Download Enhanced Security Models for Operating Systems: A Cryptographic

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
Document related concepts

Cross-site scripting wikipedia , lookup

Access control wikipedia , lookup

Information security wikipedia , lookup

Airport security wikipedia , lookup

Web of trust wikipedia , lookup

Distributed firewall wikipedia , lookup

Wireless security wikipedia , lookup

Multilevel security wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Computer security wikipedia , lookup

Trusted Computing wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Mobile security wikipedia , lookup

Unix security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Transcript 
Presented by
Gopi Krishna V
Contents
 Introduction
 Security features of Trusted system
 Problems with Trusted systems
 Vaults Model
 Protection Mechanism
 Advantages of Vault
 Conclusion
Introduction
Computer Security problem:
 Earlier, many approaches have been tried in order to provide
security in use of computing resources, but we have only limited
success.
 Why is this situation actually getting worse?
Reason: Increased use of distributed computing resources across
insecure networks and unpredicted run time interactions cause
hard to detect security flaws.
 Many operating system security features developed earlier, which
have largely been ignored in the contemporary systems
Introduction
Importance of Host Security:
 Protection mechanisms can be easily bypassed if
an attacker can gain access to the layer below that
where the protection mechanism resides.
 Not only developing secure network protocols but
also provision of sufficiently secure operating
system.
Introduction
Importance of Host Security:
 Protection mechanisms can be easily bypassed if
an attacker can gain access to the layer below that
where protection mechanism resides.
 Not only developing secure network protocols but
also provision of sufficiently secure operating
system.
 For sufficient secure foundation , lets have a look
at Trusted Systems.
Security features of Trusted System
 Trusted systems are identified by two key features for
the provision of strong security.
 Mandatory Security
 Trusted path
Security features of Trusted System
Mandatory security:
 Nowadays, the majority of systems use Discretionary access
control (DAC) where each user determines security policy.
 However, Mandatory Access control(MAC) involves a
“security administrator” who determines security policy.
Trusted path:
 It is a mechanism, where a user can interact directly with
security-critical system components in an authenticated
manner that cannot be imitated by malicious software.
Problems with trusted systems
Problems:
 Documenting, developing, deploying and testing are
significant costs.
Vaults Model
 Incorporating cryptography into the security
infrastructure by operating system kernel.
 This infrastructure can be separated into two types.


Repository parts(Vaults).
protection mechanisms.
Vaults Model
Vaults:
 A vault is simply a data structure holding sensitive data
to which the security kernel carefully controls access
according to a small set of simple, pre-defined rules.
 Five different types of vaults





User vaults
Global Private Vault (GPRIV)
Global Public Vault(GPUV)
Escrow Vault
Fundamental Vault
Vaults Model
User Vaults:
 Each user on the system has their own vault, where user
can store data virtually and retrieved whenever user
required.
Global Private Vault(GPRIV):
 GPRIV is the system-wide equivalent of the user vaults.
Only the system kernel is able to directly access GPRIV.
Global public vaults(GPUV):
 GPUV is opposite to GPRIV in that it holds values that
must be accessible by all users on the system as required.
Vaults Model
Escrow vaults:
 It is similar to GPRIV vault.
 It is used to hold keys for protected objects such that
they can be retrieved if required by the Security
administrator.
Fundamental Vaults:
 The fundamental vaults are used to hold the keys for
encrypting the other four vaults.
Protection Mechanism
File Protection:
 Protection of file system objects is one of the key security functions of
any OS.
 Vaults provide protection to both read and write operations.
Read and Write protection:
 Now a days, cryptographic file systems only provide confidentiality.
Writing into encrypted file is difficult.
 Vaults provide file protection keys, where it can provide confidentiality
and integrity.
 Message Authentication code(MAC) used to access write permission
Ticket and File sharing:
 Tickets grant permissions to select users and to access objects using a
token.
 Owner of the object creates protections(read/write),where token and
key are generated and stored in the GPRIV.
Protection Mechanism
Trusted Fingerprinting:
 Under Vault architecture, System administrator uses
fingerprinting to protect themselves against threats.
 Two types of fingerprinting:


Global Fingerprinting
Local Finger printing
Protection mechanism
Global Fingerprinting:
 Global fingerprinting stores all authorized users’ finger
print in GPUB.
 Whenever any user tries to execute a program file, the
kernel checks the particular user fingerprint in GPUB. If it
matches the fingerprint, it allows the execution.
 There are three main advantages
 It will check integrity of the program at the time of execution.
 It removes the dependency static integrity checker on unsecured
components.
 It prevents users from running modified program.
Protection Mechanism
Local fingerprinting:
 It provides the security to individual user.
 Vaults allow individual users to accumulate
fingerprints of the software .
 It provides own security needs in their vault.
 This means, it allows a user to implement their own
policy.
Protection Mechanism
Dual TCB and Extensible Trusted Path:
 Trusted Computing Base(TCB) collection of
components responsible for enforcing security
policy.
 Dual TCB
 Global TCB
 Local TCB
 Global TCB handles components in system security with
fingerprints in GPUB.
 Local TCB handles components of individual user fingerprint in
their own vault.
Advantages of Vault
Strong security :
 Vaults provide a strong security baseline similar to
mandatory security features in trusted system.
 Vaults implements Trusted finger print
mechanism.
Flexible and Intuitive security:
 Providing more flexibility by offering own security
as needed.
 The dual TCB prevents undetected modifications
of the program
Advantages of vaults
Advantages over conventional system:
 It provides shield to users to get protected from
maliciously modified trusted code.
Security advantages of Cryptography:
 It eliminates the complexity and easily tested.
Conclusion
 Vaults provide a significant usability advantage, in that
users no longer need to manage and memorize a large
number of passwords and keys.
Related documents
2016 department of medicine research day
2016 department of medicine research day
III. Over 600 Volts, Nominal 110.30 General
III. Over 600 Volts, Nominal 110.30 General
Sasanian Vaults
Sasanian Vaults
Underlying Geometry of the Guastavino`s Brooklyn Municipal
Underlying Geometry of the Guastavino`s Brooklyn Municipal
CSC 405 Introduction to Computer Security
CSC 405 Introduction to Computer Security
Designing Trusted Operating Systems Operating Systems
Designing Trusted Operating Systems Operating Systems
a preliminary study of the praetorium of the zenobia
a preliminary study of the praetorium of the zenobia
Design and Implementation of Security Operating System based on
Design and Implementation of Security Operating System based on
Operating Systems Security
Operating Systems Security
Lecture 15 Designing Trusted Operating Systems Thierry Sans
Lecture 15 Designing Trusted Operating Systems Thierry Sans
secure operating system
secure operating system
Stone-roof conservation Tarek Teba
Stone-roof conservation Tarek Teba
Trusted - Piazza
Trusted - Piazza
the roman empire - Point Loma High School
the roman empire - Point Loma High School
Infection Control within an Animal Shelter
Infection Control within an Animal Shelter
Roman Art and Architecture Historical Background
Roman Art and Architecture Historical Background
4 ≡ 4 ∠ = ∠
4 ≡ 4 ∠ = ∠
Operating Systems CSLO - Barbara Hecker
Operating Systems CSLO - Barbara Hecker
Introduction to Forensic Science
Introduction to Forensic Science