Relationships Among the TCB, the OS, the Kernel, and the Security Kernel.

Slides:



Advertisements
Similar presentations
1 The Antecedents of Internal Auditors Adoption of Continuous Auditing Technology: Exploring UTAUT in an Organizational Context Ray Henrickson CAIT, CACISA.
Advertisements

Developing a coding scheme for content analysis A how-to approach.
Operating System Security
Secure Operating Systems Lesson 2: OS Fundamentals.
Chapter 6 Security Kernels.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Operating System Support Focus on Architecture
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
The Architecture Design Process
School of Computing, Dublin Institute of Technology.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Memory Management (continued) May 8, 2000 Instructor: Gary Kimura.
OPERATING SYSTEMS Introduction
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
The Software Product Life Cycle. Views of the Software Product Life Cycle  Management  Software engineering  Engineering design  Architectural design.
10/5/1999Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Software Reliability: The “Physics” of “Failure” SJSU ISE 297 Donald Kerns 7/31/00.
The way to gain a good reputation, is to endeavor to be what you desire to appear. Socrates.
SEC835 Database and Web application security Information Security Architecture.
Protecting Your Computer & Your Information
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
The Security Analysis Process University of Sunderland CSEM02 Harry R. Erwin, PhD.
Introduction and Overview Questions answered in this lecture: What is an operating system? How have operating systems evolved? Why study operating systems?
An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your.
1 Introduction to Database Systems. 2 Database and Database System / A database is a shared collection of logically related data designed to meet the.
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
Processes and OS basics. RHS – SOC 2 OS Basics An Operating System (OS) is essentially an abstraction of a computer As a user or programmer, I do not.
 Three-Schema Architecture Three-Schema Architecture  Internal Level Internal Level  Conceptual Level Conceptual Level  External Level External Level.
Robert Crawford, MBA West Middle School.  Explain how the binary system is used by computers.  Describe how software is written and translated  Summarize.
Chapter 7 Securing Commercial Operating Systems. Chapter Overview Retrofitting Security into a Commercial OS History of Retrofitting Commercial OS's Commercial.
G53SEC 1 Reference Monitors Enforcement of Access Control.
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319.
Operating Systems Security
Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.
Trusted Operating Systems
Copyright © Curt Hill Operating Systems An Introductory Overview.
Computer Security: Principles and Practice
CS223: Software Engineering Lecture 13: Software Architecture.
Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
EN Lecture Notes Spring 2016 ASSURANCE AND EVALUATION.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
Processes and threads.
Memory COMPUTER ARCHITECTURE
Security Issues.
Mechanism: Limited Direct Execution
Outline What does the OS protect? Authentication for operating systems
Exam Review.
Swapping Segmented paging allows us to have non-contiguous allocations
Modularity and Memory Clearly, programs must have access to memory
Outline What does the OS protect? Authentication for operating systems
Oracle Solaris Zones Study Purpose Only
Resource Management Chapter 19 9/20/2018 Crowley OS Chap. 19.
Cryptography and Network Security
System Calls David Ferry CSCI 3500 – Operating Systems
O.S. Security.
Preventing Privilege Escalation
Presentation transcript:

Relationships Among the TCB, the OS, the Kernel, and the Security Kernel

MSJ-2 Supplied by an operating system (OS) Optional, depends on the presence of software not supplied as part of the OS DBMS (or other application) record- level access control DBMS audit Operating System TCB biometric Software mount Few OS’s come with biometric identification/authentication software built in, for example; but if a security policy called for biometric authentication, the biometric software would assuredly be part of the TCB, no? The Security Kernel (SK) The Operating System Kernel Security Kernel … if not, additional software packages providing finer granularity access control, capabilities – e.g., a data base management system – would be providing parts of the SK … OS Kernel short term scheduler ? By any reasonable definition of the OS kernel, there’s a large overlap between it and the security kernel but more precisely nailing down the relationship is complicated by the lack of any standard, technically precise definition for the OS kernel Whereas the short-term scheduler is almost always considered part of the OS kernel, it is surely not part of the security kernel and perhaps not even part of the TCB at all, if the TCB is (perhaps too narrowly?) construed as only MDIA (as in the old Orange Book) But since a corrupted short term scheduler could be a denial of service attack, perhaps it should be (considered as part of the TCB) Whereas the short-term scheduler is almost always considered part of the OS kernel, it is surely not part of the security kernel and perhaps not even part of the TCB at all, if the TCB is (perhaps too narrowly?) construed as only MDIA (as in the old Orange Book) But since a corrupted short term scheduler could be a denial of service attack, perhaps it should be (considered as part of the TCB) The software necessary to mount a disk volume is presumably part of any security kernel – a corrupted mount could compromise access control – but, since it isn’t used very frequently, might not need to be continuously memory resident So if the OS kernel is defined as OS code that is “always running” (which should be better said as “always memory resident”), then the mount software would be in the security kernel but not in the OS kernel The software necessary to mount a disk volume is presumably part of any security kernel – a corrupted mount could compromise access control – but, since it isn’t used very frequently, might not need to be continuously memory resident So if the OS kernel is defined as OS code that is “always running” (which should be better said as “always memory resident”), then the mount software would be in the security kernel but not in the OS kernel And “regular” (file level) audit is probably used often enough that it might be part of the OS kernel (depending possibly on the vendor) but is not in the security kernel, although it is still within the TCB audit TCB OS TCB & OS The SK would be a subset of the operating system if the OS could manage access control over all objects and modes at the finest level of granularity needed by the system’s access control policy, but … Large portions of the TCB are usually provided by an operating system Whether or not the entire TCB is a subset of the operating system depends on whether or not the security architecture requires software mechanisms not provided by the OS Large portions of the TCB are usually provided by an operating system Whether or not the entire TCB is a subset of the operating system depends on whether or not the security architecture requires software mechanisms not provided by the OS … and might also include other TCB software that might nonetheless not be SK software The security kernel implements the reference monitor By definition, it is a subset of the TCB Beyond that, there are a lot of “it depends” to consider in analyzing its relationship to other software The security kernel implements the reference monitor By definition, it is a subset of the TCB Beyond that, there are a lot of “it depends” to consider in analyzing its relationship to other software

MSJ-3 The Point? The essences of the four entities – the OS, the TCB, the OS kernel, and the security kernel – are conceptually distinct, but the boundaries and relationships can be fuzzy The OS kernel is probably the least well defined and seems to vary from author to author, or, perhaps worse, from OS vendor to OS vendor There’s not really a right or wrong answer here, but it’s important to establish a well understood, common vocabulary for any given technical conversation – beware the undiagnosed Tower of Babel problem!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.