A Multi-OS Approach to Trusted Computer Systems

Slides:



Advertisements
Similar presentations
An Overview Of Virtual Machine Architectures Ross Rosemark.
Advertisements

Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.
Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:
Extensibility, Safety and Performance in the SPIN Operating System Bershad et al Presentation by norm Slides shamelessly “borrowed” from Stefan Savage’s.
IXOS-Archive at MIT ISST, R3-Admin, CAO, ASST December 10, 2003.
Privacy-Preserving Cross-Domain Network Reachability Quantification
Database Security By Bei Yuan. Why do we need DB Security? Make data arranged and secret Secure other’s DB.
A Survey on Interfaces to Network Security
File Systems (2). Readings r Silbershatz et al: 11.8.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
Speeding up Exponentiation using an Untrusted Computational Resource (Part 1) Author: M. Van Dijk, D. Clarke, B. Gassend, G.E. Suh and S. Devadas Source:
Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 06 Peer-to-Peer VS Client-Server.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
CS 525 – Network Security Literature Reviews, LaTeX, and Starting a Proposal.
October 29, 2015 The University Information Security Policy & InfoSec one year on… Tom Anstey Weatherall Institute of Molecular Medicine & InfoSec
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Lecture 5.2: Key Distribution: Private Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Software Security Seminar - 1 Chapter 10. Using Algorithms 조미성 Applied Cryptography.
Client/Server Model: A Business View The different Client/server implementations differ according to: 1.Where the processing for the presentation of information.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
1 A Network Security Monitor Paper By: Heberlein et. al. Presentation By: Eric Hawkins.
Privacy Preserving Payments in Credit Networks By: Moreno-Sanchez et al from Saarland University Presented By: Cody Watson Some Slides Borrowed From NDSS’15.
1.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Lecture 2: OS Structures (Chapter 2.7)
X.509 standard and CA’s operation Certificate path validation Dec. 18, C&IS lab. Vo Duc Liem.
1 3 Computing System Fundamentals 3.3 Computer Systems.
Typical Computer System. What's an O.S. and What Does it Do? Software extensions to Hardware Provides for efficient control of and access to system facilities.
SOFTWARE ENGINEERING MCS-2 LECTURE # 2. ATTRIBUTES OF GOOD S/W  Maintainability;  S/w should be written in such a way that it may evolve to meet the.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:
A Multi-OS Approach to Trusted Computer System Yoshiura H., Miyazaki K., Itoh S., Takaragi K., Sasaki R. Security Protocols. 9th International Workshop.
Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
1 SFS: Secure File Sharing For Dynamic Groups In Cloud Shruthi Suresh M-tech CSE RCET.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
Benefits Of PHP Web Development. Easy to Implement PHP permits quick implementation of complicated issue. Its upper your cost- efficiency and also the.
COMPSCI 720 Security for Smart-devices Tracking Mobile Web Users Through Motion Sensors: Attacks and Defenses [1] Harry Jackson hjac660 [1] Das, Anupam,
TCSEC: The Orange Book.
OPERATING SYSTEMS CS 3502 Fall 2017
November 2010 doc.: IEEE e Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: LB60 comment.
Efficient Multi-User Indexing for Secure Keyword Search
The Title.
Computer Data Security & Privacy
Security Issues.
CS 854: Advanced Topics in Operating Systems
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
Semester 1 Cisco Discovery JEOPADY Chapter 3.
Student Name : 1-Mahmood Al Gohrbiya 2-Noor Asmar
Practical E-Payment Scheme
Chapter 6: The Web and E-Commerce
Chapter 2. Malware Analysis in VMs
OPERATING SYSTEMS.
Principles of Computer Security
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
Unit 36: Internet Server Management
ورود اطلاعات بصورت غيربرخط
Chapter 14 The User View of Operating Systems
Operating Systems p.describe the characteristics of knowledge-based systems; q.describe the purpose of operating systems; r.describe the characteristics.
A simple and secure single sign-in authentication service, designed to help businesses prove who they are when transacting with public services online.
Paper Presentation - Ultra Portable Devices
MPC Scenario 1. “Privacy-protected contingency tables”
Fast Session Transfer Session Setup in TVWS
Campus Resource Scheduling & Event Management
АВЛИГАТАЙ ТЭМЦЭХ ҮНДЭСНИЙ ХӨТӨЛБӨР /танилцуулга/
Judicial Powers of Case Management
Improving Data Security & Protection Using Data Provenance Figure 1
Parallel I/O for Distributed Applications (MPI-Conn-IO)
CS Introduction to Operating Systems
Presentation transcript:

A Multi-OS Approach to Trusted Computer Systems Based on: H. Yoshiura et. al., “A Multi-OS Approach to Trusted Computer Systems”, Security Protocols, LNCS 2467, pp 107-114, 2002. Kenji Sumida COMPSCI 725 FC 2003

Summary Aims to find a secure system which can be implemented in the private sector Problems: Efficiency vs. Security, Cost Use two operating systems A “user” OS (insecure) and “monitoring” OS (secure) Multi-OS controller (MOC) switches from the user OS to monitoring OS when required Aims to provide “best of both worlds” Flexibility and usability of user OS, and security of monitoring OS

Appreciative/Critical Comments Easy to comprehend Does not present a real world example Orange book may not be a relevant measure for private sector businesses Considers both online attacks and offline attacks Good that it considers offline attacks But makes many assumptions  (even with online attacks) We will see this in an example in the next two slides

An example system: implementing MAC

Online attacks To the example system Attacks to the User OS Assume access requests go through the required processes Attacks to the Monitoring OS Assume it is adequately secure Attacks to the MOC Apparently under research and the paper does not expand on this further No real evidence that the system works

Question Is it a reasonable assumption made by the authors that all requests to the file system made by user processes are hooked by the MOC, and control passed to the Monitoring OS?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.