DOCSLIB.ORG

Wang, the Pennsylvania State University; Xi Xiong, Facebook Inc

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Wang, the Pennsylvania State University; Xi Xiong, Facebook Inc Between Mutual Trust and Mutual Distrust: Practical Fine-grained Privilege Separation in Multithreaded Applications Jun Wang, The Pennsylvania State University; Xi Xiong, Facebook Inc. and The Pennsylvania State University; Peng Liu, The Pennsylvania State University https://www.usenix.org/conference/atc15/technical-session/presentation/wang_jun This paper is included in the Proceedings of the 2015 USENIX Annual Technical Conference (USENIC ATC ’15). July 8–10, 2015 • Santa Clara, CA, USA ISBN 978-1-931971-225 Open access to the Proceedings of the 2015 USENIX Annual Technical Conference (USENIX ATC ’15) is sponsored by USENIX. Between Mutual Trust and Mutual Distrust: Practical Fine-grained Privilege Separation in Multithreaded Applications Jun Wang, Xi Xiong†1, Peng Liu Pennsylvania State University, Facebook Inc.† Abstract exploit certain vulnerabilities (e.g., format string CVE- Threads in a multithreaded process share the same ad- 2004-1097) to inject shellcode and thus access the private dress space and thus are implicitly assumed to be mutu- data of another connection served by a different thread. ally trusted. However, one (compromised) thread attack- Meanwhile, logic bugs (e.g., Heartbleed [8]) might ex- ing another is a real world threat. It remains challenging ist so that an attacker can fool a thread to steal private to achieve privilege separation for multithreaded applica- data belonging to other threads. (3) For the multithreaded tions so that the compromise or malfunction of one thread userspace file system FUSE [6], logic flaws or vulner- does not lead to data contamination or data leakage of abilities might also allow one user to read a buffer that other threads. contains private data of another user, which violates the The Arbiter system proposed in this paper explores access control policy. This is especially critical for en- the solution space. In particular, we find that page table crypted file systems built upon FUSE (e.g., EncFS [5]), protection bits can be leveraged to do efficient reference wherein data can be stored as cleartext in memory and a monitoring if data objects with the same accessibility stay malicious user could enjoy a much easier and more ele- in the same page. We design and implement Arbiter gant way to crack encrypted files than brute force. which consists of a new memory allocation mechanism, a A common characteristic of the above applications is policy manager, and a set of APIs. Programmers specify that they may concurrently serve different users or clients, security policy through annotating the source code. We which represent distinct principals that usually do not apply Arbiter to three applications, an in-memory key/- fully trust each other. This characteristic directly con- value store, a web server, and a userspace file system, tradicts the “threads-are-mutually-trusted” assumption. and show how they can benefit from Arbiter in terms of Therefore, a fundamental multithreaded application secu- security. Our experiments on the three applications show rity problem arises, that is, how to retrofit the classic mul- that Arbiter reduces application throughput by less than tithreaded programming model so that the “threads-are- 10% and increases CPU utilization by 1.37-1.55 . mutually-trusted” assumption can be properly relaxed? × In other words, could different principal threads have dif- 1 Introduction ferent privileges to access shared data objects so that the While multithreaded programming brings clear advan- compromise or malfunction of one thread does not lead tages over multiprocessed programming, the classic mul- to data contamination or data leakage of another thread? tithreaded programming model has an inherent security limitation, that is, it implicitly assumes that all the threads 1.1 Prior Work and Our Motivation From a programmer’s point of view, we identify two inside a process are mutually trusted. This is reflected by kinds of privilege separation problems. The first prob- the fact that all the threads run in the same address space lem is to split a monolithic application into least-privilege and thus share the same privilege to access resources, es- compartments. For example, an SSH server only requires pecially data. root privilege for its monitor (listening to a port and per- However, one thread attacking another thread of the forming authentication), rather than the slave (process- same application process is a real world threat. Here are ing user commands). Since the two parts are usually a few examples: (1) For the multithreaded in-memory closely coupled, developers in the old days simply put key/value store Memcached [9], it has been shown that the two into one program. Due to the emergence of buffer many large public websites had left it open to arbitrary overflow and other relevant attacks against the root privi- access from Internet [2], making it possible to connect to leged part, however, this monolithic program design is no (a worker thread of) such a server, dump and overwrite longer appropriate. Separation of the two parts into dif- cache data belonging to other threads [7]. In addition, ferent privileged processes with IPC mechanisms in be- vulnerabilities [11, 10] could be exploited by an adver- tween (e.g., via pipes) becomes a more appropriate ap- sary (e.g., buffer overflow attack via CVE-2009-2415) so proach. Actually, OpenSSH has already adopted this ap- that the compromised worker thread can arbitrarily ac- proach. cess data privately owned by other threads. (2) For the The second problem is to do fine-grained privilege sep- multithreaded web server Cherokee [3], an attacker could aration in multithreaded applications. As introduced ear- 1work was done while this author was at Pennsylvania State Univer- lier, threads in a multithreaded program were implicitly sity. assumed to be mutually trusted. However, the evolving USENIX Association 2015 USENIX Annual Technical Conference 361 1st PS Problem (OpenSSH [27], 2nd PS Problem (Arbiter) of multithreaded applications tends to break this assump- Privtrans [15], Wedge [14], etc.) tion by concurrently serving different principals. Usually Sequential invocation of compartments Concurrent execution the principals do not fully trust one another. with different privileges Only privileged process/thread can Data shared among different The first problem has been studied for many years access sensitive data (unprivileged) principal threads [29, 27, 19, 15, 14]. Provos et al. [27] pioneered the Static capability policy Dynamic (label) policy methodology and design of privilege separation. Priv- Table 1: Different assumptions of 1st and 2nd privilege separa- trans [15] can automatically partition a program into a tion (PS) problem privileged monitor and an unprivileged slave. Wedge [14] reveals that over 80% of existing web servers are multi- combines privilege separation with capabilities to do threaded. It is impractical to redesign all those applica- finer-grained partitioning. For the second one, however, tions that are already multithreaded. there are no systematic research investigations that we are 2) Software fault isolation. Address space isolation aware of. puts each process into a protection domain, but does not This paper focuses on the second privilege separation do finer-grained isolation inside an address space. Soft- problem. Our goal is to apply least privilege principle on ware fault isolation [30, 17] did an innovative work on (shared) data objects so that a data object can be read- making a segment of address space as a protection do- writable, read-only, or inaccessible to different threads at main by using software approaches like a compiler. Nev- the same time and, more importantly, to require minimum ertheless, it is difficult for SFI to map program data ob- retrofitting effort from programmers. First of all, let’s jects (e.g., array) into a protection domain: address-based look at existing mechanisms to see whether they can be confinement and static instrumentation cannot easily deal applied to solve this problem. with dynamically allocated data. LXFI [24] instruments 1) Process isolation. Process isolation is the essen- kmalloc so that the principal and address information of tial idea behind existing approaches to the first privilege dynamic kernel data objects are made aware to the ref- separation problem. OpenSSH [27] and Privtrans [15] erence monitor. However, this is done only to kernel leverage process address space isolation while using IPC modules and kernel data. In addition, LXFI focuses on to make the privileged part and the unprivileged part integrity and does not check memory reads due to per- work together. However, neither of them handles data formance reasons. However, our goal is to prevent both object granularity. In addition, when there are many unauthorized reads and writes. Therefore, we need to principal threads, IPC might become very inefficient. catch invalid reads as well. Wedge [14] advances process isolation with new ideas. 3) Other related mechanisms. We investigate four It creates compartments with default-deny semantics and additional types of related mechanisms to see whether maps shared data objects into appropriate compartments. they can handle our problem. (a) OS abstraction level ac- However, Wedge is proposed to address the first privilege cess control has been extensively studied (e.g., SELinux separation problem, which has very different nature from [23], AppArmor [1], Capsicum [31]). However, these the problem we consider, as shown in Table 1. Due to mechanisms treat a process/thread as an atomic unit and these differences, Wedge’s all-or-nothing privilege model do not deal with data objects “inside” a process. So a with default-deny semantic is not very applicable to a granularity gap exists between these techniques and our multithreaded program, wherein threads by default share goal. (b) HiStar [33] is a from-scratch OS design of lots of resources. To apply Wedge on our problem, one decentralized information flow control (DIFC). Perhaps still needs to address the challenges considered in this pa- HiStar can meet our goal of privilege separation on data per.
Load more

Recommended publications
  • Man Pages Section 2 System Calls
    man pages section 2: System Calls Part No: E29032 October 2012 Copyright © 1993, 2012, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including anyoperating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications.
    [Show full text]
  • Memory Management
    Memory Management Memory Management 1/53 Learning Objectives Memory Management I Understand the role and function of the memory manager I Understand the operation of dynamic memory allocation algorithms used in language runtime such as malloc I Understand the operation of kernel-level memeory allocators such as the buddy system 2/53 Memory Management: Overview Memory Management I Primary role of memory manager: I Allocates primary memory to processes I Maps process address space to primary memory I Minimizes access time using cost effective memory configuration I Memory management approaches range from primitive bare-machine approach to sophisticated paging and segmentation strategies for implementing virtual memory. 3/53 Relocating Executables Memory Management I Compile, Link, and Load phases. I Source program, relocatable object modules, absolute program. I Dynamic address relocation using relocation registers. I Memory protection using limit registers. (violating the limit generates an hardware interrupt, often called segment violation, that results in a fatal execution error.) 4/53 Building the address space Memory Management Shared primary Libraries Source memory Code Process Addresss Space Compiler Loader Relocatable Static Object Library Code Code Absolute Program (executable) Linker secondary memory 5/53 Process Address Space model Memory Management 0x00000000 Text Program Binary Unitialized Data Global/Static variables Initialized Data Heap Dynamically allocated variables Local variables, function/method arguments Stack Return values 0xFFFFFFFF 6/53 Dynamic Memory Allocation in Processes Memory Management I Using malloc in C or new in C/C++/Java and other languages causes memory to be dynamically allocated. Does malloc or new call the Operating system to get more memory? I The system creates heap and stack segment for processes at the time of creation.
    [Show full text]
  • Memory Management Arkaprava Basu
    Indian Institute of Science (IISc), Bangalore, India Memory Management Arkaprava Basu Dept. of Computer Science and Automation Indian Institute of Science www.csa.iisc.ac.in/~arkapravab/ www.csa.iisc.ac.in Indian Institute of Science (IISc), Bangalore, India Memory is virtual ! ▪ Application software sees virtual address ‣ int * p = malloc(64); Virtual address ‣ Load, store instructions carries virtual addresses 2/19/2019 2 Indian Institute of Science (IISc), Bangalore, India Memory is virtual ! ▪ Application software sees virtual address ‣ int * p = malloc(64); Virtual address ‣ Load, store instructions carries virtual addresses ▪ Hardware uses (real) physical address ‣ e.g., to find data, lookup caches etc. ▪ When an application executes (a.k.a process) virtual addresses are translated to physical addresses, at runtime 2/19/2019 2 Indian Institute of Science (IISc), Bangalore, India Bird’s view of virtual memory Physical Memory (e.g., DRAM) 2/19/2019 Picture credit: Nima Honarmand, Stony Brook university 3 Indian Institute of Science (IISc), Bangalore, India Bird’s view of virtual memory Process 1 Physical Memory (e.g., DRAM) 2/19/2019 Picture credit: Nima Honarmand, Stony Brook university 3 Indian Institute of Science (IISc), Bangalore, India Bird’s view of virtual memory Process 1 // Program expects (*x) // to always be at // address 0x1000 int *x = 0x1000; Physical Memory (e.g., DRAM) 2/19/2019 Picture credit: Nima Honarmand, Stony Brook university 3 Indian Institute of Science (IISc), Bangalore, India Bird’s view of virtual memory
    [Show full text]
  • Virtual Memory and Linux
    Virtual Memory and Linux Matt Porter Embedded Linux Conference Europe October 13, 2016 About the original author, Alan Ott ● Unfortunately, he is unable to be here at ELCE 2016. ● Veteran embedded systems and Linux developer ● Linux Architect at SoftIron – 64-bit ARM servers and data center appliances – Hardware company, strong on software – Overdrive 3000, more products in process Physical Memory Single Address Space ● Simple systems have a single address space ● Memory and peripherals share – Memory is mapped to one part – Peripherals are mapped to another ● All processes and OS share the same memory space – No memory protection! – Processes can stomp one another – User space can stomp kernel mem! Single Address Space ● CPUs with single address space ● 8086-80206 ● ARM Cortex-M ● 8- and 16-bit PIC ● AVR ● SH-1, SH-2 ● Most 8- and 16-bit systems x86 Physical Memory Map ● Lots of Legacy ● RAM is split (DOS Area and Extended) ● Hardware mapped between RAM areas. ● High and Extended accessed differently Limitations ● Portable C programs expect flat memory ● Multiple memory access methods limit portability ● Management is tricky ● Need to know or detect total RAM ● Need to keep processes separated ● No protection ● Rogue programs can corrupt the entire system Virtual Memory What is Virtual Memory? ● Virtual Memory is a system that uses an address mapping ● Maps virtual address space to physical address space – Maps virtual addresses to physical RAM – Maps virtual addresses to hardware devices ● PCI devices ● GPU RAM ● On-SoC IP blocks What is Virtual Memory? ● Advantages ● Each processes can have a different memory mapping – One process's RAM is inaccessible (and invisible) to other processes.
    [Show full text]
  • CS252: Systems Programming
    CS252: Systems Programming Gustavo Rodriguez-Rivera Computer Science Department Purdue University General Information Web Page: http://www.cs.purdue.edu/homes/cs252 Office: LWSN1210 E-mail: [email protected] Textbook: Book Online: “Introduction to Systems Programming: a Hands-on Approach” https://www.cs.purdue.edu/homes/grr/SystemsProgrammingBook/ Recommended: Advanced Programming in the UNIX Environment by W. Richard Stevens. (Useful for the shell. Good as a reference book.) Mailing List We will use piazza PSOs There is lab the first week. The projects will be explained in the labs. TAs office hours will be posted in the web page. Grading Grade allocation Midterm: 25% Final: 25% Projects and Homework: 40% Attendance 10% Exams also include questions about the projects. Course Organization 1. Address space. Structure of a Program. Text, Data, BSS, Stack Segments. 2. Review of Pointers, double pointers, pointers to functions 3. Use of an IDE and debugger to program in C and C++. 4. Executable File Formats. ELF, COFF, a.out. Course Organization 5. Development Cycle, Compiling, Assembling, Linking. Static Libraries 6.Loading a program, Runtime Linker, Shared Libraries. 7. Scripting Languages. sh, bash, basic UNIX commands. 8. File creation, read, write, close, file mode, IO redirection, pipes, Fork, wait, waitpid, signals, Directories, creating, directory list Course Organization 9. Project: Writing your own shell. 10. Programming with Threads, thread creation. 11. Race Conditions, Mutex locks. 12. Socket Programming. Iterative and concurrent servers. 13. Memory allocation. Problems with memory allocation. Memory Leaks, Premature Frees, Memory Smashing, Double Frees. Course Organization 14. Introduction to SQL 15. Source Control Systems (CVS, SVN) and distributed (GIT, Mercurial) 16.
    [Show full text]
  • The UNIX Memory API
    University of New Mexico Memory Virtualization: The UNIX Memory API Prof. Patrick G. Bridges 1 University of New Mexico Memory API: malloc() #include <stdlib.h> void* malloc(size_t size) Main programmer-level API in C. Language-level interface, not the actual OS interface Allocate a memory region on the heap. ▪ Argument ▪ size_t size : size of the memory block(in bytes) ▪ size_t is an unsigned integer type. ▪ Return ▪ Success : a void type pointer to the memory block allocated by malloc ▪ Fail : a null pointer free/calloc/realloc also exist in the same vein 2 University of New Mexico Lots of ways to go wrong with memory Some sample things we’ve all done ▪ Not copying enough data (e.g. terminating nulls) ▪ Not allocating space for the data copied ▪ Not freeing data (memory leaks) ▪ Accessing data after its freed ▪ Freeing an area multiple times What does each of these actually do? Requires understanding how the language API is built on top of the OS memory API 3 University of New Mexico Memory Management System Calls #include <unistd.h> int brk(void *addr) void *sbrk(intptr_t increment); malloc malloc library call use brk and/or mmap system calls. ▪ brk is called to expand the program’s break. ▪ break: The location of the end of the heap in address space ▪ sbrk is an additional call similar with brk. ▪ Programmers should never directly call either brk or sbrk. What does this actually do? 4 University of New Mexico How do brk and sbrk work? Address Space The greyed-out area of an address 0x400000 Code space is not actually allocated.
    [Show full text]
  • A Source Book from the Open Group
    A Source Book from The Open Group The Single UNIX· Specification: The Authorized Guide to Version 3, 2nd Edition The Open Group Copyright ¶ June 2004, The Open Group All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the copyright owners. A Source Book from The Open Group The Single UNIX· Specification: The Authorized Guide to Version 3, 2nd Edition ISBN: 1-931624-47-X Document Number: G041 Published in the U.S. by The Open Group, June 2004. Any comments relating to the material contained in this document may be submitted by email to: [email protected] ii A Source Book from The Open Group (2004) ____________________________________________________ Contents ____________________________________________________ Chapter 1 The Single UNIX Specification............................................ 1 1.1 Introduction.................................................................................. 1 1.2 Background ................................................................................. 1 1.3 The Value of Standards................................................................ 2 1.4 The Single UNIX Specification ..................................................... 2 1.5 Benefits for Application Developers.............................................. 3 1.6 Benefits for Users........................................................................ 3 1.7 The
    [Show full text]
  • Memory Management
    Memory management Johan Montelius KTH 2020 1 / 27 virtual memory and segmentation code data heap stack code data heap stack OS code code data data heap heap stack stack 2 / 27 the process view code data heap stack How do we obtain more memory for the heap data structures? 3 / 27 Linux system call brk() and sbrk() change the location of the program break, which defines the end of the process’s heap segment brk() sets the end of the heap segment to the # include <unistd .h> value specified by addr int brk ( void * addr ); sbrk() increments the program’s heap space by void *sbrk(intptr_t incr);increment bytes. It returns the previous program break. Calling sbrk() with an increment of 0 can be used to find the current location of the program break. 4 / 27 C program - not the way to do it # include <stdlib .h> # include <unistd .h> int *allocate_array_please( int size ) { return ( int *)sbrk(size * sizeof ( int )); } 5 / 27 a growing heap free brk How do we reuse allocated memory? 6 / 27 C program # include <stdlib .h> int global = 42; int main ( int argc , char * argv []) { if( argc < 2) return -1; int n = atoi(argv[1]); int on_stack[5] = {1,2,3,4,5}; int *on_heap = malloc( sizeof ( int )*n); : 7 / 27 } The POSIX API The malloc() function allocates size bytes and returns a pointer to the allocated memory. The memory is not initialized. If size is 0, then malloc() returns either NULL, # include <stdlib .h> or a unique pointer value that can later be void *malloc(size_t size);successfully passed to free().
    [Show full text]
  • Virtual Address Space Physical Memory Allocation
    4/12/2017 Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign physical memory to processes 5B. Simple Memory Allocation – explicit requests: malloc (sbrk) 5C. Dynamic Allocation Algorithms – implicit: program loading, stack extension 5D. Advanced Allocation Techniques 2. manage the virtual address space 5G. Errors and Diagnostic Free Lists – instantiate virtual address space on context switch – extend or reduce it on demand 5F. Garbage Collection 3. manage migration to/from secondary storage – optimize use of main storage – minimize overhead (waste, migrations) Memory Management 1 Memory Management 2 Memory Management Goals Linux Process – virtual address space 1. transparency – process sees only its own virtual address space 0x00000000 0x0100000 0x0110000 – process is unaware memory is being shared shared code private data DLL 1 DLL 2 2. efficiency – high effective memory utilization DLL 3 private stack – low run-time cost for allocation/relocation 0x0120000 0xFFFFFFFF 3. protection and isolation All of these segments appear to be present in memory – private data will not be corrupted whenever the process runs. – private data cannot be seen by other processes Memory Management 3 Memory Management 4 Physical Memory Allocation (code segments) • program code process 1 shared lib data and stack X – allocated when program loaded OS kernel shared code process 3 – initialized with contents of load module segment A data and stack process 2 • shared and Dynamically Loadable Libraries data and stack – mapped in at exec time or when needed shared code segment B • all are read-only and fixed size – somehow shared by multiple processes Physical memory is divided between the OS kernel, process private data, and shared code segments.
    [Show full text]
  • Is It Time to Replace Mmap? a History of Virtual Address Management (And a Proposal for the Future) Brooks Davis SRI International Bsdcan 2018, Ottawa, Canada
    Is it time to replace mmap? A history of virtual address management (and a proposal for the future) Brooks Davis SRI International BSDCan 2018, Ottawa, Canada Approved for public release; distribution is unlimited. This research is sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contract FA8750-10-C-0237. The views, opinions, and/or findings contained in this article/presentation are those of the author(s)/presenter(s) and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government. Memory Photo credit: Steve Jurvetson from Menlo Park, USA 2 A bit of computer history ENIAC c.1945 EDSAC c.1949 PDP-11 c.1970 Baby c.1948 I386 1985 UNIX 1940 1960 1980 2000 2020 Photo sources: ENIAC: Two women operating ENIAC - U.S. Army Photo EDSAC: EDSAC I, R.Hill operating - Copyright Computer Laboratory, University of Cambridge. Reproduced by permission. PDP-11: DEC - PDP-11- Ken Thompson and Dennis Ritchie – 3 Courtesy Computer History Museum Process address space NULL Program Code Data BSS Heap Stack 0 F … … 0x00 0x7F 4 Process address space Virtual address space Physical address space Code Data BSS Heap Stack Copy on write Disc 5 Process address space Code Data BSS Heap Stack SP Break 6 UNIX and BSD 1970 1972 V2: 1973 V3: PDP-7: ? break break 1972 V1: system call system call sysbreak and docs system call 1970 1980 1990 2000 2010 2020 7 break.2 (V3 Unix) break sets the system's idea of the highest location used by the program to addr.
    [Show full text]
  • Linux Standard Base Core Specification 4.1
    Linux Standard Base Core Specification 4.1 Linux Standard Base Core Specification 4.1 ISO/IEC 23360 Part 1:2010(E) Copyright © 2010 Linux Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1; with no Invariant Sections, with no Front-Cover Texts, and with no Back- Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". Portions of the text may be copyrighted by the following parties: • The Regents of the University of California • Free Software Foundation • Ian F. Darwin • Paul Vixie • BSDI (now Wind River) • Andrew G Morgan • Jean-loup Gailly and Mark Adler • Massachusetts Institute of Technology • Apple Inc. • Easy Software Products • artofcode LLC • Till Kamppeter • Manfred Wassman • Python Software Foundation These excerpts are being used in accordance with their respective licenses. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. UNIX is a registered trademark of The Open Group. LSB is a trademark of the Linux Foundation in the United States and other countries. AMD is a trademark of Advanced Micro Devices, Inc. Intel and Itanium are registered trademarks and Intel386 is a trademark of Intel Corporation. PowerPC is a registered trademark and PowerPC Architecture is a trademark of the IBM Corporation. S/390 is a registered trademark of the IBM Corporation. OpenGL is a registered trademark of Silicon Graphics, Inc. ISO/IEC 23360 Part 1:2010(E) Contents I
    [Show full text]
  • Operating Systems Principles and Programming More Contact
    Operating Systems Principles and Programming Principes et programmation des syst`emesd’exploitation Albert Cohen [email protected] Ecole´ Polytechnique — Master 1 — INF583 2014–2015 1 / 1 More Contact Information Albert Cohen: senior research scientist at INRIA Parkas group at ENS: http://www.di.ens.fr/ParkasTeam.html Parallelism of synchronous Kahn networks 2 / 1 Organization Practical Information 9 lectures (slides in English) and 9 labs (in French) Oral examination Questions are welcome If you are lost, do not wait before asking for help Prerequisites Attending lectures and labs Programming, reading code and documentation after lab hours http://www.enseignement.polytechnique.fr/informatique/INF583 3 / 1 Contents Course Principles and design of operating systems Operating system programming Concrete examples Labs Corrections for most exercises Balanced between principles, algorithms, system design, kernel internals and system programming 4 / 1 Outline 5 / 1 1. Survival Kit 1. Survival Kit 6 / 1 1. Survival Kit Help Yourself UNIX man pages Read man pages: http://www.linuxmanpages.com or http://linux.die.net/man I Quick reference in French: http://www.blaess.fr/christophe/documents.php?pg=001 I BusyBox: shell for embedded systems: http://www.enseignement.polytechnique.fr/informatique/INF422/busybox.html Command-line usage I $ man 1 command (UNIX command) I $ man 2 system call (primitive system calls) I $ man 3 library call (e.g., C library, system call front-end stubs) I Warning: multiple entries with the same name may appear in different sections of the man pages run $ man -k name if you are not sure → I The SEE ALSO section at the bottom of most man pages is an important way to navigate through this valuable source of precise/reference information 7 / 1 1.
    [Show full text]