The Role of the Operating System in the Era of Cyberwar Vasileios (Vasilis) Kemerlis Department of Computer Science Brown University CSCI 1800: Cybersecurity and International Relations, 04/06/2016
[email protected] (Brown University) OS Security CSCI 1800 1 / 34 Isolation Virtual memory • Confinement Namespaces, Capabilities • Access control DAC/MAC, ACLs • Kernel Privilege ! The security of a computer system can only be as good as that of the underlying OS kernel! Introduction Kernel attacks The Role of the Kernel What is a kernel anyway? “Heart” of the Operating System APP APP APP APP APP Abstracts the hardware CPU Execution thread • MEM Virtual address space • DEV I/O object KERNEL • Manages resources X Performance X Protection CPU MEM DEV
[email protected] (Brown University) OS Security CSCI 1800 2 / 34 Kernel Privilege ! The security of a computer system can only be as good as that of the underlying OS kernel! Introduction Kernel attacks The Role of the Kernel What is a kernel anyway? “Heart” of the Operating System APP APP APP APP APP Abstracts the hardware CPU Execution thread • MEM Virtual address space • DEV I/O object KERNEL • Manages resources X Performance X Protection CPU MEM DEV Isolation Virtual memory • Confinement Namespaces, Capabilities • Access control DAC/MAC, ACLs •
[email protected] (Brown University) OS Security CSCI 1800 2 / 34 Introduction Kernel attacks The Role of the Kernel What is a kernel anyway? “Heart” of the Operating System APP APP APP APP APP Abstracts the hardware CPU Execution thread • MEM Virtual address