CYB 5285: Secure Operating Systems

Welcome to the class website of Secure Operating Systems. This page links to all the slides for the current class, plus assignment information.

Syllabus

The formal syllabus for this class is available here.

In a less formal way, the goal of the class is to make you aware of security issues that are involved in using and designing operating systems. The operating system is often the final arbiter in enforcing security within a machine. What does the OS do with respect to security, and how does it do it?

Prerequisites & Administrivia

The class is rather relatively straightforward: we will take a guided tour of the operating system. We will be leverating Silberschatz heavily, but supplementing it with papers. Silberchatz talks a lot about how the OS works and what the underlying principles are; the papers look at security-specific topics. Together, you should understand a lot more about how the OS provides security services, and how the OS can be beaten.

In order to get an A in the class, all assignment must be turned in and complete. Please note, you must pass the final to obtain a passing grade in the class.

The book for the class is Silberchatz, Galvin and Gange's "Operating Systems Concepts Update, 8th Edition". The previous edition (7th) will not suffice; if you don't have the "update" version, however, I can supply the missing material. In addition, you might find the book "Operating System Security" by Trent Jaeger helpful.

Unless otherwise stated, all assignments are due before class 1 week after they were assigned (e.g. if an assignment is set on Tuesday, it is due before class the following Tuesday). Assignments should be turned in through the class SVN server.

Reading List

Things you will read, at a minimum, by the final exam. Watch this space: the list will grow.

• "Protection" by Butler Lampson
• "Protection in Operating Systems" by Harrison
• "An Investigation of the Therac-25 Accidents", Leveson & Turner
• "The Cake is a Lie" by Locasto et al.
• Tannenbaum Ch 13
• "Protection and the Control of Information Sharing in Multics"
• "VM-based security overkill: a lament for applied systems security research"
• "Virtual Machines, Virtual Security"
• "Thirty Years Later: Lessons from the Multics Security Evaluation"
• "SCOMP: A Solution to the Multilevel Security Problem"
• "Linux kernel vulnerabilities: State-of-the-art defenses and open problems"
• "A Tale of Four Kernels"
• "Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization"

Slides

This deck changes as a function to time. Please check back for additional materials covered in class.

• Lesson 1: Introduction and Administrivia
• Lesson 2: OS Fundamentals
• Lesson 3: OS Structures
• Lesson 4: Access Control
• Lesson 5: Synchronization
• Lesson 6: Memory
• Lesson 7: OS API
• Lesson 8: Discuss "The Cake is a Lie" ideas - no slides
• Lesson 8A: Virtualization
• Lesson 9: Multics
• Lesson 10: SCOMP
• Lesson 11: Breaking Stuff
• Lesson 12: Linux Security
• Lesson 13: SELinux
• Lesson 14: Windows Security
• Lesson 15: Capability Systems
• Lesson 16: Open versus Closed
• Lesson 17: Assurance
• Lesson 18: Ret2Usr

Further lessons will be uploaded as needed.