4. Privilege Separation

41,984

375 0

Published 2017-03-30

MIT 6.858 Computer Systems Security, Fall 2014
View the complete course: ocw.mit.edu/6-858F14
Instructor: Nickolai Zeldovich

In this lecture, Professor Zeldovich introduces the concept of privilege separation in the context of system security.

License: Creative Commons BY-NC-SA
More information at ocw.mit.edu/terms
More courses at ocw.mit.edu/

All Comments (10)

@veramentegina 4 years ago

fascinating lecture. and i thought i knew unix well. thanks MIT!
@hoopssheaffer 6 years ago

Great lecturer, great content. Thanks MIT
@enkh-uchralganbat6450 1 year ago

trying to grasp the concept here but its difficult.
@w3w3w3 3 years ago

great lecture
@user-bt1fl6uz1o 6 years ago

nice~
@CarlosPerez-ql6nu 2 years ago

Strongest Okay this side of the Missisipodomis river
@IshanJain 5 years ago

I think professor misunderstood something. At 1:09:46, He mentions each okcupid user won't correspond to a linux uid. The linux uid would be basically service id. So, Each of the different services(signup, forget password, etc) will be running under a different user. At 1:10:13, Some student, elaborated the advantages of aforementioned point. i.e. If one service is compromised, attacker can only get access to the service running under that user and everything else will be safe. Db proxy can have seperate instances running corresponding to each of the services that need db running under the same user as that service. At 1:10:42, He went off the tangent and said, Ok cupid probably didn't did that because there will be millions of process for each service and immediately after said, Spawning processes with appropriate user permission dynamically would be costly and perf would take a hit..
@GregDubela 5 years ago

:D
@user-eg9rj8ot7p 3 months ago

It's a good lecture, but it's almost like he didn't want to mention that peripheral devices are a necessary component to a working os.