Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusted Operating Systems

Published byMaximilian Clinton Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Trusted Operating Systems"— Presentation transcript:

1 Trusted Operating Systems

2 What is a trusted operating system
Four aspects of a trusted OS Information compartmentalization Role compartmentalization Least privilege Kernel level enforcement “if it’s easy to administer, it’s probably easy to break into”

3 Pros and cons Pros Cons Difficult to compromise
One compromise will not lead to another Useful for mission critical applications Protects against inside attacks Cons Software compatibility Difficulty in administration Performance overhead More cumbersome for users

4 Information Compartmentalization
Information restricted without regard to user ID or “owner” No user, even administrators, can see or modify information they are not cleared to see Compromised applications cannot be used for further access, since they cannot see information unrelated to their task Web server cannot write to html files because it has only been cleared to read them

5 Mandatory Access Control
In DAC (Discretionary Access Control), users own files User can determine if a file is readable, writable, executable, etc, and by whom In MAC, restrictions are based on the sensitivity of information All objects have Sensitivity Labels which define a level or range of levels encompassing the information SLs cannot be overruled by the owner of a file or even a system administrator

6 Sensitivity Labels Two components Dominant Equal Disjoint
Classification Compartment Dominant Top Secret SL can read but not write Confidential SL Equal Only time modification is permitted Disjoint Prevents equal classifications from accessing other compartments Top Secret A cannot read Secret A B, since Top Secret A does not have access to the B compartment

7 Role Compartmentalization
No user can perform all system tasks There is no “root”, administrators are limited in their privileges Important system actions must be confirmed by multiple administrators Execution of a privileged program is still limited by privilege of user

8 Least Privilege Processes only have access to the minimum amount of information and privilege required to perform their task Mail server cannot modify web pages Web server cannot send Even if running as an administrator Permissions are strictly limited in scope and type

9 Kernel Level Enforcement
Security related operations happen in kernel mode, where they cannot be circumvented by any amount of user level action However, operations happen at the highest level possible, limiting potential damage as much as possible Application cannot override kernel decisions

10 Trusted OS Implementations
Trusted Solaris Password generator enforces strong passwords MAC Trusted symbol prevents spoofing Full system auditing Trusted IRIX Mandatory Integrity Trusted Networking MAC labeling of input and output

11 Trusted OS Implementations
Trusted BSD Based on FreeBSD Fine grained auditing Fine grained policy SELinux Patches to Linux published by the NSA Argus Pitbull LX Trusted environment that runs on top of Linux, Solaris, or AIX Domain Based Access Control Has root, but restricted Allows trusted applications to be run in alongside non-trusted applications, providing flexibility

12 “Orange Book” standards
Levels of security policies and accountability mechanisms Certification to use in given situations C2: Controlled Access Protection (5) B1: Labeled Security Protection (7) B2: Structured Protection (1) B3: Security Domains (1) A1: Verified Design (0)

13 Common Criteria Supercedes “Orange Book”
Worldwide effort, combines international criteria Broken into functional requirements: Audit Cryptographic support Communications User Data Protection Identification and Authentication Security Management Privacy Protection of the TOE Security Functions Resource Utilization TOE Access Trusted Path/Channels

14 Common Criteria Assurance Levels
EAL1: Functionally tested EAL2: Structurally tested EAL3: Methodically tested and checked EAL4: Methodically designed, tested, and reviewed EAL5: Semiformally designed and tested EAL6: Semiformally verified design and tested EAL7: Formally verified design and tested Blah blah blah

15 References

Download ppt "Trusted Operating Systems"

Similar presentations

Operating System Security

Operating System Security
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies

Access Control Methodologies
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Database Security By Bei Yuan. Why do we need DB Security? Make data arranged and secret Secure other’s DB.

Database Security By Bei Yuan. Why do we need DB Security? Make data arranged and secret Secure other’s DB.
Linux Security.

Linux Security.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Similar presentations

Ads by Google