Chap5: Designing Trusted Operating Systems.  What makes an operating system “secure”? Or “trustworthy”?  How are trusted systems designed, and which.

Slides:



Advertisements
Similar presentations
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Advertisements

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
Chapter 6 Security Kernels.
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
Access Control Methodologies
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Secure Operating Systems Lesson 0x11h: Systems Assurance.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
1 An Overview of Computer Security computer security.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Information Systems Security Security Architecture Domain #5.
SE571 Security in Computing
User Domain Policies.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
Systems Security & Audit Operating Systems security.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
Trusted System? What are the characteristics of a trusted system?
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
Switch off your Mobiles Phones or Change Profile to Silent Mode.
Chapter 5 – Designing Trusted Operating Systems  What makes an operating system “secure”? Or “trustworthy?  How are trusted systems designed, and which.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
Chapter 5 Network Security
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.
Secure Operating Systems Lesson 4: Access Control.
Chap1: Is there a Security Problem in Computing?.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 19 October 26, 2004.
AUTHORS – X. NIE, D. FENG, J. CHE, X. WANG PRESENTED BY- PREOYATI KHAN KENT STATE UNIVERSITY Design and Implementation of Security Operating System based.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Academic Year 2014 Spring Academic Year 2014 Spring.
Chapter 5 – Designing Trusted Operating Systems
Workshop 2 Tutor: William Yeoh School of Computer and Information Science Secure and High Integrity System (INFT 3002)
Trusted Operating Systems
Privilege Management Chapter 22.
Protection & Security Greg Bilodeau CS 5204 October 13, 2009.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004.
Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.
1 Saltzer [1974] and later Saltzer and Schroeder [1975] list the following principles of the design of secure protection systems, which are still valid:
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Computer Security: Chapter 5 Operating Systems Security.
9- 1 Last time ● User Authentication ● Beyond passwords ● Biometrics ● Security Policies and Models ● Trusted Operating Systems and Software ● Military.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
Security Models and Designing a Trusted Operating System
Operating System Structure
Operating Systems Security
Official levels of Computer Security
THE ORANGE BOOK Ravi Sandhu
Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
PLANNING A SECURE BASELINE INSTALLATION
Access Control What’s New?
Presentation transcript:

Chap5: Designing Trusted Operating Systems

 What makes an operating system “secure”? Or “trustworthy”?  How are trusted systems designed, and which of those design principles carry over naturally to other program development tasks?  How do we develop “assurance” of the correctness of a trusted operating system? SE571 Security in Computing Dr. Ogara 2

 Prime providers of security in computing systems.  They support many programming capabilities, sharing of resources, and enforce restrictions on program and user behavior  Often are targets for attack SE571 Security in Computing Dr. Ogara 3

 Four requirements from designers perspective Security policy  a set of rules that lay out what is to be secured and why  a statement of the security we expect the system to enforce  Several security policies needed SE571 Security in Computing Dr. Ogara 4

Model  Construct model for environment to be secured  Model represents policy to be enforced  Models helps to analyze different ways of enforcing given security policies Design  How do you implement the security policy?  Several choices to choose from SE571 Security in Computing Dr. Ogara 5

Trust  Assurance from users that OS meets security expectation  OS will enforce security correctly SE571 Security in Computing Dr. Ogara 6

 Military security policy Based on protecting classified information Information is ranked at different sensitivity level, e.g.  Unclassified  Restricted  Confidential  Secret  Top secret SE571 Security in Computing Dr. Ogara 7

 Military security policy Information access based on need-to-know rule  Access given to those who information to perform their jobs Each piece of classified information may be associated with one or more projects, called compartments A compartment may include information at only one or several sensitivity levels SE571 Security in Computing Dr. Ogara 8

Figure 5-1 Hierarchy of Sensitivities. Least Sensitive SE571 Security in Computing Dr. Ogara 9

Figure 5-2 Compartments and Sensitivity Levels. SE571 Security in Computing Dr. Ogara 10

 Why study models of computer security? To determining the policies a secure system should enforce To understand the properties of protection systems  Models are essential in the design of security policies SE571 Security in Computing Dr. Ogara 11

 Multilevel Security Lattice Model of Access Security Bell–La Padula Confidentiality Model Biba Integrity Model SE571 Security in Computing Dr. Ogara 12

 Models Proving Theoretical Limitations of Security Systems Graham–Denning Model Harrison–Ruzzo–Ullman Results Take–Grant Systems SE571 Security in Computing Dr. Ogara 13

 Design principles for good security Least privilege. Users and programs should use the fewest privileges possible to minimize malicious attack Economy of mechanism. The protection system should be small, simple, and straightforward Open design. The protection mechanism should be public, depending on secrecy of relatively few key items, such as a password table SE571 Security in Computing Dr. Ogara 14

 Design principles for good security Complete mediation. Every access attempt must be checked Permission based. The default condition should be denial of access Separation of privilege. Access to objects should depend on more than one condition, e.g. authentication plus a cryptographic key SE571 Security in Computing Dr. Ogara 15

 Design principles for good security Least common mechanism. Shared objects provide potential channels for information flow. Systems employing physical or logical separation reduce the risk from sharing Ease of use. If a protection mechanism is easy to use, it is unlikely to be avoided SE571 Security in Computing Dr. Ogara 16

 Regular OS – addresses features only  Trusted OS – addresses features and assurance (Figure 5-11) SE571 Security in Computing Dr. Ogara 17

 User identification and authentication  Mandatory access control  Discretionary access control  Object reuse protection  Complete mediation SE571 Security in Computing Dr. Ogara 18

 Trusted path  Audit  Audit log reduction  Intrusion detection SE571 Security in Computing Dr. Ogara 19

 User identification and authentication Know who is requesting access and verify identity  Mandatory access control Access control policy decisions are beyond the control of the individual Central authority determines access, and the user cannot change access rights SE571 Security in Computing Dr. Ogara 20

 Discretionary access control Leaves a certain amount of access control to the discretion of the object’s owner /anyone authorized to control object’s access Owner determines who should have access rights to an object and what those rights should be SE571 Security in Computing Dr. Ogara 21

 Object reuse protection Ability to control reusable resources from serious vulnerability Prevents object reuse leakage by overwriting on all space to be reassigned before allowing the next user to have access to it  Complete mediation All access are controlled SE571 Security in Computing Dr. Ogara 22

 Trusted path Allow users to supply protected information only to a legitimate receivers  Accountability and audit Create audit log – list events and people responsible for addition, deletion and change Audit log must be protected from outsiders. SE571 Security in Computing Dr. Ogara 23

 Audit log reduction Audit log may be too difficult to handle, owing to volume and analysis Problem is simplified by an audit of only the opening (first access to) and closing of (last access to) files or similar objects Objects such as individual memory locations, hardware registers, and instructions are not audited SE571 Security in Computing Dr. Ogara 24

 Intrusion detection software Builds patterns of normal system usage and triggers an alarm when usage seems abnormal SE571 Security in Computing Dr. Ogara 25

Figure 5-11 Security Functions of a Trusted Operating System. SE571 Security in Computing Dr. Ogara 26

 Virtualization The operating system emulates or simulates a collection of a computer system’s resources (processor, storage, and some I/O devices) Allows users to access complex objects in a carefully controlled manner SE571 Security in Computing Dr. Ogara 27

 virtual machine Collection of real or simulated hardware facilities A virtual machine gives the user a full set of hardware features/complete machine that may be substantially different from the real machine Virtual memory gives the user a memory space that is logically separated from real memory and may be larger than real memory SE571 Security in Computing Dr. Ogara 28

Figure 5-18 Conventional Operating System. SE571 Security in Computing Dr. Ogara 29

Figure 5-19 Virtual Machine. SE571 Security in Computing Dr. Ogara 30

 Assurance methods - ways of convincing others that a model, design, and implementation are correct Testing  widely accepted assurance technique  Conclusion based on actual product tested SE571 Security in Computing Dr. Ogara 31

 Assurance methods Penetrating testing  Also called tiger team analysis, or ethical hacking  Experts crack the system being tested  Popular with the commercial community who think skilled hackers will test (attack) a site SE571 Security in Computing Dr. Ogara 32

 Assurance methods Formal verification  most rigorous method of analyzing security  confirms whether the operating system provides the security features it should and nothing else. SE571 Security in Computing Dr. Ogara 33

 Desirable Qualities Extensibility – Can the evaluation be extended as the product is enhanced? Granularity – Does the evaluation look at the product at the right level of detail? Speed – Can the evaluation be done quickly enough to allow the product to compete in the marketplace? SE571 Security in Computing Dr. Ogara 34

 Desirable Qualities Thoroughness - Does the evaluation look at all relevant aspects of the product? Objectivity – Is the evaluation independent of the reviewer's opinions? Portability – Does the evaluation apply to the product no matter what platform the product runs on? SE571 Security in Computing Dr. Ogara 35

 Desirable Qualities Consistency – Do similar products receive similar ratings? Compatibility – Could a product be evaluated similarly under different criteria? Exportability – Could an evaluation under one scheme be accepted as meeting all or certain requirements of another scheme SE571 Security in Computing Dr. Ogara 36

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.