flat assembler
Message board for the users of flat assembler.

Index > OS Construction > What's the best setup?

Author
Thread Post new topic Reply to topic
Gomer73



Joined: 29 Nov 2003
Posts: 151
Gomer73
Looking to add some protection to my OS as per the virus discusion in the menuet forum.

What in your opinion is the best setup for an OS with two privledge levels?

I want basically all I/O protected so that they would have to use ring 0 code to access any I/O. So that would mean any interupt would do a task switch, plus a task switch upon returing.

In this scenario, I could call routines at the same privledge level no problem, but everytime I switched to the next task it would require a task switch(two if I don't plan it right, 1 task switch to the ring 0 code so that the LDT can be changed, and the next one to jump back to ring 3).

I guess the only way around this would be to allow the interupts to access the ports they need in ring 3. I might do this since it doesn't really open anything for viruses. Just lets them fool around with the interrupt controller which could hang the system, but that is about it.

Any ideas on the best scenario to save task switches? They just use up a whole bunch of clock cycles(I think 300-500 each switch).
Post 29 Jul 2004, 21:32
View user's profile Send private message Reply with quote
ASHLEY4



Joined: 28 Apr 2004
Posts: 376
Location: UK
ASHLEY4
I have the same problem, my os is like a pmode 32bit dos, eg: run in ring 0, so is very vonourable to virus, but i do not want to let go of the speed and freedom,that ring0 give's.
If i added protection like ring3 etc, there would be no need for my os, as it would belike windows,linux,etc.
I am thinking about a 128bit key like the XBOX,which would be give to programmers that are trusted.
Remember that the XBOX is just a pc that run in ring 0,and goes on line, and i have not herd of a XBOX virus yet.

ASHLEY4.
Post 30 Jul 2004, 02:03
View user's profile Send private message Reply with quote
crc



Joined: 21 Jun 2003
Posts: 637
Location: Penndel, PA [USA]
crc
I prefer to just use ring0. It's a lot simpler than switching between rings and worrying about security levels and so on. In my view, the kernel itself should be kept as simple as possible.

If I implement security, it will be limited to checksums and code scanning. I compile from source (Forth) to machine code as apps are needed; so this would work for me. I can have a designated memory area, probably in the first block (1k) of source. This would hold the checksum, and possibly a few byte sequences in the compiled code. The code would be compiled, the checksums compared, then the handful of byte sequences checked. If all passes, the app would be run. Otherwise it would be discarded from memory and a warning could be displayed. A secret key could be embedded as well.

Performance costs would be limited to the first time an app is loaded; once compiled and accepted it remains availible for use at any time.

Personally, I wouldn't worry too much - hobby OSes are unlikely to be targets of virus writers, except for a few 'proof of concept' things. My ideal approach is that of ITS: No security, and no point in cracking the system. I could include a virus block if I wanted, and I already have a word called 'crash-system' that causes the system to crash. There's not much fun in cracking a system that is totally open anyway!

_________________
Charles Childers, Programmer
Post 30 Jul 2004, 12:00
View user's profile Send private message Visit poster's website Reply with quote
Gomer73



Joined: 29 Nov 2003
Posts: 151
Gomer73
The kernel actually stays the same simplicity. The setup is more complicated, but any programming from there on is at the same level of simplicity.

It just takes more time when you change privledge levels. It also uses up more memory.

The XBOX thing wouldn't get a virus because I am assuming that most of the OS is in ROM? Don't know. But anything you put into it comes in on non-recordable media. It wouldn't make sense for a company to sell you a virus. Plus I think the virus would be gone after a reboot.

I was in the same line of thinking as CRC, no security so why write a virus for it, then SPTH wrote a virus for MenuetOS. It goes to show people will be malicious for no reason.


Anyways, so far as I can see it I think the most efficient scenario I can think of is as follows:

GDT holds two entries for each Task(one for LDT, one for TSS)
LDT for each task holds a seperate code segment for each dll, one segment for data, and additional segments for any dynamic allocated data. All DLL's become part of this task, so all data for them is located in the generic data segment.

Any I/O access routines require to be run at ring 0 with a call gate.

Co-operative multi-tasking, so when it is done it's routine, it calls a task gate which will jump to the next task to execute or a scheduler system task if no jobs left to do.

Didn't know how else to keep data seperate. With the flat model, all data and code is open for writing by any other program.

This way for all graphics stuff I don't have to do any ring jumps. Only for hardware interupts, disk access, memory allocation/deallocation, and task switches. Keyboard and mouse info could be set to read-only, so programs can access the data but not change it.

At least with this scenario I can avoid paging. Otherwise I would probably have one code segment and one data segment and meld everything together.
Post 30 Jul 2004, 18:46
View user's profile Send private message Reply with quote
crc



Joined: 21 Jun 2003
Posts: 637
Location: Penndel, PA [USA]
crc
Quote:
I was in the same line of thinking as CRC, no security so why write a virus for it, then SPTH wrote a virus for MenuetOS. It goes to show people will be malicious for no reason.


The virus that SPTH wrote was a proof of concept. It was not malicious Smile
Post 31 Jul 2004, 01:10
View user's profile Send private message Visit poster's website Reply with quote
Gomer73



Joined: 29 Nov 2003
Posts: 151
Gomer73
Yep, I understand what SPTH did was not malicious. It really has no way of spreading or starting the infection. What I am getting at is if somebody would come up with a non-malicious virus, it won't be too long until somebody comes up with a malicious one(it is not a far leap).

I know as a system administrator see the latest e-mail virus and how much it affects a business, you just shake your head and say why. The Microsoft viruses that your computer gets splattered with when connected directly to the internet is ridiculous. I was installing Windows 2000 and before it even finished installing it had a virus put on there from the internet.

Virus designers do it because they can. They can cause a whole lot of grief. Sure hobby OS's will be smaller targets, but the more popular an OS is, the bigger the target. If SPTH started thinking of a virus what would stop somebody with malicious intent from creating a virus? It probably won't be too far off.

For my OS, I want it to be pratical. I want it to basically replace my existing OS's for most things. I want a nice fast, easy, and powerful programming language. I want it configured so that you can have as little or as much loaded as you want. Microsoft seems to slow down the more programs you add(at boot-up) even if you aren't running them. Linux just seems to be massive in the things it needs to run relatively simple programs. At the same time I want to let others use it if it can be of benefit to them. This would be beneficial for them and for me if they add their programming knowledge to the OS. That being the case, my OS would be the target of viruses.

My new modified structure is as follows:

The whole operating system will run in one task. It doesn't really take that much longer to do task switches, but I can't see the reason to waste the additional memory for each task. Can't see there being an issue having all I/O stuff happening in ring 0. The printer ports probably don't need this, but they aren't exactly high speed devices, so might as well.

Each "program" will have it's own LDT. So basically you can have about 8000 programs running.

DS, ES, and SS will be set to the same segment. FS and GS won't be used.

CS will hop between the different dll's for each program. A dll will only need to be loaded once, and then every "program" can use it.

Don't have any idea about how many clock cycles are wasted with paging, but decided not to use it because it wastes memory(everything has to be 4K aligned plus the tables take up some memory).

Most call statements will use near calls within the current DLL and a far call for ring 3 dll's. Ring 0 calls will use a call gate which will then determine if that program has the rights to execute that function.

Unfortunately it still looks like dynamically located data will still be in a seperate segment, can't figure out how to do this differently.

I think I can probably put the language specific text in with the rest of the data. I just need to make sure that the stack segment can hold enough data for the biggest language. Still pondering over this since the asian languages can be 3 times the size of english, so it might be better to put it in a seperate segment.

Task switches would occur by basically calling a ring 0 function which changes the LDT.

The only other thing would be global data. Probably I will have one segment in the GDT that holds all the global data. This would be stuff like mouse position. This would be read-only.

This version isn't much more complicated than my current version, yet it would provide almost bullet proof protection. I had to make a few compromises. I gave up a little speed to save memory: I could use near calls for everything, but then multiple copies of the same dll would be loaded. Ultimately the flat model is the fastest, but I don't think I have slowed down my os too much and yet it has some pretty good protection that can be implemented. This configuration is both faster and uses less memory than if I used paging.

As a side note, for my memory allocation I will be using variable size blocks similar to dos. Both MenuetOS and SolarOS use 4k blocks so far as I know. I went this way to minimize memory wastage; both in the wasted space for the remander of the block, and for the bitmap memory allocation table. Now that I am using segments, it will be really easy to defragment memory when it becomes necessary.

Sometimes I just need to write things down to figure them out. Thank-you for providing this forum for me to do so.

...Gomer73
Post 31 Jul 2004, 07:46
View user's profile Send private message Reply with quote
ASHLEY4



Joined: 28 Apr 2004
Posts: 376
Location: UK
ASHLEY4
Gomer73 & crc, The best protection from virus, is what you both are doing, make different OS.
It like in humans, it's that we are slightly different that stops us dieing out from a virus.
If there were say 100's of slightly different OS, that were connected to the internet, then it could not be brought down by one virus and most beginner programmer's would stop making virus and start making programs that take skill, like a hobby OS, then there would be 1000's of slightly different OS .
\\\\|////
(@@)
ASHLEY4.
Post 31 Jul 2004, 13:20
View user's profile Send private message Reply with quote
pelaillo
Missing in inaction


Joined: 19 Jun 2003
Posts: 878
Location: Colombia
pelaillo
ASHLEY4 wrote:
Gomer73 & crc, The best protection from virus, is what you both are doing, make different OS.


100% agree.

If you remember the infamous 'loveletter' virus was a plain ascii text file and many people have claimed zillions of $$ in losses. The big question is:
Who's more guilty?
1. the virus-writer (the only who've paid)
2. the negligence of VBScript-interpreter programmers?
3. Outlook's security holes??
4. People that massively continue using buggy software???
Post 31 Jul 2004, 17:38
View user's profile Send private message Yahoo Messenger Reply with quote
Geek



Joined: 01 Jun 2005
Posts: 26
Geek
I also aggree.

It is similer to the problem of hardware compatabuility.
if each OS is slightly diffrent like diffrent pieces of HW then
a virus would have to be designed to work on only one computer.

This could be implemented by a simple genetic algorithm, designed to
look at security breaches and successfull system protection and adapt.

The systems could use standerd interfaces to comunicate with other OSes, but, because each OS adapted diffrently to its own environment, by relocating system resources, and following the guidlines of the administrator the system could be protected from much harm.

_________________
Death is not the opposite of life, rather, it is the absence of it.
Post 16 Jun 2005, 20:30
View user's profile Send private message Reply with quote
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u
I wrote this originally (i was called "ASHLEY4" then ) and i still think its the best protection, there is Wink .
Post 17 Jun 2005, 19:22
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.