Operating Systems and

Computer Security
Trusted Operating Systems
Operating System
 Primary security provider
 Providing other services
 Targeted for attacks
Trusted Operating System
 Services
◦ Memory protection
◦ File protection
◦ General object access control
◦ User authentication
 Consistent
 Effective
Trusted Program
 Functional correctness
 Enforcement of integrity
 Limited privilege
 Appropriate confidence level
Security Policies
 Statement of the security which provided by
the system
 A plan

◦ What is to be secured
◦ Why
◦ How
Military Security Policy
 Each piece of information is ranked

  Hierarchy of Sensitivities.
Military Security Policy
 Need-to-know rule
◦ Limit access
◦ Based on performing job
◦ classified information are associated with
compartments
Trusted Operating System Design
 Good design principles
◦ Least privilege
 User , Program
◦ Economy of mechanism
 Design of the protection should be small, simple
◦ Open design
 Potential attackers
◦ Complete mediation
 Permission based. (default condition for denial of access)
◦ Separation of privilege
 More than one condition
 Authentication plus a cryptographic key
Trusted Operating System Design
 Good design principles
◦ Least common mechanism
 physical or logical separation reduce the risk from
sharing
◦ Ease of use
Features of Ordinary OS
Features of Protected OS
 Memory is separated by user
 User, and data and program libraries have

controlled
Features of Ordinary OS
 User authentication
◦ Identify each user
◦ password comparison.
 Memory protection.
◦ User's program run in portion of protected memory
 File and I/O device access control
◦ Protect user and system files
 Allocation access control to general objects
 Enforced sharing
 Guaranteed fair service
Features of Ordinary OS
 Interposes communication and synchronization
 Protected operating system protection data
Features of Protected OS
 Identification and Authentication

 Mandatory and Discretionary Access Control

◦ Policy decisions are made beyond the control
◦ Central authority determines
◦ User cannot change access rights
 Discretionary access control (DAC)
◦ Objects owner or any authorized user control the
access to object
Features of Protected OS
 Object Reuse Protection
◦ Reusing objects is efficient
◦ Control object reuse by another user
◦ OS clear or overwrite objects reassigned space
before second user

 Trusted Path
 Setting a password
 Changing access permissions
 Trusted communication
Features of Protected OS
 Accountability and Audit
◦ maintaining a log of security-relevant events
 Audit Log Reduction
 Intrusion Detection

◦ Analyze audit log

◦ Identify patterns
◦ Warning
Kernelized Design
 Kernel/nucleus or core
◦ Interprocess communication
◦ Message passing
◦ Interrupt handling
 Security kernel
◦ Security mechanisms of the entire operating system
◦ Control user access
◦ Control interposes communication
Kernelized Design
Coverage

◦Every access to a protected object must pass the security kernel

Separation

◦Isolating security mechanisms both from the rest of the operating system
and from the user space
◦protect security mechanisms
Unity

◦All security functions are performed by a single set of code

◦Easier to trace the cause of any problems
Modifiability

◦Changes to the security mechanisms are easier to make and easier to test
Compactness
◦Performs only security functions, Small component
Verifiability
◦Relatively small
◦Analyzable
Kernelized Design
 Adds yet another layer of interface
 Degrade system performance
Kernelized Design
 Reference monitor
◦ Controls accesses to objects
◦ Tamperproof - impossible to disable
◦ Unbypassable
◦ Analyzable - small enough to analysis and testing
Trusted Computing Base
 Everything in the trusted operating system
necessary to enforce the security policy
◦ HW,SW
 Modular operating systems
◦ Security activities
◦ Other functions
◦ Gathering all security function to TCB destroy
modularity
 Security-related activities are performed in
different places
Trusted Computing Base
Trusted Computing Base
Virtualization
 OS simulate collection of computer resources
 Virtual machine

◦ Collection of simulated hardware facilities

◦ Processor, memory, I/O (printer, logical drives)
◦ Deferent resources
Virtualization
Virtualization
 Multiple Virtual Memory Spaces
Layered Design
◦ Hardware
◦ Kernel
◦ Operating system
◦ User
Layered design
◦ Single logical function with several different
modules in deferent layers