Overview

• Quiz
• context switch
• resource protection

Context Switch

• challenging project
• not your normal programming
• have to understand multithreading, thread state

Multithreading

• thread: execute a sequence of instructions (represented by the PC)
• single-threaded programs have a single "thread" of control
• multi-threaded programs have multiple PCs
• logically, the threads execute simultaneously
• actually, the threads execute one at a time
• thread (context) switching:
  • an interrupt stops the current thread
  • the system may stop one thread and start another
  • the currently executing thread may stop executing and start another thread

Thread State

• global state (shared by all threads):
  • program code
  • global variables
  • heap
• per-thread state:
  • local variables (stack)
  • subroutine return addresses (stack)
  • registers (saved on stack)

Homework: Context Switch

• save parameters (new stack pointer, pointer to old stack pointer) in global variables, so they are available after we mess with the registers
• save the global and FP registers onto stack
• save the register windows onto stack
• reload from memory pointer to old stack pointer
• store current stack pointer at location pointed to by "old stack pointer" parameter
• load new stack pointer from memory
• invert prior process

Homework: Thread Creation

• the context switch function expects the "new" stack to have a certain format
• example: register windows, FP registers, global registers
• one of those registers holds the program counter (return address)
• to create a thread, must build a stack with the appropriate format
• this format takes space on the stack
• return the "new" stack pointer

Protection

• input is a set of permissions for system resources:
  • file permissions
  • memory permissions (e.g. read-only for process P)
  • device permissions (e.g. supervisory processes may read raw network packets)
• input is a sequence of requests for resources (e.g. memory accesses)
• output is a sequence of granting of or denial of resources

Identification

• user IDs identify users
• group IDs: for example on Unix,
  • administrators create groups
  • users in a group can set their files to belong to that group
  • ls -lg
• permission can be set by user or by group
• identification is proven by:
  • knowledge (passwords)
  • possession (key)
  • physical characteristics (fingerprint)

Capabilities

• tokens (like keys) that give access to resources
• implemented by the trusted system
• when you request a protected resource, system checks to see if you have the capability for it
• a capability may include the permission to transfer this capability to someone else
• example: combination lock
• example: ticket to an event

Kernel protection

• very hard to provide security without a secure kernel
• secure means others cannot:
  • read my data
  • change my data
  • keep me too busy to answer legitimate requests (denial of service)
• modern OSs use:
  • virtual memory to prevent access to data
  • security levels to determine whether you can access devices
  • encryption for data that should never be seen, even by sysadmins (for example, passwords)

Resource protection

• need a security model:
  • what are we protecting
  • against what uses
  • what attacks are possible
  • how likely are these attacks to succeed
• the OS defines mechanism, not policy
• the sysadmin, users define policy