Presentation is loading. Please wait.

Presentation is loading. Please wait.

Relationships Among the TCB, the OS, the Kernel, and the Security Kernel.

Published byMaximilian Davis Modified over 9 years ago

Similar presentations

Presentation on theme: "Relationships Among the TCB, the OS, the Kernel, and the Security Kernel."— Presentation transcript:

1 Relationships Among the TCB, the OS, the Kernel, and the Security Kernel

2 MSJ-2 Supplied by an operating system (OS) Optional, depends on the presence of software not supplied as part of the OS DBMS (or other application) record- level access control DBMS audit Operating System TCB biometric Software mount Few OS’s come with biometric identification/authentication software built in, for example; but if a security policy called for biometric authentication, the biometric software would assuredly be part of the TCB, no? The Security Kernel (SK) The Operating System Kernel Security Kernel … if not, additional software packages providing finer granularity access control, capabilities – e.g., a data base management system – would be providing parts of the SK … OS Kernel short term scheduler ? By any reasonable definition of the OS kernel, there’s a large overlap between it and the security kernel but more precisely nailing down the relationship is complicated by the lack of any standard, technically precise definition for the OS kernel Whereas the short-term scheduler is almost always considered part of the OS kernel, it is surely not part of the security kernel and perhaps not even part of the TCB at all, if the TCB is (perhaps too narrowly?) construed as only MDIA (as in the old Orange Book) But since a corrupted short term scheduler could be a denial of service attack, perhaps it should be (considered as part of the TCB) Whereas the short-term scheduler is almost always considered part of the OS kernel, it is surely not part of the security kernel and perhaps not even part of the TCB at all, if the TCB is (perhaps too narrowly?) construed as only MDIA (as in the old Orange Book) But since a corrupted short term scheduler could be a denial of service attack, perhaps it should be (considered as part of the TCB) The software necessary to mount a disk volume is presumably part of any security kernel – a corrupted mount could compromise access control – but, since it isn’t used very frequently, might not need to be continuously memory resident So if the OS kernel is defined as OS code that is “always running” (which should be better said as “always memory resident”), then the mount software would be in the security kernel but not in the OS kernel The software necessary to mount a disk volume is presumably part of any security kernel – a corrupted mount could compromise access control – but, since it isn’t used very frequently, might not need to be continuously memory resident So if the OS kernel is defined as OS code that is “always running” (which should be better said as “always memory resident”), then the mount software would be in the security kernel but not in the OS kernel And “regular” (file level) audit is probably used often enough that it might be part of the OS kernel (depending possibly on the vendor) but is not in the security kernel, although it is still within the TCB audit TCB OS TCB & OS The SK would be a subset of the operating system if the OS could manage access control over all objects and modes at the finest level of granularity needed by the system’s access control policy, but … Large portions of the TCB are usually provided by an operating system Whether or not the entire TCB is a subset of the operating system depends on whether or not the security architecture requires software mechanisms not provided by the OS Large portions of the TCB are usually provided by an operating system Whether or not the entire TCB is a subset of the operating system depends on whether or not the security architecture requires software mechanisms not provided by the OS … and might also include other TCB software that might nonetheless not be SK software The security kernel implements the reference monitor By definition, it is a subset of the TCB Beyond that, there are a lot of “it depends” to consider in analyzing its relationship to other software The security kernel implements the reference monitor By definition, it is a subset of the TCB Beyond that, there are a lot of “it depends” to consider in analyzing its relationship to other software

3 MSJ-3 The Point? The essences of the four entities – the OS, the TCB, the OS kernel, and the security kernel – are conceptually distinct, but the boundaries and relationships can be fuzzy The OS kernel is probably the least well defined and seems to vary from author to author, or, perhaps worse, from OS vendor to OS vendor There’s not really a right or wrong answer here, but it’s important to establish a well understood, common vocabulary for any given technical conversation – beware the undiagnosed Tower of Babel problem!

Download ppt "Relationships Among the TCB, the OS, the Kernel, and the Security Kernel."

Similar presentations

1 The Antecedents of Internal Auditors Adoption of Continuous Auditing Technology: Exploring UTAUT in an Organizational Context Ray Henrickson CAIT, CACISA.

1 The Antecedents of Internal Auditors Adoption of Continuous Auditing Technology: Exploring UTAUT in an Organizational Context Ray Henrickson CAIT, CACISA.
Developing a coding scheme for content analysis A how-to approach.

Developing a coding scheme for content analysis A how-to approach.
Operating System Security

Operating System Security
Secure Operating Systems Lesson 2: OS Fundamentals.

Secure Operating Systems Lesson 2: OS Fundamentals.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Operating System Support Focus on Architecture

Operating System Support Focus on Architecture
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
The Architecture Design Process

The Architecture Design Process
School of Computing, Dublin Institute of Technology.

School of Computing, Dublin Institute of Technology.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Memory Management (continued) May 8, 2000 Instructor: Gary Kimura.

Memory Management (continued) May 8, 2000 Instructor: Gary Kimura.
OPERATING SYSTEMS Introduction

OPERATING SYSTEMS Introduction

Similar presentations

Ads by Google