Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 19 October 26, 2004.

Published byStuart Abraham Horn Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 19 October 26, 2004."— Presentation transcript:

1 Computer Science and Engineering Computer System Security CSE 5339/7339 Session 19 October 26, 2004

2 Computer Science and Engineering Contents  A4  in  A5  out  Trusted Operating Systems  Angela’s presentation

3 Computer Science and Engineering Trusted OS Design  OS is a complex system  difficult to design  Adding the responsibility of security enforcement makes it even more difficult  OS controls interactions between subjects and objects  Clear mapping from security requirements to the design  Design must be checked using formal reviews or simulation  Requirements  design  testing

4 Computer Science and Engineering Security Design Principles  Least privilege – users, programs, fewest privilege possible  Economy of mechanism – small, simple, straight forward  Open design – extensive public scrutiny  Complete mediation – every attempt must be checked  Permission based – denial of access is the default  Separation of privilege – more than one condition  Least common mechanism – the risk of sharing  Ease of use – unlikely to be avoided

5 Computer Science and Engineering OS User interface Resource allocation Services users DataCPUMemoryI/O devices TablesLibraries Synchronization Concurrency control Deadlock management Communication Accounting OS Functions

6 Computer Science and Engineering Security features in ordinary OS  Authentication of users – password comparison  Protection of memory – user space, paging, segmentations  File and I/O device access control – access control matrix  Allocation & access control to general objects – table lookup  Enforcement of sharing – integrity, consistency  Fair service – no starvation  Interprocess communication & synchronization – table lookup  Protection of OS protection data – encryption, hardware control, isolation

7 Computer Science and Engineering Security features of Trusted OS  Identification and Authentication  Mandatory and Discretionary Access Control (MAC & DAC)  Object reuse protection  Complete mediation – all accesses are checked  Trusted path  Accountability and Audit – security log  Audit log reduction  Intrusion detection – patterns of normal system usages, anomalies

8 Computer Science and Engineering Kernel – OS part that performs lowest level functions User tasks OS OS Kernel Hardware

9 Computer Science and Engineering Security Kernel – responsible for enforcing security mechanisms of the entire OS  Coverage – ensure that every access is checked  Separation – security mechanisms are isolated from the rest of OS and from user space  easier to protect  Unity – all security mechanisms are performed by a single set of code  easier to trace problems  Modifiability – security mechanism changes are easier to make and test  Compactness – relatively small  Verifiability – formal methods, all situations are covered

10 Computer Science and Engineering Reference Monitor – the portion of a security kernel that controls accesses to objects  Collection of access controls for  Devices  Files  Memory  Interprocess communication  Other objects  It must be  Always invoked when any object is accessed  Small enough – analysis, testing  Tamperproof O S OO SS Gate

11 Computer Science and Engineering Trusted Computing Base (TCB) – everything in the trusted OS necessary to enforce security policy System element on which security enforcement depends:  Hardware – processors, memory, registers, and I/O devices  Processes – separate and protect security-critical processes  Primitive files – security access control database, identification/authentication data  Protected memory – reference monitor can be protected against tampering  Interprocess communication – for example: reference monitor can invoke and pass data securely to audit routine

12 Computer Science and Engineering TCB and Non-TCB Code Primitive I/O Basic Operations Clocks, timing Interrupt handling Hardware:registers memory Capabilities Applications Utilities User request interpreter … Segmentation, paging, memory management TCB Non-TCB

13 Computer Science and Engineering TCB monitors 4 basic interactions:  Process activation  Execution domain switching  Memory Protection  I/O operation

14 Computer Science and Engineering Combined Security Kernel / OS System User tasks OS OS Kernel Hardware Security activity OS Kernel: - HW interactions - Access control OS: - Resource allocation - Sharing - Access control - Authentication functions

15 Computer Science and Engineering Separate Security Kernel User tasks OS Security Kernel Hardware Security Kernel: -Access control -Authentication functions OS: - Resource allocation - Sharing - Hardware interactions

16 Computer Science and Engineering Separation:  Physical Separation  Temporal Separation  Cryptographic Separation  Logical separation (isolation)

17 Computer Science and Engineering Virtualization:  Illusion  The OS emulates or simulates a collection of a computer system’s resources.  Virtual Machine: Collection of real or simulated hardware facilities – processor, memory, I/O devices

18 Computer Science and Engineering IBM MVS/ESA  Paging System  Virtualization is used to provide logical separation that gives the user the impression of physical separation.  Each user feels that he/she has a separate machine  Each user’s virtual memory space cab be as large as the total addressable space.

19 Computer Science and Engineering Virtual machine Real System Resources Real OS VirtualMachine User 1 VirtualMachine User 2 VirtualMachine User 3

20 Computer Science and Engineering Layered OS Hardware Security functions Synchronization, allocation Scheduling, sharing, MM File system, device allocation Utility functions Compilers, database User processes OS kernel Security kernel OS

21 Computer Science and Engineering Provably Secure Operating System (PSOS)  16 level Layered structure (see table – page 272)  Each layer uses the services of the layers below it, and provides certain level of functionality to the layers above it.  Peel off each layer and still have a logically complete system with less functionality

22 Computer Science and Engineering Conventionally vs. Hierarchically Designed Systems LevelFunctionsRisk AllNon-criticalDisaster possible AllLess criticalDisaster possible AllMost criticalDisaster possible levelFunctionsRisk 2Non-critical 1Less critical 0Most critical

23 Computer Science and Engineering Assurance  Testing – based on the actual product being evaluated, not on abstraction  Verification – each of the system’s functions works correctly  Validation – the developer is building the right product (according to the specification)

24 Computer Science and Engineering Testing  Can demonstrate the existence of a problem, but passing tests does not imply the absence of problems  Hard to achieve adequate test coverage within reasonable time – inputs & internal states  Observable effects versus internal structure  real-time systems – hard to keep track of all states  Penetrating Testing – tiger team analysis, ethical hacking Team of experts in the design of OS tries to crack the system

25 Computer Science and Engineering Formal verification  The most rigorous method  Rules of mathematical logic to demonstrate that a system has certain security property  Proving a Theorem  Time consuming – complex process  Simple example

26 Computer Science and Engineering Example – Finding the minimum value Flow chart – page 278 Assertions P:n > 0Q:n > 0 and 1  i  n and min  A[1] R:n > 0 and S:n > 0 and 1  i  n andi = n + 1 and for all j 1  j  i -1 for all j 1  j  i -1 min  A[j]

27 Computer Science and Engineering Validation  Requirements checking – system does things it should do (in security, system does not do things it is not supposed to do)  Design and code reviews – traceability from each requirement to design and code components  System testing – data expected from reading the requirement document can be confirmed in the actual running of the systems

Download ppt "Computer Science and Engineering Computer System Security CSE 5339/7339 Session 19 October 26, 2004."

Similar presentations

Operating Systems Components of OS

Operating Systems Components of OS
Operating System Security

Operating System Security
Chapter 2 Operating System Overview Operating Systems: Internals and Design Principles, 6/E William Stallings.

Chapter 2 Operating System Overview Operating Systems: Internals and Design Principles, 6/E William Stallings.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.

Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.
CSC 405 Introduction to Computer Security

CSC 405 Introduction to Computer Security
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Chapter 11 Operating Systems

Chapter 11 Operating Systems
CS533 - Concepts of Operating Systems

CS533 - Concepts of Operating Systems
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
Chapter 2 Operating System Overview Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 2 Operating System Overview Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Chapter 2 Operating System Overview Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 2 Operating System Overview Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Operating System A program that controls the execution of application programs An interface between applications and hardware 1.

Operating System A program that controls the execution of application programs An interface between applications and hardware 1.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: System Structures.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: System Structures.

Similar presentations

Ads by Google