CSE 410 22wi Homework 7
Operating System: Security

Out: Thursday, 24 February
Due: Wednesday, 2 March, 11:59 pm
Latest Possible Submission Time: Saturday, 5 March, 11:59 pm
Turnin: Gradescope

One of the roles of the OS is to protect applications from each other, as well as users from each other (and even users from their own mistakes). Often this means that the OS is in charge of preventing applications from doing things.

1. Protecting the disk:
   1. Is there anything that prevents someone from writing a program that writes zeroes everywhere on the disk (thus deleting everyone's files)? If so, briefly describe what it is that keeps a skilled programmer from writing such a program. Be specific.
   2. Is there anything that prevents someone from running a program that writes zeroes everywhere on the disk? If so, briefly desribe what. Be specific.

2. Protecting memory:
   1. One way the OS could provide memory protection would be to allow only one program to be in memory at a time. That is, when OS decided to let application A run, it would load it in memory. When the OS decided to let application B run, it would first save application A's memory contents to disk (then zero the memory A had been using), then load B and let it run. Later, when it wanted to run A, it would save B's state and reload A's state, etc.
      Why is this a bad idea? Be brief but specific.
   2. Assuming that memory is being used by more than one running application at a time, explain why some kind of hardware support is needed to enforce memory protection. Why can't the OS do it on its own? Be brief but specific.
   3. Briefly propose a hardware mechanism that could be used by the OS to provide memory protection. The mechanism needs to be plausible, not one actually in use at the moment (so you're free to invent one, so long as it's plausible, but you don't have to).

3. Protecting the CPU (core):
   1. What does it mean "to protect the CPU"? What could go wrong?
   2. How does the OS protect the CPU? Be brief but specific.

4. Trap Mechanism
   1. What problem does the trap mechanism solve? Be brief but specific.
   2. Why can't malicious code use the trap mechanism to gain privileged execution? (Any code can cause a trap and every trap causes the CPU to switch into privileged mode operation.)

5. Policy / Mechanism Separation
   Policy is what we're trying to accomplish. Mechanism is the means used to try to accomplish the policy goal. For instance, our "vacation policy" may be to travel to foreign countries. The mechanism might be airplanes. Note that airplanes don't dictate where you go, or even that you will go, but they make it possible.

   Computer systems are infrastructure that provides mechanism, but they generally try to defer policy to "layers above" -- users of them. For instance, what does a computer and its operating system do? Pretty much nothing, except that you can write (or buy) programs that do something useful. The system is mechanism that supports running applications, the applications are mechanism that support some other goal (e.g., spreadsheets support accounting), and eventually some user decides on policy: what they want to accomplish.

   On conputer systems, an "exception" is an error condition detected by the CPU hardware. For instance, the PC may point to a word of memory that is not an instruction -- the opcode field of that word doesn't correspond to any valid opcode. When an exception occurs, the CPU invokes the trap mechanism.

   1. Why doesn't the CPU just kill your program immediately when an exception occurs? Why does it instead make the the operating system do it?
   2. What should the operating system do when notified that an application has encountered some execution error?
   3. Give a specific example where the operating system simply killing the application would be an unfortunate choice.
   4. (Optional Question) Given all the above, maybe the right thing for the OS to do is to defer policy to the layer above -- to the application (or the user). Explain a mechanism the OS might use to accomplish that.