Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.

Published byRoss Morris Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004."— Presentation transcript:

1 Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004

2 Computer Science and Engineering Contents  Separation  Assurance  Group Work  Evaluation  Examples  Sandeep’s presentation

3 Computer Science and Engineering Separation:  Physical Separation  Temporal Separation  Cryptographic Separation  Logical separation (isolation)

4 Computer Science and Engineering Virtualization:  Illusion  The OS emulates or simulates a collection of a computer system’s resources.  Virtual Machine: Collection of real or simulated hardware facilities – processor, memory, I/O devices

5 Computer Science and Engineering IBM MVS/ESA  Paging System  Virtualization is used to provide logical separation that gives the user the impression of physical separation.  Each user feels that he/she has a separate machine  Each user’s virtual memory space cab be as large as the total addressable space.

6 Computer Science and Engineering Virtual machine Real System Resources Real OS VirtualMachine User 1 VirtualMachine User 2 VirtualMachine User 3

7 Computer Science and Engineering Layered OS Hardware Security functions Synchronization, allocation Scheduling, sharing, MM File system, device allocation Utility functions Compilers, database User processes OS kernel Security kernel OS

8 Computer Science and Engineering Modules operating in Different Layers Least trusted code Most trusted code User interface User ID lookup Data comparison Data update User Authentication module

9 Computer Science and Engineering Provably Secure Operating System (PSOS)  16 level Layered structure (see table – page 272)  Each layer uses the services of the layers below it, and provides certain level of functionality to the layers above it.  Peel off each layer and still have a logically complete system with less functionality

10 Computer Science and Engineering Conventionally vs. Hierarchically Designed Systems LevelFunctionsRisk AllNon-criticalDisaster possible AllLess criticalDisaster possible AllMost criticalDisaster possible levelFunctionsRisk 2Non-critical 1Less critical 0Most critical

11 Computer Science and Engineering Assurance  Testing – based on the actual product being evaluated, not on abstraction  Verification – each of the system’s functions works correctly  Validation – the developer is building the right product (according to the specification)

12 Computer Science and Engineering Testing  Can demonstrate the existence of a problem, but passing tests does not imply the absence of problems  Hard to achieve adequate test coverage within reasonable time – inputs & internal states  Observable effects versus internal structure  real-time systems – hard to keep track of all states  Penetrating Testing – tiger team analysis, ethical hacking Team of experts in the design of OS tries to crack the system

13 Computer Science and Engineering Formal verification  The most rigorous method  Rules of mathematical logic to demonstrate that a system has certain security property  Proving a Theorem  Time consuming – complex process  Simple example

14 Computer Science and Engineering Entry min  A[1] i  1 i  i + 1 i > n min < A[i] min  A[i] Exit yes no yes no Example: find minimum

15 Computer Science and Engineering Example – Finding the minimum value Assertions P:n > 0Q:n > 0 and 1  i  n and min  A[1] R:n > 0 and S:n > 0 and 1  i  n andi = n + 1 and for all j 1  j  i -1 for all j 1  j  i -1 min  A[j]

16 Computer Science and Engineering Exercise 1  Four sources of weaknesses in OS security:  I/O  Ambiguity in access policy  Incomplete mediation  Generality Group work

17 Computer Science and Engineering Validation  Requirements checking – system does things it should do (in security, system does not do things it is not supposed to do)  Design and code reviews – traceability from each requirement to design and code components  System testing – data expected from reading the requirement document can be confirmed in the actual running of the systems

18 Computer Science and Engineering Evaluation  Review: requirements, design, implementation, assurance  US “Orange Book” Evaluation – Trusted Computer System Evaluation Criteria (TCSEC)  European ITSEC Evaluation – Information Technology Security Evaluation Criteria  US Combined Federal Criteria – 1992 joiintly buy NIST and NSA

19 Computer Science and Engineering TCSEC (Examine the table in page 284)  The levels of trust are described as four divisions: A, B, C, D, where A has the most comprehensive degree of security.  Within a class, numbers are used. The higher numbers indicate tighter security requirements.  4 clusters of ratings:  D – no requirements  C1/C2/B1 – commercial OS  B2 – proof of security of the underlying model  B3/A1 – proven descriptive and formal design of the trusted OS

20 Computer Science and Engineering Implementation Examples  UNIX – environment of trustworthy collaborators  PR/SM – protection against inadvertent or malicious attempts by a process in one domain to interfere with one in a different domain  VAX Security Kernel – by DEC, targeted A1 level of the TCSEC

21 Computer Science and Engineering Exercise 2 Group work

Download ppt "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004."

Similar presentations

Operating Systems Manage system resources –CPU scheduling –Process management –Memory management –Input/Output device management –Storage device management.

Operating Systems Manage system resources –CPU scheduling –Process management –Memory management –Input/Output device management –Storage device management.
Chapter 3 Process Description and Control

Chapter 3 Process Description and Control
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
© Chinese University, CSE Dept. Software Engineering / 1 - 1 Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.

© Chinese University, CSE Dept. Software Engineering / Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Chap 2 System Structures.

Chap 2 System Structures.
Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.

Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.
Introduction CSCI 444/544 Operating Systems Fall 2008.

Introduction CSCI 444/544 Operating Systems Fall 2008.
Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.

Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
Operating System Structure. Announcements Make sure you are registered for CS 415 First CS 415 project is up –Initial design documents due next Friday,

Operating System Structure. Announcements Make sure you are registered for CS 415 First CS 415 project is up –Initial design documents due next Friday,
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Stephen S. Yau CSE 465-591, Fall 2006 1 Evaluating Systems for Functionality and Assurance.

Stephen S. Yau CSE , Fall Evaluating Systems for Functionality and Assurance.
CS533 - Concepts of Operating Systems

CS533 - Concepts of Operating Systems
Describing Syntax and Semantics

Describing Syntax and Semantics
CS4315A. Berrached:CMS:UHD1 Operating System Structures Chapter 3.

CS4315A. Berrached:CMS:UHD1 Operating System Structures Chapter 3.
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

Similar presentations

Ads by Google