Académique Documents
Professionnel Documents
Culture Documents
Evaluation
Jihong Song, Guiying Hu,QuanSheng Xu
School of Information Science and Engineering
Shenyang University of Technology, SUT
Shenyang, China
hgy_0429@126.com, stuky_2005@126.com
AbstractIn todays information society, the information
security is more and more regarded. It is mainly divided into five
parts: physical security, network security, host security,
application security and data security. Among them, the host
security is in the first floor of the whole information system.
However, the host security depended on operating system (OS)
security necessarily. It is obvious that the OS security is the
essential precondition and foundation of the whole computer
information system security. In this article, firstly, it discussed
the importance of the OS security; secondly, it further
introduced the OS security mechanism, security demand,
security policy and security model; finally, it discussed the host
vulnerability evaluation, and put forward the function that a
testing all-around host evaluation tool ought to carry out.
Keywords-host security; OS security; host vulnerability evaluation
. INTRODUCTION
At present, information systems are more and more
important in this informational society, whether they are
secure or not much more relate to our nations polity, military
affairs, economy and civilization, etc. However, OS security is
the most elementary factor for the information system security.
Any security vulnerabilities of OS must result in the host
security or even the whole information systems
vulnerabilities. Therefore, the most important thing to make
sure the host security is that we must guarantee the OS
security.
Now, there are a lot of host evaluation tools at home and
overseas, and some of them are fairish. But some aspects
testing made by these tools are not comprehensive, or even
the tool itself exists some questions. Thus, it gives a handle to
certain vulnerabilities. This is a prodigious threat to computer
system.
In this paper, we will describe the function that a testing
all-around host evaluation tool ought to carry out. This
method can carry out the comprehensive evaluation of host
preferably.
. OPERATING SYSTEM (OS) SECURITY
The main targets of the OS security are as the following
aspects: users operations should be controlled according
system security policy to avoid illegal access computer
resource. The users in system should be identified and identity
authentication. The security of system running is supervised.
Security demand
The security demand is security guarantee that we expect
to obtain when we design a security system. Generally
speaking, the security demand includes the following aspects
[3]:
1) Confidentiality demand: Prevent from information
being revealed to unauthorized user.
2) Integrality demand: Prevent from the unauthorized
user modifying information illegally.
3) Accountability (audit) demand: Prevent from user
denying that he has accessed some information or he has
executed some operation.
4) Availability demand: Guarantee authorized user could
access the system information.
C.
Security policy
The security policy is the countermeasure which we adopt
when we face some security threats. Security policy is divided
into access control policy and access supporting policy
Access control policy reflects systems confidentiality and
integrality demand. And access control policy is divided into
discretionary access control policy and mandatory access
control policy.
Access supporting policy reflects systems accountability
(audit) and availability demand. And access supporting policy
is divided into 6 types: identification and authentication,
accountability (audit), accurate guarantee, continuous
protection, object reuse and covert channel.
D. Security model
For defining security demand of system accurately, and
providing policy for designment and development security
system. So we must make use of security model to describe
systems and users security characteristic. Simply, abstractly
and accurately describe the security demand expressed by
security policy.
Security model describes that a certain security policy
requires which mechanism to satisfy. Whereas, security
models actualization rule describes how to apply a particular
mechanism to system, then carries out the target that security
protection needed by a special security mechanism.
Security model include state-machine, information-flow,
noninterference, not deducible, integrity, etc. Among them,
state-machine model ---Bell-La Padula (BLP) model is the
most prevalent and classical security model. BLP model
defines the relations between subject and object. If the
subjects level superier or equal to objects, and subjects
category include all subordinative category of object, then this
subject has eminent domain to this object.
Evaluation Aspects
Summary
Identity Authentication
Access Control
Security Audit
Invasion Defense
Check
the
information
relate
to
About
the
software
malicious code
Resource Control
Control OS resource
of
defense
E.
B.
G.
Access control
Security audit
F.
Invasion defense
[3]