software outside the TCB
- Depends on the scenario, but generally TCB: **hardware, boot process, all OS code, and some privileged apps**
  - Can be hard to precisely define, and mostly impossible to formally prove its correctness
]

.rightsmallcol[
<div style="text-align:center"><img src="include/tcb.svg" width=280 /></div>
]

---
# Threat Models

- A **threat model** defines what an attacker can do
--

- Also scenario-dependent, for example:
  - Remote attacker sending malformed network packets
  - Local attacker using a malicious user application trying to escalate privilege (root)
  - Malicious device misbehaving, trying to compromise the driver/OS code
  - Compromised boot process loading malicious kernel components/rootkit
  - Attacker accessing kernel log to leak sensitive information (e.g. to break certain defenses such as ASLR) or to erase traces of intrusion
  - Etc.

---
# Summary

- **OS manages the hardware directly and lets applications use it through a convenient and secure interface**
  - Provides services such as running and scheduling programs, memory management, filesystem, networking, other I/O management, etc.
--

- **OS security is a cornerstone of a computer systems' security** however:
  - Wide variety of threats
  - TCB is generally large, hard to define precisely, and impossible to formally verify
      - TCB components are assumed to work correctly...
      - but OSes are computer programs, generally written in unsafe languages, and as we have seen they contain vulnerabilities