Você está na página 1de 8

Reference Article

1st published in May 2015


doi: 10.1049/etr.2014.0035
ISSN 2056-4007
www.ietdl.org

Operating System Security


Paul Hopkins Cyber Security Practice, CGI, UK

Abstract
This article focuses on the security of the operating system, a fundamental component of ICT that enables many
different applications to be used in a variety of computing hardware. While, the original operating systems for
large centralised computing focused their security efforts primarily on separating users, operating systems secur-
ity has had to adapt to cater for a wider range of technology, such as desktop computers, smartphones and
cloud platforms, and the different threats that have evolved as a consequence. This article examines some of
the core security mechanisms that every operating system needs and the gradual evolution towards offering
a more secure platform.

Introduction: What is the Operating take advantage of increases in speed and performance
System? of hardware and communications. The changes either
All too frequently the words operating system conjure enable new functionality and applications or adapt to
up thoughts of Microsoft Windows made popular as optimise the performance of certain hardware, such as
an operating system that enabled desktop computing. in the case of telecommunications routers and
However, there have been, and still continue to be a switches that can have additional networking func-
large number of operating system types and versions tions integrated into their operating system. So while
in operation [1] for all sorts of devices. These devices the UNIX and Microsoft Windows family of operating
range from those designed to work with mobile systems have dominated the server and desktop envir-
phones, tablets and games consoles of the consumer onment of the past 20 years, the security problems
world, through to the servers/laptops, network found, and subsequent solutions to these problems,
routers and switches of the IT industry, as well as em- have also found their way into a variety of operating
bedded devices and industrial controllers from indus- systems for other hardware environments; ranging
trial engineering. [Dependent upon the hardware from mobile phones (e.g. Apple iOS, Android,
architecture, the operating systems can be significantly Symbian), to embedded devices (e.g. WindowsCE,
different to the fuller versions that this paper uses to Integrity RTOS), to networking products (e.g. Cisco
illustrate the key security mechanisms.] IOS, JunOS) [This article focuses on the most popular
operating systems found in the IT industry. A collec-
In essence, the purpose of the operating system is to tion of known operating systems can be found at ref-
provide a layer above the hardware execution environ- erence [1]].
ment, abstracting away low level details, such that it
appropriately shares and enables access to the mul- Changing Threats
tiple hardware components, such as processors, Having evolved from running on shared stand-alone
memory, USB devices, network cards, monitors and computers to being highly optimised and networked
keyboards. It thus provides an environment in which computers it’s not surprising that operating systems
multiple applications (ranging from advanced have had to evolve their security to mitigate different
weather forecasting through to word processors, threats.
games and industrial control processes) can all be po-
tentially executed and accessed by multiple users. 30+ years ago, the shared stand-alone mainframes used
by large organisations and universities faced threats
Operating systems have a history and timeline dating from (predominately internal) users accessing data and
back to the development of the first computers in computing ‘time’ that they were not entitled to.
the early 50s, given that the users, then also needed
a way to execute their applications or programs. 20+ years ago, the range of applications and network
Since that time operating systems have adapted to connectivity that operating systems had to support

Eng. Technol. Ref., pp. 1–8 1


doi: 10.1049/etr.2014.0035 & The Institution of Engineering and Technology 2015
IET Engineering & Technology Reference Paul Hopkins

increased significantly. With increasing connectivity due to its ubiquity and market dominance, found
threats arose around the exchange of malicious files itself opened up to a multitude of network based
or network access to data by both internally connected attacks as organisations moved many services and
users as well as an increasing community of curious ex- communications online using its operating system.
ternal individuals and groups of less altruistic ‘hackers’. The consequence of opening up this ‘network
surface’ of the operating system to the internet was
10+ years ago, the operating system was integrated that the type and range of vulnerabilities (ranging
into and became dependent upon the networks of from buffer overflows to denial of service) being dis-
often globally connected organisations. This integra- covered and exploited rapidly increased. That’s not
tion and dependence brought about attention and to say other popular operating systems, such as
threats from serious criminals and activists who used UNIX did not find themselves similarly attacked and
the computing resources and network reach of the exploited [3]. However, Microsoft found itself having
Internet to not only attack an increasing number of to significantly enhance the software development
online applications for confidential data, but also to and assurance process by which it secured its operat-
deny access to online services and applications. ing systems (and other software) [2].

Today, the potential threats that operating systems Similarly, operating systems rely on and also provide
have to protect against have been extended still for increasing connectivity to not just networks but
further. also multiple peripherals either externally connected
through interfaces, such as USB or with integral
† Miniaturisation has meant that the physical theft of devices, such as graphics card. The software necessary
small scale devices, such as smartphones/tablets (now to interface these devices (e.g. device drivers) network
containing potentially large quantities of sensitive data and peripheral devices may also operate in a privileged
or as access tokens for online and physical services) mode within the operating system, potentially acces-
needs to mitigated. sing system resources, such as processor memory dir-
† Increased availability of wireless networks has ectly. For example, vulnerabilities within the USB
required devices to be ‘always connected’ to a device drivers within Linux [4] and Windows [5] have
variety of public networks and other devices, thus in- been found to enable an attacker to gain full control
creasing the number of types and potential network of the operating system, when armed with a
attacks against the platform. ‘crafted’ USB device. While USB driver software
† Operating systems (from different organisations) are tends to be an integral part of the operating system
increasingly deployed onto shared public computation software, other software drivers for graphic and
and storage resources in cloud data centres, which network devices are developed by the hardware
brings with it concerns about protecting the data manufacturer themselves, thus creating a challenge
and availability of these services from attacks against when integrating and ‘assuring’ that this software is
the collocated operating systems and its hosting free of similar vulnerabilities.
platform.
† Increasingly, highly capable and advanced threats Over time, operating systems have also increased their
from governments and organised crime have functionality to take advantage of the high network
become a concern of many organisations. With oper- connectivity and performance increases in hardware,
ating systems having to develop mitigations (alongside which has in itself bought about some challenges.
other security controls) for advanced malware and the Firstly, this has meant that the operating systems
potential interception of communications between have significantly increased in size and complexity.
platforms and cloud data centres. Hence examining the operating system software for
vulnerabilities and security issues has become difficult
Why is it Hard to Secure? and expensive (e.g. Windows XP has an estimated
It’s not surprising given this evolving threat landscape code base of 50 million lines of source code).
that operating systems have had to change their se- Increases in complexity have also meant re-use of
curity models, and also not surprising that they have code and with it the propagation of vulnerabilities
had significant challenges in responding. from one so believed trusted code base to another.
A classic and a relatively recent example of this is
One of the most significant changes was experienced the discovery of a previously known vulnerability in
10+ years ago when Microsoft Windows [2], which Linux, that allowed, a ‘local’ user to escalate privileges

2 Eng. Technol. Ref., pp. 1–8


& The Institution of Engineering and Technology 2015 doi: 10.1049/etr.2014.0035
IET Engineering & Technology Reference Operating System Security

(beyond their restricted user privileges to system privi- Similarly, the open source and academic communities
leges) also replicated within Android [6], with the have focused on developing either specific security
re-use of that code base. Secondly, the operating features/extensions for an operating system or on
system is expected to provide a rich environment for developing a full secure operating system. While the
users where the user has control over the applications more well-known initiatives, such as TrustedBSD [9]
running within the operating system (e.g. just look at provide the full functionality needed of a desktop or
the multiple applications enabled for a desktop or server environment, others, such as seL4 [10] are
smartphone to realise that users like personal choice highly assured minimal operating systems (microker-
and rich functionality). Hence the operating system nels) that have been developed for mobile and em-
has had to increasingly protect itself, its resources bedded devices.
and all users from weaknesses (or malicious intent)
in the applications that users want to use. While the approach and focus of these different com-
munities have been different, the central goals for a
secure operating system have always been fairly
How are They Being Secured? consistent:
So while there have been many security issues in oper-
ating systems, there have also been a number of † Ensuring that the operating system can enforce the
attempts to design, build and just generally strengthen separation of users and access to resources, such as
an operating system’s security over the years. In add- files, memory, I/O and processes through a defined
ition to funding and developing operating systems, policy.
such as SELinux (which was made open source by † Ensuring that execution is through a trusted execu-
NSA in 2000), governments have also attempted to tion path, which is free from vulnerabilities and flaws
provide standards and incentives for operating that would reduce the effectiveness of that separation.
systems, with evaluation schemes, such as TCSEC
[Trusted Computer System Evaluation Criteria However, as operating systems have developed for
(TCSEC).] and the Common Criteria [7] scheme. mobile and embedded devices, it has become neces-
sary to mitigate for other threats, such as securing
In the 1980s the US government developed the TCSEC the data on the device in the event of theft or loss,
scheme with the aim of evaluating the trustworthiness or validating that the software has not been tampered
of commercially available operating systems (applica- given physical access to the device. The following
tions and networking products are also evaluated) diagram (Fig. 1) and sections outline some of the key
and evaluated a number of operating systems security features and how they mitigate the threats.
against that scheme. Overtaking and extending this
scheme in the 1990s a number of governments (UK, Key Security Features
Canada, France, Germany and the Netherlands) devel-
oped the Common Criteria scheme, with a wider Access control
variety and type of operating systems, such as At the centre of all operating system security is the
Windows, HP-UX, AIX, Linux [8], evaluated against ability to enforce control over access to system
the more flexible ‘protection profiles’ that defined resources and information, either to mitigate malicious
the threats and thus security goals of the operating actions or accidental damage by users. While control-
system under evaluation. ling access to confidential patient or financial files
from multiple users on a shared system may seem
The industry has also both developed dedicated high like an obvious security feature, just as important is
security operating systems (often aimed at the govern- the need to prevent the inadvertent download of
ment market and thus had their products put through malware from within a browser from executing and
evaluation schemes) and also felt the need to improve installing unwanted spying software; as is the need
its security, generally in response to increasing security to prevent a badly implemented application access-
threats and vulnerabilities discovery [2]. As previously ing other users’ private data held within the
highlighted, Microsoft, for example, needed to memory as demonstrated recently by the Heartbleed
rapidly re-engineer its security and assurance approach vulnerability [11].
for its Window operating systems to take account of
the emerging security threats facing its products and Access control lies at the heart of many operating
the growing complexity and size of the code. systems, ensuring that legitimate users and processes

Eng. Technol. Ref., pp. 1–8 3


doi: 10.1049/etr.2014.0035 & The Institution of Engineering and Technology 2015
IET Engineering & Technology Reference Paul Hopkins

they have a trusted mechanism for deciding and en-


forcing the rights of the requesting process/user with
the designated rights of the object (e.g. file), a capabil-
ity often referred to as the reference monitor.
Secondly, that enforcement capability needs to be
free from tampering, modification and vulnerabilities,
a concept often referred to within the operating
system as the Trusted Computing Base. Finally, the
path by which that enforcement happens also needs
to also be trusted, such that there can be no oppor-
tunity for malicious processes or users to interrupt
that execution path, a concept known as the trusted
path.

In reality, there are few operating systems that imple-


Fig. 1 Key threats and operating system security controls ment these capabilities and concepts perfectly, al-
though a number of the capabilities can be seen in
many. For example, Microsoft Windows contains a se-
are only allowed to access the resources that they are curity reference monitor that mediates the requests for
entitled to do so. Unfortunately, it’s not necessarily as access to resources or files (including generating audit
simple as it may seem, as the examples above illus- messages based on the operations attempted). In add-
trate. It is not just access by users to files we need ition, it also provides a trusted and prioritised execu-
to worry about, but also the need to control the tion path for the console logon (ctrl-alt-del) such
access by processes or machines to resources that that other installed applications (including malware)
includes not just data files, but memory, peripherals, cannot intercept the password and user credentials.
networks and so on. Similarly a number of UNIX versions, such as SELinux
or TrustedBSD [9] have added support for a reference
Access is also a term that can be used to describe quite monitor as well as the capability for Mandatory Access
a number of operations; at the simplest it could be the Control (MAC). In the majority of our description so
ability to write to, read from or execute a file. This is far, and probably in the experience of many readers,
the case within many commercial UNIX systems most ‘files’ are under the ownership of the user who
where ‘files’ represent all resources, such as memory, can grant or deny access to others a scheme known
I/O and network connections. However, in other oper- as Discretionary Access Control. By contrast for many
ating systems (such as Microsoft Windows) the access secure operating systems and those implementing a
operations are richer and include the capability to reference monitor it’s necessary to protect the files
‘delete’ or ‘take ownership’ of a data type (rather for a variety of other reasons, such as policy, using
than just a file type), for example. MAC. For example, the integrity of the files could be
critical in which case modification of files needs to
The fact that we need to store a range of permitted be avoided to stop them either being corrupted or
operations with a large number of users and with misused by malware or a careless user. Similarly, on
access to a large number resources, can cause prac- some systems despite a user being granted access to
tical difficulties (having to store and check each time a file by another user (perhaps sharing the latest clas-
an individual user needs to access a particular resource sified intelligence) because that user does not have the
that they have permission to). Hence a popular strat- necessary ‘security clearance’ and therefore privileges
egy is to either group users into groups (with to view files of that sensitivity, an access policy needs
defined group access permissions) or to store individ- to enforce that denial until such time as their clearance
ual lists of users and access permissions for each is enhanced or the file sensitivity is downgraded.
resource.
Building on the TrustedBSD [9] MAC framework the
However, the principles that operating systems need Apple iOS [12, 13] operating system has embedded
to achieve in order to control access securely are the capability to limit the access to objects within its
well known (even if the practical implementation is operating systems against a couple of policies for en-
more challenging). Firstly, they need to ensure that suring file integrity and also process (or application)

4 Eng. Technol. Ref., pp. 1–8


& The Institution of Engineering and Technology 2015 doi: 10.1049/etr.2014.0035
IET Engineering & Technology Reference Operating System Security

control. In the latter case, applications can only access attempted to track the time before which an un-
other system resources for which they have been patched operating system directly connected to the
enabled. Thus, for example, if they are not allowed Internet, is compromised. Varying from ∼20 min in
to access the Internet then this is enforced by the op- 2003, through to 4 min in 2008 and back to 40+
erating system, irrespective of the running application min in 2012, the statistics mirror the addition of pro-
requests. tection to the network and operating systems security
rather than a change in threat levels.
Network protection
Today, many operating systems are deployed in highly Similarly, operating systems have also increased their
networked environments, with communications es- support over time for more secure protocols (e.g.
sential for most users to access applications, data IPSEC, TLS/SSL and WPA2) to enable trusted connec-
and communicate with each other. In the early devel- tions either to organisational networks remotely
opment of operating systems just as the files were across the internet or direct to other individual
believed to be trustworthy from users, so too were systems and networks using encryption and mutual
the networks to which they were connected often authentication based upon Public Key Cryptography
connecting organisations on trusted or in-house net- (PKI). That mutual authentication often needs to be
works, rather than the highly mobile devices now con- used to help identify the operating system itself and
necting over untrusted and public networks, such as its general security health (e.g. that it has not been
the Internet. Hence operating systems have had to compromised and will not help propagate malware
adapt to embed a number of security features into or a worm) before it is given access to a corporate
their systems to mitigate this including network en- network, a scheme known as Network Access
cryption, firewalls and network access protection. Protection.

The connectivity of operating systems to the Malware protection


Internet also signalled the start of a rapid increase in Malware has become an increasing issue for operating
reported vulnerabilities with many Internet facing ser- systems to deal with as users need and want to access
vices for UNIX and Windows Systems found to have and exchange files and applications through a variety
either vulnerability in the services themselves or funda- of means, such as web portals, messaging/chat
mental flaws in the protocols used by the operating systems and social media. Indeed, many of the
systems to move data around. In the former case, un- recent cyber security attacks have been as a conse-
expected or malformed messages are used to overflow quence of the receipt of a malicious file from a web
the memory and execute malicious instructions, as site or email rather than direct attack via the network.
used by the Slammer worm [14] or simply access sen-
sitive memory and return it to an attacker, as was the This leaves the platform designers with a conundrum.
case in the recent high profile Heartbleed [11] vulner- How to secure the platform against the potential ma-
ability. In the latter case, vulnerabilities were found in licious execution of applications, yet also provide an
the implementation of network protocols themselves, open environment for legitimate execution of applica-
such as in the classic TCP SYN flood attack [15] tions? As a consequence a number of strategies have
example, where constant requests to open a been adopted.
network connection on a system from an attacker
without them subsequently closing that connection Application Verification and Control: An important
caused the operating systems to consume too many principle in ensuring security in most operating
resources and stop communicating. systems is that of maintaining the user’s privileges to
run and access resources as being very distinct and
As a consequence of these threats many operating separate from that of the administrator as this limits
systems have built firewalls into their operating the potential damage a malware can do to the core
systems to reduce the ability of attackers to access net- operating system code and other users or application
works services and applications that they should not. data.
As well as limit the number of external connections
that can be made to only those that are trusted, espe- Whereas most operating systems have historically
cially important with many operating systems outside identified the code that was acceptable to be executed
of an organisational network and directly on the based purely upon the user identity or the group that
Internet. The Internet Storm Centre [16] has they belonged to, operating systems (such as Apple

Eng. Technol. Ref., pp. 1–8 5


doi: 10.1049/etr.2014.0035 & The Institution of Engineering and Technology 2015
IET Engineering & Technology Reference Paul Hopkins

iOS and Microsoft Windows) use methods that check and executing a number of operating systems on one
that the code within the application has not been platform.) Although this approach does not protect
modified and is from a trusted source. This is done other applications in the same operating system, it
by checking that the ‘hash’ (or fingerprint) of the ap- does protect applications in other operating systems
plication (that is about to be executed) matches the on the same hardware. Alternatively, some particular
cryptographically signed hash that is extracted from vulnerable applications, such as the browser may
a certificate (from a trusted authority) accompanying themselves have sandbox protection (e.g. Google
the application. For example, Apple iOS implements Chrome) built into them and therefore tries to limit
this mechanism, by enforcing all applications the ability of code to execute on the operating
through the app store. These are signed by Apple system. Or lastly, as is the case in operating systems,
after being checked, although there is anecdotal evi- such as Apple iOS/OSX and Android [17], an
dence that the checking is not always that specific application is constrained to a single process space
from a security perspective. and it is executed within its own context. Access to
shared system resources (ranging from file systems to
Similarly, operating systems have extended the mechan- cameras and GPS receivers) are defined and need to
ism by which they assess and control the execution of be accepted by users prior to installation and
files so that other attributes, such as its location in the execution and controlled and logged by the operating
file system; its version number date or type and so on system.
all can be combined with the user or group identity to
decide on the access permission. An example of which Application Execution
can be found in Microsoft Windows with Applocker. Attackers have exploited (and will probably continue
to exploit) applications through the user supplied
Even though an application may be permitted to input. One of the most common and oldest form of
execute, sometimes the application (and the process attacks has been the ‘buffer overrun’ where the user
that executes it) may become compromised. For supplied input goes unchecked and ends up writing
example, the browser or mail reader starts executing directly to the operating systems and applications
malware from the downloaded content. For this memory that is normally used to store the application
reason operating systems (such as Apple iOS/OSX) execution code, temporary and global data. Instead an
have used cryptographic mechanisms (PKI certificates) attacker supplies sufficient data to take control of the
to protect the rest of the operating system using two application execution (by manipulating the stack
methods. Firstly, by protecting the list of capabilities pointer) and execute within the application context
that an application may require (such as network, the data and code they have written to the memory
GPS) so that the operating system knows that no add- rather than continue to execute the application. In
itional capabilities have been requested since it started order to mitigate this attack, a number of platforms
running (e.g. some malware may attempt to turn on and operating systems, such as Windows XP
the microphone and camera). Secondly, by using the onwards, Apple iOS, Android, SELinux, all mark the
code signing mechanism, the signed application application data as non-executable so that even if
code is checked by the operating system as the the attacker manages to write data to the memory
process is loaded into memory for execution to they will struggle to execute that data.
ensure that it has not been compromised or hijacked
during its general execution. To mitigate the non-execution of the overwritten data
or where the space available is too small to contain all
Application Separation: Sandboxing: Sandboxing is of the malicious instructions attackers attempt to use
a popular method of ensuring that an application’s another technique ‘return to-lib-c/return orientated
functionality is contained and thus limits the ability of programming’. In this case, they attempt to use
the application either to access other applications already pre-loaded and existing libraries and code of
running at the same time or their memory, I/O and the operating system, which they reference in a se-
network interfaces/resources, by providing a form of quence to try to execute their desired functions. To
isolation. There are a number of different approaches mitigate this attack, a number of operating systems
to this, firstly the whole operating system can be have also adopted the technique of address space
virtualised and run on a hypervisor. (A hypervisor layout randomisation. By randomising the memory
abstracts the hardware environment for a platform, locations in which they load executable code and li-
and provides a method or container for separating out braries the ability of an attacker to readily guess and

6 Eng. Technol. Ref., pp. 1–8


& The Institution of Engineering and Technology 2015 doi: 10.1049/etr.2014.0035
IET Engineering & Technology Reference Operating System Security

access the predictable software codes they need is sig- within their core, very often organisations (and indivi-
nificantly reduced. duals given the increase in products, such as smart-
phones) need to configure them to adapt to their
Physical Theft business and personal requirements. If the security is
With widespread Internet connectivity and a prolifer- to be maintained and balanced with the usability of
ation of mobile and smart devices, operating system the devices, then an understanding of the options
security has had to turn its attention to the simplest needs to be available to make those compromises.
and oldest of threats, that of theft and physical
access to the device. Operating systems now have Just as the threat landscape to operating systems has
the capacity to access online services and store changed, so too has the environment for guidance
locally on the devices increasing volumes of informa- for secure configuration and deployment of these
tion, such that access to the device could provide platforms, with an increase in guidance and tools
access to significant online resources and local data. (albeit primarily for an organisation and its IT opera-
This was a significant departure from the original plat- tions rather than the end user).
forms of 20 years ago that would have required a
crane to take the systems from the building, yet now Many operating system (and platform) vendors, such
they are in the reach of a pickpocket. as Microsoft Windows, VMware and Cisco etc, have
now produced both ‘hardening’ guides and tools to
Fortunately, many operating systems have developed assist with their secure configuration. Prior to these
protection in two ways. Firstly, they have developed vendors issuing guidance the information gap was
the capability to encrypt individual data files and in filled by independent security associations, such as
some cases data within the memory. This is done in CIS [18] who provide ‘hardening’ guides for multiple
order to protect access to applications and data from platforms based on community feedback. Similarly,
other users and processes during a short period of government agencies (such as the UK CESG and US
physical access to the device (e.g. where a USB stick NSA) have published guidance with ‘hardening’ and
or drive is plugged into the system). Secondly, all of configuration information (and in some instances con-
the data is encrypted on the device and thus protects figuration tools). Although in the latter case, such
against subsequent copying if physically stolen. Both guidance has only recently become more widely avail-
approaches may take advantage of hardware encryp- able to communities other than government, probably
tion facilities that are increasingly built into many pro- as a result of recognising the interdependence of
cessors/chips (as cryptographic operations can be these platforms for much of society rather than a
expensive and power consuming). However, the oper- select few.
ating systems have also taken advantage of the hard-
ware capabilities that are increasingly built into some Overall, this guidance very often focuses ensuring that
computing platforms to also store the cryptographic any configuration maintains the principles and con-
material securely. For instance, Bitlocker within the cepts we have introduced within this article, namely:
Microsoft Windows operating system is designed to
use the Trusted Platform Module, a tamper proof hard- † Least privilege: Restricting users and processes
ware chip to store the encryption key material. Similarly (acting on their behalf) to the minimal privileges ne-
the application processor used by many Apple iOS cessary to execute their operations.
devices will store a unique cryptographic key for each † Separation: Isolating processes, data and users ap-
individual device. The key, embedded during manufac- propriately, so that there is minimal interference pos-
ture into the application processor, is never accessed or sible either maliciously or accidentally.
disclosed, but used in other encryption routines to sign † Minimal: Limiting access to only the essential users
and encrypt other keys and data, and never accessed by and services from a trusted and authenticated source.
the operating system directly. It provides a unique key † Updates: Being able to update software on the dis-
that the operating system can rely on to check that covery of vulnerabilities or configuration weaknesses
its hardware and code have not been tampered with. to maintain security.
† Assurance: Designing and managing subsequent
Operating System Security – Good development (on top of the operating system) using
Implementation Practice secure development methodologies and the security
While for a number of different operating systems the features that the operating systems have embedded
overall trend appears to be one of enhancing security into them.

Eng. Technol. Ref., pp. 1–8 7


doi: 10.1049/etr.2014.0035 & The Institution of Engineering and Technology 2015
IET Engineering & Technology Reference Paul Hopkins

† Audit: Enabling a trusted and secure path to gener- with the user rather than the operator/provider) re-
ate appropriate information log and audit information. search work has also focused on developing access
control mechanisms that allow users to be more ex-
Future Directions for Operating System pressive about the situations when, where and how
and Platform Security they want their information to be accessed, rather
Within this article, we have examined the key security than giving complete rights all of the time to particular
features of operating systems and how they have groups and users.
adapted to changes in technology and the threats
that have emerged. So while it is apparent that
many operating systems are increasingly having the REFERENCES
core security concepts built into their operating [1] List of operating systems: http://www.en.wikipedia.org/wiki/
systems to meet the changing threats, it is also clear List_of_operating_systems, accessed October 2014
that they will continue to have to evolve. [2] At 10-Year Milestone, Microsoft’s Trustworthy Computing
Initiative More Important than Ever, http://www.news.
microsoft.com/2012/01/12/at-10-year-milestone-microsofts-
In particular, operating systems will continue to have
trustworthy-computing-initiative-more-important-than-ever/,
to adapt, to the increasing distribution of functions accessed October 2014
to the cloud, the increasingly rich functionality [3] Sourcefire Vulnerability Research Team (VRTTM): 25 Years of
required within embedded systems/devices, the avail- Vulnerabilities: 1988–2012, Research Report, Yves Younan
ability of hardware for assisting with secure functions [4] Linux Kernel caiaq USB Drivers Buffer Overflow Vulnerability:
or the changes in attitudes to privacy and different https://www.labs.mwrinfosecurity.com/system/assets/153/
original/mwri_caiaq-usb-drivers-buffer-overflow_2011-03-07
threats. .pdf, accessed April 2015
[5] MS13-027 Vulnerabilities in Kernel-Mode Drivers Could
† From a user perspective, the cloud will undoubtedly Allow Elevation of Privilege, https://www.technet.microsoft.
be viewed as an operating platform of the future, with com/library/security/ms13-027, accessed April 2015
dedicated applications or access to sub-operating [6] Linux vendors rush to patch privilege escalation flaw after
systems, all of the key security mechanisms from the root exploits emerge, http://www.computerworld.com/
article/2500325/malware-vulnerabilities/linux-vendors-rush-
federation of authorisation and access control to en-
to-patch-privilege-escalation-flaw-after-root-exploits-em.
cryption of data remains challenging. html, accessed April 2015
† Just as was originally the case with mobile phones [7] Common Criteria: https://www.commoncriteriaportal.org/,
evolving from feature phones to smartphones, the in- accessed October 2014
creasing functionality and connectivity will result in [8] Certified Products: http://www.commoncriteriaportal.org/
embedded systems facing similar challenges to secur- products/, accessed October 2014
[9] The Trusted BSD Project: http://www.trustedbsd.org/docs.
ing their (increasingly functional) operating systems. html, accessed October 2014
Either as consequence of the limited space and [10] seL4 Operating System Kernel Home Page: http://www.sel4.
power constraints, or as consequence of the difficul- systems/, accessed October 2014
ties with integrating real-time safety related opera- [11] Heartbleed Vulnerability: http://www.heartbleed.com/,
tions with security concepts, such as encryption. accessed October 2014
[12] iOS Security: https://www.apple.com/privacy/docs/
† The availability of dedicated hardware for encrypt-
iOS_Security_Guide_Oct_2014.pdf, accessed November
ing data or holding key encryption material has 2014
already had a significant benefit on the security of [13] Miller, C., Blazakis, D., Zovi, D.D., Esser, S., Iozzo, V.,
some platforms, as highlighted earlier. Increasing Weinmann, R.-P.: ‘iOS Hackers Handbook’ (John Wiley &
access to such dedicated hardware or the use of hard- Sons Inc.) ISBN 978-1-118-20412-2
ware virtualisation for process separation and protec- [14] The Spread of the Sapphire/Slammer Worm: http://www.
caida.org/publications/papers/2003/sapphire/, accessed
tion against threats, such as malware will help October 2014
strengthen protection of single device operating [15] TCP SYN Flooding and IP Spoofing Attacks: http://www.cert.
systems, and create a more secure platform. org/historical/advisories/CA-1996-21.cfm, accessed October
† The increasing concerns of an individual’s privacy 2014
and the emergence of powerful security threats from [16] Survival Time: https://www.isc.sans.edu/survivaltime.html,
accessed October 2014
governments appears also to be having an effect on
[17] Android Security Overview: https://www.source.android.
the security features within operating systems. While com/devices/tech/security/, accessed October 2014
some concerns have led to changes in encryption [18] CIS Security Benchmarks: http://www.benchmarks.cisecurity.
methods (such that the master keys always reside org/, accessed October 2014

8 Eng. Technol. Ref., pp. 1–8


& The Institution of Engineering and Technology 2015 doi: 10.1049/etr.2014.0035

Você também pode gostar