introduction operating system security
play

Introduction Operating System Security, Designing trusted - PDF document

Jan 23, 2024 •229 likes •389 views

Introduction Operating System Security, Designing trusted operating systems Continued Encapsulated environments CS 239 Security for Networks and System Software May 22, 2002 Lecture 14 Lecture 14 Page 1 Page 2 CS 239, Spring

  1. Introduction Operating System Security, • Designing trusted operating systems Continued • Encapsulated environments CS 239 Security for Networks and System Software May 22, 2002 Lecture 14 Lecture 14 Page 1 Page 2 CS 239, Spring 2002 CS 239, Spring 2002 Designing Trusted Operating Security Policies and Trusted Systems Operating Systems • Security professionals tend to speak of trust , • A policy is a statement of the security rather than security, in this context we expect the system to enforce • A more practical definition of what OS • We trust a system to the degree we users want believe it properly implements its • The user’s trust that the OS will provide policy certain security features properly Lecture 14 Lecture 14 Page 3 Page 4 CS 239, Spring 2002 CS 239, Spring 2002 Discretionary and Mandatory More on Mandatory Access Access Control Control • Discretionary access control means • Allows higher authorities to control that the users can choose to enforce it what users do with data they can –Or not access • Mandatory access control means the • Can prevent a user from telling a secret system forces access control on the to someone who “shouldn’t” know it users –Whether they like it or not Lecture 14 Lecture 14 Page 5 Page 6 CS 239, Spring 2002 CS 239, Spring 2002 1

  2. Why Would We Want To Returning to Our Example Prevent It? Process A Process B • What if the secret is proprietary Gimme your information? secret • What if the secret is essentially access to valuable software? • What if we’re concerned that B will be able to fool A? What if the system authorities don’t want A – Perhaps via social engineering? to tell the secret to B? • What if A and B are processes, not people? Can we prevent this? Lecture 14 Lecture 14 Page 7 Page 8 CS 239, Spring 2002 CS 239, Spring 2002 Common Security Policies Military Security Policies • Based on several ranks of security • Designed to state what we do and don’t – Unclassified want to allow – Restricted –Like the previous example – Confidential • Military security policies – Secret – Top secret • Commercial security policies • And compartmentalized by the need to know Lecture 14 Lecture 14 Page 9 Page 10 CS 239, Spring 2002 CS 239, Spring 2002 Determining Security Access in Clearances in Military Security Military Models • A clearance describes what • Based on a dominance relationship information a subject can know • A subject dominates an object iff: • All information has some security label – the subject has a more restricted • A subject can access information only rank than the object and if he has the proper clearance –the subject has access to the all the • A combination of the rank and the compartments of the object compartment allowed Lecture 14 Lecture 14 Page 11 Page 12 CS 239, Spring 2002 CS 239, Spring 2002 2

  3. Commercial Security Policies Clark-Wilson Security Policy • Typically less rigid and hierarchical • Particularly concerned with data integrity than military policies • System designer specifies well-formed • But with similar concerns transactions • Generally more flexibility in setting up • System must guarantee that all levels and compartments permitted operations conform to such • And in assigning access privileges transactions Lecture 14 Lecture 14 Page 13 Page 14 CS 239, Spring 2002 CS 239, Spring 2002 Separation of Duty Security Chinese Wall Security Policy Policy • Meant to provide strict separation between • To guarantee that important parts of a company commercial activities are not – For intellectual property reasons performed improperly by employees – Or to prevent conflicts of interest • Requires active participation by • Defines classes of conflicts among different multiple parties to achieve a goal groups in the company –Even if one or more parties is • Subjects cannot access information from permitted to perform every step more than one class member Lecture 14 Lecture 14 Page 15 Page 16 CS 239, Spring 2002 CS 239, Spring 2002 Models of Security Lattice Model of Security • A generalization of military model • Lattice model • Elements of the lattice are the security • Bell-La Padua model labels of the subjects and objects • Many other models exist • A partial ordering is defined on the lattice –Some are practical elements –Some are useful for proving • Access is permitted from one element to another if first is “greater” than the second theoretical limits of security Lecture 14 Lecture 14 Page 17 Page 18 CS 239, Spring 2002 CS 239, Spring 2002 3

  4. Bell-La Padua Confidentiality Example of the Lattice Model Model • Describes allowable paths of •E can access A, G but A can’t access information flow in a secure system E F E •A and B cannot • Another formalization of military A B C D access each other security model •Everyone can access J H • Designed for systems that handle data •G can access J at multiple levels of sensitivity everyone Lecture 14 Lecture 14 Page 19 Page 20 CS 239, Spring 2002 CS 239, Spring 2002 Important Security Properties for Simple Security Property Bell-LaPadua • Simple security property • Subject s may have read access to object o only if C(o) <= C(s) • *-Property • Means that I can read any object if I Means that I can read any object if I • Tranquility property have a higher enough security class have a higher enough security class • So the general can listen to what the So the general can listen to what the private says private says Lecture 14 Lecture 14 Page 21 Page 22 CS 239, Spring 2002 CS 239, Spring 2002 *-Property Tranquility Property • Subject s who has read access to object o • Classification of a subject or object can may have write access to object p only if change C(o) <= C(p) –But not while the subject is • Means that I can only write to objects at my security class or higher accessing anything • Means the general can’t say anything to the –Or while the object is being accessed private • Thereby assuring complete mediation • Prevents write-down Lecture 14 Lecture 14 Page 23 Page 24 CS 239, Spring 2002 CS 239, Spring 2002 4

  5. Thinking About This Security Desired Security Features of a Model Normal OS • Authentication of users • Let’s say I want it in my operating • Memory protection system • File and I/O access control • How do I get it? • General object access control • Enforcement of sharing • What are the implications of having it? • Fairness guarantees • Secure IPC and synchronization • Security of OS protection mechanisms Lecture 14 Lecture 14 Page 25 Page 26 CS 239, Spring 2002 CS 239, Spring 2002 Extra Features for a Trusted OS How To Achieve OS Security • Mandatory and discretionary access • Kernelized design control • Separation and isolation mechanisms • Object reuse protection • Virtualization • Complete mediation • Layered design • Audit capabilities • Intruder detection capabilities Lecture 14 Lecture 14 Page 27 Page 28 CS 239, Spring 2002 CS 239, Spring 2002 Advantages of Kernelization Reference Monitors • An important security concept for OS • Smaller amount of trusted code design • Easier to check every access • A reference monitor is a subsystem • Separation from other complex pieces that controls access to objects of the system –It provides (potentially) complete • Easier to maintain and modify security mediation features • Very important to get this part right Lecture 14 Lecture 14 Page 29 Page 30 CS 239, Spring 2002 CS 239, Spring 2002 5

  6. Assurance of Trusted Operating Assurance Methods Systems • How do I know that I should trust • Testing someone’s operating system? • Formal verification • What methods can I use to achieve the • Validation level of trust I require? Lecture 14 Lecture 14 Page 31 Page 32 CS 239, Spring 2002 CS 239, Spring 2002 Secure Operating System Some Security Standards Standards • If I want to buy a secure operating • U.S. Orange Book system, how do I compare options? • European ITSEC • Use established standards for OS • U.S. Combined Federal Criteria security • Common Criteria for Information • Several standards exist Technology Security Evaluation Lecture 14 Lecture 14 Page 33 Page 34 CS 239, Spring 2002 CS 239, Spring 2002 The U.S. Orange Book Purpose of the Orange Book • To set standards by which OS security • The earliest evaluation standard for could be evaluated trusted operating systems • Fairly strong definitions of what features • Defined by the Department of Defense and capabilities an OS had to have to in the late 1970s achieve certain levels • Allowing “head-to-head” evaluation of • Now largely a historical artifact security of systems – And specification of requirements Lecture 14 Lecture 14 Page 35 Page 36 CS 239, Spring 2002 CS 239, Spring 2002 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Security in an Operating System Operating systems need to protect against two types of security

Security in an Operating System Operating systems need to protect against two types of security

H Security Security in an Operating System Operating systems need to protect against two types of security violations: Accidental security violations, e.g.: a program accidentally overwrites a file; a user issues rm -rf *,

6.18k views • 28 slides
Outline Operating System Security Introduction CS 239 Memory protection

Outline Operating System Security Introduction CS 239 Memory protection

Outline Operating System Security Introduction CS 239 Memory protection Interprocess communications protection Security for Networks and File protection System Software Authentication May 20, 2002 Lecture 13 Lecture

348 views • 12 slides
Introduction to OSs What is an Operating System? Architectural Support for Operating

Introduction to OSs What is an Operating System? Architectural Support for Operating

CPSC-410 Operating Systems Introduction Introduction to OSs What is an Operating System? Architectural Support for Operating Systems Basic Organization of an Operating System Reading: Silberschatz (7 th ed), Chapters 1, 2

873 views • 19 slides
Outline Introduction Operating System Security Memory protection CS 239

Outline Introduction Operating System Security Memory protection CS 239

Outline Introduction Operating System Security Memory protection CS 239 Interprocess communications protection File protection Computer Security February 16, 2005 Lecture 10 Lecture 10 Page 1 Page 2 CS 239, Winter 2005

406 views • 8 slides
A better picture Many applications Application One Operating System System calls Operating

A better picture Many applications Application One Operating System System calls Operating

Introduction Operating Systems Spring 2003 OS Spring03 What is Operating System? It is a program! It is the first piece of software to run after boot It coordinates the execution of all other software User programs It

306 views • 12 slides
Introduction Outline What is an operating system? History of operating systems

Introduction Outline What is an operating system? History of operating systems

Introduction Outline What is an operating system? History of operating systems Where does the operating system fjt in a computing system? User mode and kernel mode What are the general operating system functions? 1 What is

450 views • 26 slides
CSE543 - Introduction to Computer and Network Security Module: Operating System Security

CSE543 - Introduction to Computer and Network Security Module: Operating System Security

942 views • 58 slides
CSE543 - Introduction to Computer and Network Security Module: Operating System Security

CSE543 - Introduction to Computer and Network Security Module: Operating System Security

580 views • 31 slides
CSE543 - Introduction to Computer and Network Security Module: Operating System Security

CSE543 - Introduction to Computer and Network Security Module: Operating System Security

350 views • 33 slides
CSE543 - Introduction to Computer and Network Security Module: Operating System Security

CSE543 - Introduction to Computer and Network Security Module: Operating System Security

823 views • 31 slides
Operating System Security It is also important to understand the operations and the

Operating System Security It is also important to understand the operations and the

Security risks exist for all operating systems and are not new. It is important to know the existing threats. Operating System Security It is also important to understand the operations and the vulnerabilities of your OS. Try to

214 views • 8 slides
Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure operating systems CS 239 Assuring OS security Computer Security Logging and auditing February 27, 2006 Lecture 12 Lecture 12 Page 1 Page 2

329 views • 9 slides
Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure operating systems CS 239 Assuring OS security Computer Security Logging and auditing February 23, 2005 Lecture 11 Lecture 11 Page 1 Page 2

553 views • 8 slides
OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik

OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android Dominik

Institute of Operating Systems and Computer Networks Operating System Email Crypto Provider binds to API key management secret key creation access control Security Token PIN/password caching per client operating system with IM NFC

704 views • 27 slides
Concepts of programming languages Something El(m)se Paolo Servillo, Enzo van Kessel, Jesse de

Concepts of programming languages Something El(m)se Paolo Servillo, Enzo van Kessel, Jesse de

[Faculty of Science Information and Computing Sciences] Concepts of programming languages Something El(m)se Paolo Servillo, Enzo van Kessel, Jesse de Ruijter . . 1 [Faculty of Science Information and Computing Sciences] Contents What

901 views • 58 slides
Managing a growing fmeet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix Kenan

Managing a growing fmeet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix Kenan

Managing a growing fmeet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix Kenan Ibrovi 03/07/19 Presentation 1 Managing a growing fmeet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix Problems

410 views • 23 slides
I'am'' Prof.'Reid'Holmes' email:'rtholmes@cs.uwaterloo.ca' CS246:''Object.Oriented''

I'am'' Prof.'Reid'Holmes' email:'rtholmes@cs.uwaterloo.ca' CS246:''Object.Oriented''

I'am'' Prof.'Reid'Holmes' email:'rtholmes@cs.uwaterloo.ca' CS246:''Object.Oriented'' URL:''hRp://www.uwaterloo.ca/~rtholmes' Office:''DC3551,'hours'TBD'(send'email)' So4ware'Development'

345 views • 5 slides
WordPress Day 1 1 About Me Jonathon Leathers - WordPress Developer TWD 4 Student (2013)

WordPress Day 1 1 About Me Jonathon Leathers - WordPress Developer TWD 4 Student (2013)

TWD 25 WordPress Day 1 1 About Me Jonathon Leathers - WordPress Developer TWD 4 Student (2013) weCreate Design (2014 - now) Vancouver WordPress Meetup Organizer (2017 - now) WordCamp Vancouver Lead Organizer (2018 &amp; 2019) TWD

1.52k views • 119 slides
Course Content Web Technologies and Applications Introduction Databases &amp; WWW

Course Content Web Technologies and Applications Introduction Databases &amp; WWW

Course Content Web Technologies and Applications Introduction Databases &amp; WWW Internet and WWW SGML / XML Winter 2001 Protocols Managing servers HTML and beyond Search Engines CMPUT 499: SGML to XML

209 views • 18 slides
JAXP 1.1 JAXP 1.1 Included in Java since JDK 1.4 Included in Java since JDK 1.4 How

JAXP 1.1 JAXP 1.1 Included in Java since JDK 1.4 Included in Java since JDK 1.4 How

2.3 JAXP: Java API for XML Processing 2.3 JAXP: Java API for XML Processing JAXP 1.1 JAXP 1.1 Included in Java since JDK 1.4 Included in Java since JDK 1.4 How can applications use XML processors? How can applications use XML

263 views • 3 slides
Galax implementation of XQuery J er ome Sim eon Lucent Technologies XQuery

Galax implementation of XQuery J er ome Sim eon Lucent Technologies XQuery

Lucent Technologies http://db.bell-labs.com/galax/ Galax implementation of XQuery J er ome Sim eon Lucent Technologies XQuery Implementation Panel, XML 2001, Orlando Lucent Technologies http://db.bell-labs.com/galax/ What is Galax?

393 views • 15 slides
Module 5 Module 5 Introduction to XQuery Introduction to XQuery XML is now everywhere XML is

Module 5 Module 5 Introduction to XQuery Introduction to XQuery XML is now everywhere XML is

Module 5 Module 5 Introduction to XQuery Introduction to XQuery XML is now everywhere XML is now everywhere Google search (warning: unreliable Google search (warning: unreliable numbers) numbers) 285.000.000 for XML 285.000.000 for

852 views • 54 slides

More recommend