Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 – Designing Trusted Operating Systems

Published byBlake Waters Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 5 – Designing Trusted Operating Systems"— Presentation transcript:

1 Chapter 5 – Designing Trusted Operating Systems
What makes an operating system “secure”? Or “trustworthy? How are trusted systems designed, and which of those design principles carry over naturally to other program development tasks? How do we develop “assurance” of the correctness of a trusted operating systems?

2 Designing Trusted Operating Systems
Primitive security services Memory protection File protection General object access control User authentication OS is trusted if we have confidence that it provides these four services in a consistent and effective way.

3 What is a trusted system?
Secure Trusted Either-or: something either is or is not secure Graded: There are degrees of “trustworthiness Property of presenter Property of receiver Asserted based on product characteristics Judged based on evidence and analysis Absolute: not qualified as to how, where, when, or by whom used Relative: viewed in context of use A goal A characteristic

4 What is a trusted system?
Trusted process – process that can affect system security Trusted product – evaluated and approved product Trusted software- software portion of system that can be relied upon to enforce security policy Trusted computing base – set of all protection mechanisms within a computing system that enforce a nified security policy Trusted system – system that employs sufficient hardware and software integrity measures to allow its use for processing sensitive information

5 Security Policies security policy – statement of security we expect the system to enforce Military Security Policy based on protecting classified information Information access is limited by need-to-know rule Each piece of classified info is associated with a compartment

6 Military Security Policy
Class (classification) - <rank; compartment> Clearance - indication that person is trusted to access info up to a certain level of sensitivity Dominance – s <= O iff ranks <= ranko and compartmentss <= compartmentso Clearance level of subject is at least as high as that of the information Subject has a need to know about all compartments for which the information is classified.

7 Commercial Security Policies
Data items at any level may have different degrees of sensitivity (public, proprietary, internal) No formalized notion of clearances No dominance function for most commercial information access

8 Clark-Wilson Commercial Security Policy
Well-formed transactions – perform steps in order, exactly as listed & authenticating the individuals who perform the steps Goal – maintain consistency between internal data and external expectations of the data Process constrained data items by transformation procedures <userID, TPi, {CDIj, CDIk, …}>

9 Commercial Security Policy
Separation of duty – division of responsibilities (manual system) Chinese Wall Security Policy – Confidentiality Policy Objects (e.g. files) Company Groups (all objects concerning a particular company) Conflict classes (cluster competing companies)

Download ppt "Chapter 5 – Designing Trusted Operating Systems"

Similar presentations

Trusted System Elements and Examples CS461/ECE422 Fall 2011.

Trusted System Elements and Examples CS461/ECE422 Fall 2011.
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Operating System Security

Operating System Security
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
Trusted vs. secure software

Trusted vs. secure software
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.

Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Verifiable Security Goals

Verifiable Security Goals
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
1 Integrity Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 22, 2004.

1 Integrity Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 22, 2004.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.

CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.
User Domain Policies.

User Domain Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

Similar presentations

Ads by Google