Lab: OS BootUp in Computer Security

1. Required Reading: BootUp in Computer Security
2. Required Reading and Lab: USBD Multi-Boot Linux

Abstract: This article describes labs based on OS BootUp which discusses how a computer system boots from powering up to user login prompt. Our focus is on what + how things can "go wrong" from a security point of view. This discussion is specific to Linux and Intel x86/x86-64. But similar steps are valid for other computer systems. So that a technique is understood, we often gloss over the details, even if it is at the risk of precision, but not at the level of "whole truth".

Student should be able to

1. Describe how a computer system boots from power-on.
2. Recognize the possibilities for Trojans.
3. Recognize unneeded daemons.
4. Develop a proper secure boot configuration

[This page collects several possible lab tasks. Each semester, we select a subset.]

1. Task: From Legitimate Init to User Login
2. Task: Power On to OS Loader Selection
3. Task: OS Loader to OS Kernel Selection
4. Task: OS Kernel to Process init

Objective: Study the booting sequence ending at login prompt.

1. Freshly reboot into your choice of (HDD installed) Linux. Wait for the GUI to show.
2. Save the output of ps with flags that show all processes with the greatest amount of detail. You will notice several gaps in the process id numbers.
3. Consider process ids in the ranges of 1 to 100, and 900 to 1000. Note the missing pids. Among the missing ids, explain the details of <i>at least five</i> processes from the range 1 to 100 and another five from 900 to 1000 that must have come to life, performed their duties, and terminated.
4. Be aware that the bash shell has many built in commands such as echo that do not cause process creation.
5. Among the currently running processes, identify <i>all</i> the daemon processes, and how and where from they were invoked.
6. The specific names of script files in the current installation of Linux are not necessarily rc.multiuser etc as indicated in the sections above. Find and correct all such names.

1. Describe the bootup details of Knoppix. Focus on how it detects the hardware you have (almost always) correctly.

1. Describe the bootup details of Kali Linux.

1. [Devious.] Suggest how an Alternate OS Loader can be installed and made effective. That is, instead of invoking the OS Boot Loader you thought you installed, another one has taken over.
2. This should not be easy to detect.
3. Nevertheless, Outline how this can be detected.

1. Use your MultiBoot Linux USBD.
2. Install at least two different kernels. Need not be rogue kernels. Make them selectable via the (legitimate) OS Boot Loader (e.g., Grub).
3. On a HDD installed Linux, this happens all the time.

1. Describe how the kernel selects the init program. Doe the kernel log this info somewhere?
2. [Devious.] Plant an alternate, fully functional but rogue, init.
3. Did the kernel know it is invoking an alternate init, possibly a rogue init? How can you discover the rogue init?