* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Enhanced Security Models for Operating Systems: A Cryptographic
Survey
Document related concepts
Cross-site scripting wikipedia , lookup
Access control wikipedia , lookup
Information security wikipedia , lookup
Airport security wikipedia , lookup
Web of trust wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Multilevel security wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Security and safety features new to Windows Vista wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Computer security wikipedia , lookup
Trusted Computing wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Mobile security wikipedia , lookup
Transcript
Presented by Gopi Krishna V Contents Introduction Security features of Trusted system Problems with Trusted systems Vaults Model Protection Mechanism Advantages of Vault Conclusion Introduction Computer Security problem: Earlier, many approaches have been tried in order to provide security in use of computing resources, but we have only limited success. Why is this situation actually getting worse? Reason: Increased use of distributed computing resources across insecure networks and unpredicted run time interactions cause hard to detect security flaws. Many operating system security features developed earlier, which have largely been ignored in the contemporary systems Introduction Importance of Host Security: Protection mechanisms can be easily bypassed if an attacker can gain access to the layer below that where the protection mechanism resides. Not only developing secure network protocols but also provision of sufficiently secure operating system. Introduction Importance of Host Security: Protection mechanisms can be easily bypassed if an attacker can gain access to the layer below that where protection mechanism resides. Not only developing secure network protocols but also provision of sufficiently secure operating system. For sufficient secure foundation , lets have a look at Trusted Systems. Security features of Trusted System Trusted systems are identified by two key features for the provision of strong security. Mandatory Security Trusted path Security features of Trusted System Mandatory security: Nowadays, the majority of systems use Discretionary access control (DAC) where each user determines security policy. However, Mandatory Access control(MAC) involves a “security administrator” who determines security policy. Trusted path: It is a mechanism, where a user can interact directly with security-critical system components in an authenticated manner that cannot be imitated by malicious software. Problems with trusted systems Problems: Documenting, developing, deploying and testing are significant costs. Vaults Model Incorporating cryptography into the security infrastructure by operating system kernel. This infrastructure can be separated into two types. Repository parts(Vaults). protection mechanisms. Vaults Model Vaults: A vault is simply a data structure holding sensitive data to which the security kernel carefully controls access according to a small set of simple, pre-defined rules. Five different types of vaults User vaults Global Private Vault (GPRIV) Global Public Vault(GPUV) Escrow Vault Fundamental Vault Vaults Model User Vaults: Each user on the system has their own vault, where user can store data virtually and retrieved whenever user required. Global Private Vault(GPRIV): GPRIV is the system-wide equivalent of the user vaults. Only the system kernel is able to directly access GPRIV. Global public vaults(GPUV): GPUV is opposite to GPRIV in that it holds values that must be accessible by all users on the system as required. Vaults Model Escrow vaults: It is similar to GPRIV vault. It is used to hold keys for protected objects such that they can be retrieved if required by the Security administrator. Fundamental Vaults: The fundamental vaults are used to hold the keys for encrypting the other four vaults. Protection Mechanism File Protection: Protection of file system objects is one of the key security functions of any OS. Vaults provide protection to both read and write operations. Read and Write protection: Now a days, cryptographic file systems only provide confidentiality. Writing into encrypted file is difficult. Vaults provide file protection keys, where it can provide confidentiality and integrity. Message Authentication code(MAC) used to access write permission Ticket and File sharing: Tickets grant permissions to select users and to access objects using a token. Owner of the object creates protections(read/write),where token and key are generated and stored in the GPRIV. Protection Mechanism Trusted Fingerprinting: Under Vault architecture, System administrator uses fingerprinting to protect themselves against threats. Two types of fingerprinting: Global Fingerprinting Local Finger printing Protection mechanism Global Fingerprinting: Global fingerprinting stores all authorized users’ finger print in GPUB. Whenever any user tries to execute a program file, the kernel checks the particular user fingerprint in GPUB. If it matches the fingerprint, it allows the execution. There are three main advantages It will check integrity of the program at the time of execution. It removes the dependency static integrity checker on unsecured components. It prevents users from running modified program. Protection Mechanism Local fingerprinting: It provides the security to individual user. Vaults allow individual users to accumulate fingerprints of the software . It provides own security needs in their vault. This means, it allows a user to implement their own policy. Protection Mechanism Dual TCB and Extensible Trusted Path: Trusted Computing Base(TCB) collection of components responsible for enforcing security policy. Dual TCB Global TCB Local TCB Global TCB handles components in system security with fingerprints in GPUB. Local TCB handles components of individual user fingerprint in their own vault. Advantages of Vault Strong security : Vaults provide a strong security baseline similar to mandatory security features in trusted system. Vaults implements Trusted finger print mechanism. Flexible and Intuitive security: Providing more flexibility by offering own security as needed. The dual TCB prevents undetected modifications of the program Advantages of vaults Advantages over conventional system: It provides shield to users to get protected from maliciously modified trusted code. Security advantages of Cryptography: It eliminates the complexity and easily tested. Conclusion Vaults provide a significant usability advantage, in that users no longer need to manage and memorize a large number of passwords and keys.