Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 13 Processing Controls. Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing.

Published bySpencer Wilkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 13 Processing Controls. Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing."— Presentation transcript:

1 Chapter 13 Processing Controls

2 Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing and use of resources within a computer system There are many cases in which serious losses have occurred through breaches of operating system controls

3 Some Features of OP Systems Capable of managing resources Good managers vs. bad mangers There is a cost associated with mis- management of op systems –Exposure to risks –Loss of integrity What is an interrupt in op systems? Op systems demand respect by using interrupts.

4 Nature of a Reliable Operating System 1. Must be protected from user processes 2. Must prevent one user corrupting another user’s processes 3. Must protect users from themselves 4. Must protect itself from corruption of another module or sub-process 5. Must be robust when environmental failures occur

5 Operating System Integrity Threats Accidental –hardware, software, and environmental failures that cause the operating system to crash or to process erroneously Deliberate –usually aim at unauthorized removal of assets, breaches of data integrity, or disruption of operations

6 Penetration Techniques Browsing (checking residue) Masquerading Piggybacking (tapping messages) Between-lines entry (inactive users) Spoofing (fooling the user as if op system is interacting) Backdoors/Trapdoors (use it as if you are already in the system) Trojan horse (unknown to user, user runs the penetrator’s program)

7 Other Penetration Techniques Covert Storage Channels –one process communicates confidential information to another process by changing the values of system state variables Covert Timing Channels –one process communicates confidential information to another process by changing the time period that a system takes to perform some function

8 Operating System Integrity Flaws Penetrations result when integrity flaws exist in operating systems. These flaws arise for two reasons: 1. The access control policy designed for the operating system is defective 2. Even if a secure access control policy is designed for the operating system, it might be implemented incorrectly in the operating system

9 Integrity Flaws (no details) Incomplete parameter validation Inconsistent parameter validation Implicit sharing of data Asynchronous validation Inadequate access control Violable limits

10 Reference Monitors and Kernels A reference monitor is an abstract mechanism that checks each request by a subject to access and use an object to ensure that the request complies with a security policy. A reference monitor is implemented via a security kernel, which is a hardware, software, firmware mechanism

11 Reference Monitor Abstraction

12 Validation Checks Primarily ensure that computations performed on numeric fields are authorized, accurate, and complete Processing associated with alphabetic or alphanumeric fields typically is minimal

13 Rounding Validation Check Process

14 Other Software Controls Print Run-to-Run Control Totals –provide evidence that all input data has been processed accurately Minimize Human Intervention –because human intervention is error-prone, minimizing it will reduce incorrect processing Use Redundant Calculations –additional calculations can be used as “checks”

15 Audit Trail Controls Accounting Audit Trail –allows auditors to trace and to replicate the processing performed on a data item Operations Audit Trail –data is often critical to effective management of shared system resources

16 Operations Audit Trail

17 Content of the Operations Audit Trail Resource Consumption Data –identifies which user consumed a resource Security-Sensitive Events –creates audit trail entries for all changes to password or access privileges files or failed access attempts Hardware Malfunctions –records processor or memory parity errors User-Specified Events –allows users to write their own programs to collect operations data

18 Interrogating the Operations Audit Trail 1. Specifying audit objectives 2. Extracting data from the operations audit trail that will allow auditors to meet these objectives 3. Sorting the data extracted into the required order 4. Formatting and presenting the results

19 Existence Controls Nature of Checkpoint/Restart Controls –allow programs to be reestablished at some prior, valid intermediate point in their processing and restarted form that point –cannot guard against long-term or global failures

20 Functions of Checkpoint Facilities Processor-based Scheme –when a transient fault occurs, this scheme rolls the processor back a small number of instruction and then restarts the processor Memory-based Scheme –relies on having two memory banks for each address. Successful operations are copied from the first memory bank to the second

21 Processor-based Checkpoint/Restart facility

22 Memory-based Checkpoint/Restart facility

23 Auditors Concerns with Checkpoint/Restart Facilities Information written to a log must be secure Facilities must be effective and efficient Facilities should be well documented Facilities should work reliably

Download ppt "Chapter 13 Processing Controls. Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing."

Similar presentations

Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:

Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
CS-550 (M.Soneru): Recovery [SaS] 1 Recovery. CS-550 (M.Soneru): Recovery [SaS] 2 Recovery Computer system recovery: –Restore the system to a normal operational.

CS-550 (M.Soneru): Recovery [SaS] 1 Recovery. CS-550 (M.Soneru): Recovery [SaS] 2 Recovery Computer system recovery: –Restore the system to a normal operational.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.

1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.

1 Output Controls Ensure that system output is not lost, misdirected, or corrupted and that privacy is not violated. Exposures of this sort can cause serious.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter 10 10-1.

Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google