Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 – Designing Trusted Operating Systems

Similar presentations


Presentation on theme: "Chapter 5 – Designing Trusted Operating Systems"— Presentation transcript:

1 Chapter 5 – Designing Trusted Operating Systems
What makes an operating system “secure”? Or “trustworthy? How are trusted systems designed, and which of those design principles carry over naturally to other program development tasks? How do we develop “assurance” of the correctness of a trusted operating systems?

2 Designing Trusted Operating Systems
Primitive security services Memory protection File protection General object access control User authentication OS is trusted if we have confidence that it provides these four services in a consistent and effective way.

3 What is a trusted system?
Secure Trusted Either-or: something either is or is not secure Graded: There are degrees of “trustworthiness Property of presenter Property of receiver Asserted based on product characteristics Judged based on evidence and analysis Absolute: not qualified as to how, where, when, or by whom used Relative: viewed in context of use A goal A characteristic

4 What is a trusted system?
Trusted process – process that can affect system security Trusted product – evaluated and approved product Trusted software- software portion of system that can be relied upon to enforce security policy Trusted computing base – set of all protection mechanisms within a computing system that enforce a nified security policy Trusted system – system that employs sufficient hardware and software integrity measures to allow its use for processing sensitive information

5 Security Policies security policy – statement of security we expect the system to enforce Military Security Policy based on protecting classified information Information access is limited by need-to-know rule Each piece of classified info is associated with a compartment

6 Military Security Policy
Class (classification) - <rank; compartment> Clearance - indication that person is trusted to access info up to a certain level of sensitivity Dominance – s <= O iff ranks <= ranko and compartmentss <= compartmentso Clearance level of subject is at least as high as that of the information Subject has a need to know about all compartments for which the information is classified.

7 Commercial Security Policies
Data items at any level may have different degrees of sensitivity (public, proprietary, internal) No formalized notion of clearances No dominance function for most commercial information access

8 Clark-Wilson Commercial Security Policy
Well-formed transactions – perform steps in order, exactly as listed & authenticating the individuals who perform the steps Goal – maintain consistency between internal data and external expectations of the data Process constrained data items by transformation procedures <userID, TPi, {CDIj, CDIk, …}>

9 Commercial Security Policy
Separation of duty – division of responsibilities (manual system) Chinese Wall Security Policy – Confidentiality Policy Objects (e.g. files) Company Groups (all objects concerning a particular company) Conflict classes (cluster competing companies)


Download ppt "Chapter 5 – Designing Trusted Operating Systems"

Similar presentations


Ads by Google