Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Relationships Among the TCB, the OS, the Kernel, and the Security Kernel The TheOperating Security TCB &Kernel System OS (SK) Kernel And “regular” (file level) audit is • The security kernel probably used often enough that it implements the might be part of the OS kernel reference monitor (depending possibly on the vendor) • By it issecurity a butdefinition, is not in the kernel, Operating of the …subset and might include although italso isTCB still within the TCB mount other TCB software that biometric • Beyond that, there are System might nonetheless not be Software a lot of “it depends” to SK software consider in analyzing Security audit its relationship to other Kernel … if not, additional software • The software necessary to mount a disk software • Large portions the TCB are usually short term providing finer packages • Whereas theofshort-term scheduler is scheduler volume is presumably part of any security DBMS provided an operating system ? granularity access control, almostbyalways considered part of the audit kernel – a corrupted mount could TheOS SKkernel, would itbeisasurely notrecordcapabilities – e.g., a data base level part the OS • Whether or not access the entire TCB isbut, aofsubset compromise control – since it access subset of the operating management system – would be controlnot even security kernel and perhaps Kernel of isn’t the operating system depends on used very frequently, might not need system ifofreasonable the OS could providing parts of the SK … Few OS’s come with part the TCB at definition all, ifbiometric the TCB By any of theis whether or not the security architecture to be continuously memory resident manage access control identification/authentication DBMS (perhaps too narrowly?) as OS kernel, there’s a large construed overlap requires software mechanisms not over all objects and (or other application) • between So if the OS kernel is as OS Supplied by an operating software built fordefined example; but ifcode only MDIA (as inin,the old Orange Book) itthe and the security kernel provided by OS system (OS) modes at“always the finest level thatamore is running” (which should be security policy called for biometric but precisely nailing down the But since aneeded corrupted short term of• relationship granularity by better said as “always memory resident”), authentication, the biometric is complicated byof the scheduler could be a denial service Optional, depends on the the system’s access then the mount software would be in of the software would assuredly be part lack of any standard, technically attack, perhaps it should be presence of software not control policy, but … security kernel but not in the OS kernel the TCB, no? precise definition for the OSTCB) kernel supplied as part of the OS (considered as part of the TCB MSJ-2 The Point? • The essences of the four entities – the OS, the TCB, the OS kernel, and the security kernel – are conceptually distinct, but the boundaries and relationships can be fuzzy • The OS kernel is probably the least well defined and seems to vary from author to author, or, perhaps worse, from OS vendor to OS vendor • There’s not really a right or wrong answer here, but it’s important to establish a well understood, common vocabulary for any given technical conversation – beware the undiagnosed Tower of Babel problem! MSJ-3