Summary questions on operating systems

The operating-systems study module is very broad, and many of its topics concern developers rather than end users. Summary questions can therefore only cover a small subset of the material. One topic missing from the questions is a reminder that operating-system and hypervisor–level design decisions always involve trade-offs between security and performance. This balancing act has often delayed the adoption of security mechanisms, but situations such as Meltdown have forced action. A second related observation is worth highlighting: many security innovations did not originally come from operating-system vendors or open-source teams, but rather from “outside”. Academic researchers have played an important role here as well, and this study module may serve as a starting point for you in that direction. Research-driven advances in security are not in any case limited to areas that appear highly theoretical, such as cryptography.

The questions are randomized per student, and you will receive only correct/incorrect feedback. In Problem 1 there may be one question where multiple options must be selected. In all others there is exactly one correct answer.

In Problem 2, each student is assigned at least one correct option, usually more. Problem 2 is passed when the score is 12 or higher, and the points are shown with a yellow background. Unfortunately, Plussa gives incorrect feedback even for partially correct answers. However, Problem 2 is accepted if the score is 12 or higher. The score itself does not directly indicate whether an individual selection was correct or not. Points begin to accumulate only once more than half of the selections are correct.

Question 1

When you type dir (Windows) or ls (Linux) at the command prompt, your operating system

first asks you to authenticate.

asks which directory listing you want.

checks whether you have permission to view the contents of the files you requested.

processes your input in the command interpreter.

Question 2

When you start your computer, which of the following participates last?

BIOS

TPM

the command interpreter

the bootstrap loader

Question 3

Which of the following is not used to implement inter-process communication on a single machine?

sockets

memory

signals

threads

Question 4

In operating-system threat modeling, several attacks arise from performance-enhancing features in the OS or hardware that systems could function without. Which of the following is not such a feature?

cache

double fetch

extremely dense memory-chip structure

TLB, translation lookaside buffer

speculative execution

Question 5

According to the text, there are four main types of operating systems: those with (1) a single security domain, (2) several domains but with the OS core forming only one, (3) separate domains around most components, and (4) application-specific services on top of a minimal kernel. Into how many of these categories do Linux, Windows, macOS, and Minix fall?

1

2

3

4

Question 6

In the chapter on operating systems—including advanced sections—buffer overflow is not discussed, even though it is a very common topic in software security. What could be the reason?

If a buffer overflow occurs during device use, it must be because an attacker has installed a malicious OS extension; such extensions can cause many other problems, so it was not singled out.

Buffer overflow is just one example of many problems that can arise if the OS does not isolate user processes from each other and from itself using the kinds of security mechanisms discussed.

The operating system operates at a lower level than the software affected by buffer overflows.

Buffer overflow is such an obvious vulnerability that an OS could not function if its own code contained one; the OS would crash already during basic testing.

Question 7

Below is a condensed list of fundamental OS security procedures mentioned in the text. Which four (three are sufficient to pass) rely least on hardware support? All of them naturally read from or write to hardware, but select those whose implementation is always software-based and does not require special hardware features.

user authentication

access control

data wiping

memory protection

protection rings

event logging

operating-system administration

embedded systems and IoT devices.

Question 8

Access control can be implemented using different models—DAC, RBAC, MAC, etc. Regardless of the model, the overall process ensures that the right and only the right subjects gain access to a data resource for the right purposes, while access control (AC) itself is merely the decision step: allow or deny. Interpreting AC in this way as a small phase, what is the correct order of the overall process? Here, separation mechanisms refer to everything that the OS isolation function has been described to include. Note that before all this, each object must be uniquely named.

authentication – identification – AC – separation mechanisms – granting of rights

authentication – identification – separation mechanisms – AC – granting of rights

identification – AC – separation mechanisms – authentication – granting of rights

identification – separation mechanisms – authentication – AC – granting of rights

granting of rights – identification – authentication – AC – separation mechanisms

granting of rights – identification – authentication – separation mechanisms – AC

AC – granting of rights – authentication – identification – separation mechanisms

granting of rights – authentication – identification – separation mechanisms – AC

Question 9

According to the 2019 version of the German IT baseline protection standard, a database system must meet the following primary requirements (in addition to standard and possible special requirements). This is also quite a good list for operating systems. Which item does not translate naturally to operating systems? (You do not need to read the advanced database section or the archived standard.)

Based on the organization’s overall information-security policy, requirements describing secure database operation must be defined.

Installation must be performed only from a trusted source with the latest patches.

Before deployment, the system must be hardened.

New databases may be created in the system only under controlled conditions.

Organizational user management and access-control practices must be applied to system users.

Passwords must conform to organizational policy, with special attention to administrator and service accounts.

Security updates must be installed promptly, but only after backup and testing in a staging system.

Event logs must be stored securely and sufficiently extensively, taking into account applications using the database.

Backups must be performed regularly.

Basic concepts in operating systems include the security domain, hypervisor, reference monitor, and kernel. Select the correct statements.

Question 1

Security domains can be used in both hypervisors and operating systems.

An operating system is a special case of a hypervisor.

An operating system is a special case of a reference monitor.

The reference monitor is one of the core functions of a secure operating system.

The kernel is a security domain.

It is natural for all code of a general-purpose OS to run in a single security domain.

The kernel is part of the operating system.

A hypervisor is used in the case of virtual machines.

A security domain has no kernel, nor does a reference monitor.

A hypervisor may have a kernel.

Cross-domain references are subject to checks by the reference monitor.

If both an operating system and an underlying hypervisor are present, they share a kernel.

Another term for a hypervisor is a virtual machine reference monitor.

Posting submission...