Download Operating System Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
Document related concepts

Unix security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Transcript 
Operating Systems Security
Some basics
Layers of a computer system
Applications
Services
Operating system (OS)
OS kernel
Hardware
• Where should the security
of the system be placed?
• The security of a layer could
normally be compromised
by attacks from lower
layers!
OS Protection Principles
• The basis of OS protection is separation. The
separation can be of four different kinds:
– Physical: physical objects, such as CPU’s, printers, etc.
– Temporal: execution at different times
– Logical: domains, each user gets the impression that
she is ”alone” in the system
– Cryptographic: hiding data, so that other users cannot
understand them
• ”Computing is sharing and non-location –
security is separation”
Protected objects
• In principle all objects in the OS need protection, but in
particular those that are shareble, e.g.:
–
–
–
–
–
memory
I/O devices (disks, printers, tape drives, etc)
programs, procedures
data
hardware, such as
• normal operating system mechanisms
(e.g. file management - logical, memory management - physical)
• bus control
• interrupt control
• status registers
Trusted operating system concepts
• There are a few basic concepts that are
fundamental when dealing with trusted OS:
– the kernel: is the part of the OS that performs the
lowest-level functions
– the security kernel: is responsible for enforcing the
security mechanisms of the entire OS
– the reference monitor (RM): is the part of the security
kernel that controls access to objects
– the trusted computing base (TCB): is everything in the
trusted OS necessary to enforce the security policy
Trusted operating system concepts
• There are a few basic concepts that are
fundamental when dealing with trusted OS:
– the kernel: is the part of the OS that performs the
lowest-level functions
– the security kernel: is responsible for enforcing the
security mechanisms of the entire OS
– the reference monitor (RM): is the part of the security
kernel that controls access to objects
– the trusted computing base (TCB): is everything in the
trusted OS necessary to enforce the security policy
Security policy and security model
• A security policy is a statement of the security we
expect the system to enforce. The security can be
expressed as a number of well-defined,
consistent and implementable rules.
• A security model is a representation of the
security policy for the OS.
• A formal security model is a mathematical
description (formalisation) of the rules of the
security policy.
It could be used for formal proofs of security.
Development of a secure OS
• The development of secure OS can be made in six
steps:
–
–
–
–
–
–
–
–
analyze of the system
choose/define a security policy
choose/create a security model (based on the policy)
choose implementation method
make a (conceptual) design
verify the correctness of the design
make an implementation
verify the implementation (?)
• There are feed-back loops between all of the above
steps. Errors may occur in all above steps.
The two types of security costs
Make a trade-off between costs!
Related documents
Trusted Operating Systems
Trusted Operating Systems
Greetings Hnoagain. D. O'Dell
Greetings Hnoagain. D. O'Dell
commercial laboratory services
commercial laboratory services
Operating Systems CSLO - Barbara Hecker
Operating Systems CSLO - Barbara Hecker
tutorial-02-with
tutorial-02-with
Chapter 05
Chapter 05
Sirrix AG
Sirrix AG
Unit OS2: Operating Systems Principles
Unit OS2: Operating Systems Principles
ISA 562 - GMU Computer Science
ISA 562 - GMU Computer Science
Orange
Orange
Orange Book Summary - UMBC Center for Information Security and
Orange Book Summary - UMBC Center for Information Security and
EECE 432– Operating Systems
EECE 432– Operating Systems
HW3 - UCF Computer Science - University of Central Florida
HW3 - UCF Computer Science - University of Central Florida
CSci 4061 Introduction to Operating Systems OS Concepts and
CSci 4061 Introduction to Operating Systems OS Concepts and
Lecture 15 Designing Trusted Operating Systems Thierry Sans
Lecture 15 Designing Trusted Operating Systems Thierry Sans
CSC 405 Introduction to Computer Security
CSC 405 Introduction to Computer Security
Chapter 13
Chapter 13
ppt
ppt
System Calls
System Calls
TrustedDB A Trusted Hardware based Database with Privacy and
TrustedDB A Trusted Hardware based Database with Privacy and
Designing Trusted Operating Systems Operating Systems
Designing Trusted Operating Systems Operating Systems
Slide 1
Slide 1