AUTHORS – X. NIE, D. FENG, J. CHE, X. WANG PRESENTED BY- PREOYATI KHAN KENT STATE UNIVERSITY Design and Implementation of Security Operating System based.

Slides:

Advertisements

Similar presentations

Operating System Security

Advertisements

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

Tamper Resistant Software An Implementation By David Aucsmith, IAL “This paper describes a technology for the construction of tamper resistant software.”

Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.

Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Database Management System

Access Control Intro, DAC and MAC System Security.

Fundamentals of Computer Security Geetika Sharma Fall 2008.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

outline Purpose Design Implementation Market Conclusion presentation Outline.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Information Systems Security Security Architecture Domain #5.

User Domain Policies.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

A Novel Cache Architecture with Enhanced Performance and Security Zhenghong Wang and Ruby B. Lee.

© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.

Switch off your Mobiles Phones or Change Profile to Silent Mode.

1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)

Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.

Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

1 NEW GENERATION SECURE COMPUTING BASE. 2 INTRODUCTION  Next Generation Secure Computing Base,formerly known as Palladium.  The aim for palladium is.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

Operating system Security By Murtaza K. Madraswala.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

Li Xiong CS573 Data Privacy and Security Access Control.

出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲吳俊逸.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.

Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.

Information Security CS 526 Topic 17

Ingredients of Security

Academic Year 2014 Spring Academic Year 2014 Spring.

Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.

COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.

Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.

Chap5: Designing Trusted Operating Systems.  What makes an operating system “secure”? Or “trustworthy”?  How are trusted systems designed, and which.

Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.

Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.

Security Models and Designing a Trusted Operating System

Outline What does the OS protect? Authentication for operating systems

Operating system Security

Outline What does the OS protect? Authentication for operating systems

Lecture 1: Foundation of Network Security

Chapter 2: System Structures

Sai Krishna Deepak Maram, CS 6410

Operating System Concepts

Security in SDR & cognitive radio

Access Control What’s New?

Presentation transcript:

AUTHORS – X. NIE, D. FENG, J. CHE, X. WANG PRESENTED BY- PREOYATI KHAN KENT STATE UNIVERSITY Design and Implementation of Security Operating System based on Trusted Computing 1

Contents Introduction Trusted computing platform Security model for trusted computing Security operating system for trusted computing Experiment and Performance Conclusions 2

Introduction Analyzes and reviews relative work of security operating system based on trusted computing. Classical security model BLP is improved to get IBLP. The overall design scheme and modularized implementation of a secure system for trusted computing. Experiment result to show effectiveness and feasibility of their system. 3

Trusted computing Behavior is predictable in any operating condition. Highly resistant to subversion by application software, viruses and a given level of physical interference. 4

Trusted Computing Platform Allows systems to extend trust to clients running on these platforms. Provides open platforms: wide availability, diverse hardware types, and the ability to run many applications from many mutually distrusting sources while still retaining trust in clients. 5

Trusted Computing Platform(cont.) TCPA/TCG structure contains 4 essential factors. 1. TPM(Trusted Platform Module).  Core of hardware level security framework.  Generates encryption key.  Protects BIOS and the OS from malicious activity. 2. CRTM( Core Root Trust Module).  Initializes entire systems and authenticates BIOS. 3. TCPA OS.  Supports hardware modules and applications.  Launches TCPA control function. 4. Compatibility.  Allows the existing computer system hardware foundation to exists continuously. 6

Trusted Computing Platform(cont.) TCPA Application TCPA Operating System TPMCRTMCPUOther Chips Present PartTrusted Part Figure1: TCPA/TCG system structure 7

Security model for trusted computing BLP model: simulates a computer system accord with military security policy. In BLP there are 4 access attributes:  e access (execute with neither observe nor alter)  r access (observe with no alter)  a access (alter with no observe)  w access (both observe and alter) 8

Security model for trusted computing(cont.) BLP denotes B(S,O,A) to denote the current access state set. S - set of subject O - set of object A - access attribute, consists of e access, r access, a access and w access. 9

Security model for trusted computing Two important axiom: ss- property and star property. Simple security(ss-property): * Property (Star property): 10

Security model for trusted computing Problems with BLP model:  Trusted subject does not have star property constraint  Too large access privilege  Does not match minimum privilege principle.  Lack of integrity control. 11

Design of IBLP security model The authors of this paper designed a security model based on trusted computing through the improvement of BLP and called it IBLP. 12

Definition of IBLP 1. Security attribute. Security attribute for each subject and object includes- Confidentiality level Sc Integrity level Si Access category sets Ca 2. Security domain. The security domain of subject S can be classified as common subject C and trusted subject T. 13

Axiom of IBLP 1. Simple security property(Ss-property). 1 and 2 :  common subject can neither observe nor execute information of the object on the  higher confidentiality level.  lower integrity level. 3 and 4 :  Trusted subject on the lower confidentiality level can neither observe nor execute information of the object on the higher confidentiality level.  But can observe and execute information of the object, lower integrity level. 14

Axiom of IBLP 1. Star-property. 5 and 6 :  common subject can only alter information of the object on the same confidentiality and integrity level. 7 and 8 :  Trusted subject on the lower integrity level can not alter information of object on the higher integrity level but can alter information of object on the lower confidentiality level. 15

Axiom of IBLP 1. Simple security property(Ss-property). 2. Star-property. 16

Analysis of IBLP 1. Consistent with the basic security feature of BLP.  ss-property of IBLP is consistent with the ss-property of BLP.  The star property of IBLP can be seen a special case of the star-property of BLP. 2. Meets the principle of minimum privilege. 3. Prevents the occurrence of covert channel. 4. Meets the security requirement of trusted computing in a more flexible way. 17

Security operating system for trusted computing Figure 2. The overall design 18

Security operating system for trusted computing (cont.) Modular implementation:  Modularly developed and implemented on an open code Linux environment. Trusted identification:  Is used to ensure that only legitimate users can access the system resources. 19

Security operating system for trusted computing (cont.) Privileged access control:  Ensures that a trusted process only gets the security privilege that meets the requirement of its task. Discretionary access control:  Uses ACL defined by user to implement access control of resources.  Mandatory access control:  Manages system resources by classifying them according to their security level. 20

Security operating system for trusted computing (cont.) Integrity Measurement:  Mainly protects the content continuously loaded by OS after secure boot of TPM. Figure 3: TPM-based Integrity Measurement 21

Security operating system for trusted computing (cont.) Security audit:  Audits any security related events  Generate and reveal secret information for system manager to control security situation. 22

Experiment and Performance Security Function:  Can detect and defend most of the attack at present. Table 1. Rate of detection for typical attack. Attack type IP cheating Buffer Overflow Denial of Service Rootkit Rate of detection 80%85%87%95% 23

Experiment and Performance(cont.) Decline of Performance:  The decline rate of efficiency is no more than 10% Table 2. decline rate of efficiency. Test project Test ipcTest forkTest fs Decline rate8%10% 24

Conclusions Improved traditional security model BLP, and designed a trusted computing based security model IBLP. Presented the design and implementation of a secure operating system for trusted computing platform. 25

Conclusions(cont.) Will improve the system to be more compatible with the security requirement of trusted computing application. Will adopt optimizations algorithms to improve the performance. 26

Thank You 27