Overview
- Quiz
- context switch
- resource protection
Context Switch
- challenging project
- not your normal programming
- have to understand multithreading, thread state
Multithreading
- thread: execute a sequence of instructions (represented by the PC)
- single-threaded programs have a single "thread" of control
- multi-threaded programs have multiple PCs
- logically, the threads execute simultaneously
- actually, the threads execute one at a time
- thread (context) switching:
- an interrupt stops the current thread
- the system may stop one thread and start another
- the currently executing thread may stop executing and start
another thread
Thread State
- global state (shared by all threads):
- program code
- global variables
- heap
- per-thread state:
- local variables (stack)
- subroutine return addresses (stack)
- registers (saved on stack)
Homework: Context Switch
- save parameters (new stack pointer, pointer to old stack pointer) in
global variables, so they are available after we mess with the registers
- save the global and FP registers onto stack
- save the register windows onto stack
- reload from memory pointer to old stack pointer
- store current stack pointer at location pointed to by
"old stack pointer" parameter
- load new stack pointer from memory
- invert prior process
Homework: Thread Creation
- the context switch function expects the "new" stack to have
a certain format
- example: register windows, FP registers, global registers
- one of those registers holds the program counter (return address)
- to create a thread, must build a stack with the appropriate format
- this format takes space on the stack
- return the "new" stack pointer
Protection
- input is a set of permissions for system resources:
- file permissions
- memory permissions (e.g. read-only for process P)
- device permissions (e.g. supervisory processes may read
raw network packets)
- input is a sequence of requests for resources (e.g. memory accesses)
- output is a sequence of granting of or denial of resources
Identification
- user IDs identify users
- group IDs: for example on Unix,
- administrators create groups
- users in a group can set their files to belong to that group
- ls -lg
- permission can be set by user or by group
- identification is proven by:
- knowledge (passwords)
- possession (key)
- physical characteristics (fingerprint)
Capabilities
- tokens (like keys) that give access to resources
- implemented by the trusted system
- when you request a protected resource, system checks to see
if you have the capability for it
- a capability may include the permission to transfer this
capability to someone else
- example: combination lock
- example: ticket to an event
Kernel protection
- very hard to provide security without a secure kernel
- secure means others cannot:
- read my data
- change my data
- keep me too busy to answer legitimate requests (denial of service)
- modern OSs use:
- virtual memory to prevent access to data
- security levels to determine whether you can access devices
- encryption for data that should never be seen, even by sysadmins (for
example, passwords)
Resource protection
- need a security model:
- what are we protecting
- against what uses
- what attacks are possible
- how likely are these attacks to succeed
- the OS defines mechanism, not policy
- the sysadmin, users define policy