Escolar Documentos
Profissional Documentos
Cultura Documentos
Computer Security
Trusted Operating Systems
Operating System
Primary security provider
Providing other services
Targeted for attacks
Trusted Operating System
Services
◦ Memory protection
◦ File protection
◦ General object access control
◦ User authentication
Consistent
Effective
Trusted Program
Functional correctness
Enforcement of integrity
Limited privilege
Appropriate confidence level
Security Policies
Statement of the security which provided by
the system
A plan
◦ What is to be secured
◦ Why
◦ How
Military Security Policy
Each piece of information is ranked
Hierarchy of Sensitivities.
Military Security Policy
Need-to-know rule
◦ Limit access
◦ Based on performing job
◦ classified information are associated with
compartments
Trusted Operating System Design
Good design principles
◦ Least privilege
User , Program
◦ Economy of mechanism
Design of the protection should be small, simple
◦ Open design
Potential attackers
◦ Complete mediation
Permission based. (default condition for denial of access)
◦ Separation of privilege
More than one condition
Authentication plus a cryptographic key
Trusted Operating System Design
Good design principles
◦ Least common mechanism
physical or logical separation reduce the risk from
sharing
◦ Ease of use
Features of Ordinary OS
Features of Protected OS
Memory is separated by user
User, and data and program libraries have
controlled
Features of Ordinary OS
User authentication
◦ Identify each user
◦ password comparison.
Memory protection.
◦ User's program run in portion of protected memory
File and I/O device access control
◦ Protect user and system files
Allocation access control to general objects
Enforced sharing
Guaranteed fair service
Features of Ordinary OS
Interposes communication and synchronization
Protected operating system protection data
Features of Protected OS
Identification and Authentication
Trusted Path
Setting a password
Changing access permissions
Trusted communication
Features of Protected OS
Accountability and Audit
◦ maintaining a log of security-relevant events
Audit Log Reduction
Intrusion Detection
◦Isolating security mechanisms both from the rest of the operating system
and from the user space
◦protect security mechanisms
Unity
◦Changes to the security mechanisms are easier to make and easier to test
Compactness
◦Performs only security functions, Small component
Verifiability
◦Relatively small
◦Analyzable
Kernelized Design
Adds yet another layer of interface
Degrade system performance
Kernelized Design
Reference monitor
◦ Controls accesses to objects
◦ Tamperproof - impossible to disable
◦ Unbypassable
◦ Analyzable - small enough to analysis and testing
Trusted Computing Base
Everything in the trusted operating system
necessary to enforce the security policy
◦ HW,SW
Modular operating systems
◦ Security activities
◦ Other functions
◦ Gathering all security function to TCB destroy
modularity
Security-related activities are performed in
different places
Trusted Computing Base
Trusted Computing Base
Virtualization
OS simulate collection of computer resources
Virtual machine