Lecture 28 Notes;  June 2, 1997; Notetaker: Eric Rosenthal

Layers of VAX VMM:
 
        User
        Virtual Memory
        ------------------ security perimeter -------------------
        Secure Server /  Virtual Vax
        Kernel Interface
        Virtual Printers
        Volume Manager
        Files - 11 Files
        Audit Trail
        Higher Level Scheduler
        Virtual Space Manager
        Physical Space Manager
        Low Level Scheduler
        Interrupt Handlers
        Microcode
        Hardware
 
How Interrupts are Handled in a Virtual Machine:
 
                                           Control flow during an interrupt:
 
        Process (runs as user)                  ****
                                                   *
        Virtual Machine (runs as supervisor)       *  *************
                                                   *  *
        Kernel (runs as real machine)              ****
 
5 Choices for Programming Language for this system:
 
        1) Bliss - no variable types, all variables are pointers
        2) Pascal
        3) C - weak variable typing
        4) PL1 - Rigorous Type Checking Language
        5) Assembly (Macro-32) - used for some routines.
 
        Code was written in PL1 and Pascal, with some routines in Assembly.
 
 
        Avoid common areas in Kernel, give each terminal its 
        own chunk of memory.
 
        Minimize Sharing to prevent covert channels - cannot
        eliminate, but try to reduce bandwidth.
 
        To avoid buffer overflow problems, put blank pages 
        between kernel sections; writing to pages produces 
        error.
 
Where to put security calls?
 
        Secure Commands: use virtual commands that call Secure
                server.
 
        Secure Server: bypass virtual memory and talk directly 
                to user.
 
Now we are starting Network Security and Network Security Design
 
Threats:
        Snooping
        Modification
        Masquerading
        Replay
        Denial of Service
 
4 important layers (*)
 
        Application
(*)     Presentation -  end to end encryption is done here
        Session
(*)     Transport -     assemble packets, map to host ip.
(*)     Network -       Makes routing decisions
(*)     Datalink -      Can do linkencryption
        Physical
 
General Types of Network Encryption:
 
        Link Encryption - message encrypted only at physical levels;
                deciphered and encrypted at each host.
 
        End To End Encryption - message data encrypted throughout
                whole transport.
 
Transitivity of Trust
 
        Paul trusts Tom, and Tom trusts Matt, implies that
        Paul trusts Matt, but maybe Paul doesn't want to 
        trust Matt.
 
        Matt ---> Tom ---> Paul
           \              /  
            \            /
             ------------     
               (implied)