Operating System

Security
CSCI-620: M02
Instructor: Qian Wang
Lecture 10: 11/11/2016
Email: [email protected]
Introduction to Computer Security

Based on slides by Ruhr-University Bochum

 Recommended Literature
Books
[Jaeger] Trent Jaeger: Operating System Security
Morgan & Claypool Publishers, 2008 Examines past
research that outlines the requirements for a secure
operating system and research that implements
example systems that aim for such requirements
[Palmer] Michael Palmer: Operating Systems
Security Thomaon Course Technology, 2004
Discussion based not on concepts, but more on
administrative security measures in some operating
systems

03/18/17
2

 What is Computer Security
Traditionally focused on the physical
machine To prevent theft of or
damage to the hardware
To prevent theft of or damage to the
information
To prevent disruption of service
Today, the value of data is greater
than the value of hardware
Thus, computer security focuses today on
information security
03/18/17
3

 Security Targets
Secrecy (or condentiality)
Protecting information from unauthorized
disclosure
Integrity
Protecting information from unauthorized
modication or destruction
Availability (prevention of Denial of Service)
Prevention of temporary reduction in
system performance, a system crash or a major
crash with permanent loss of data

03/18/17
4

 Secure System
Any computer system can only be secure with
respect to some specic policy that denes what
is allowed in the system

03/18/17
5

 Evaluation Criteria for System
Security
Orange Book
Developed by the U.S. Department of Defense
The document employs the concept of a Trusted
Computing Base (TCB)
A combination of computer hardware and an
operating system that supports untrusted applications
and users
The document gives his own denition of computer
security by introducing layers of trust
Today, internationally recognized
standard is Common Criteria
03/18/17
6

 Computer Security:
Technology
Major technological advances in computers raises new
security threats that require new security solutions (e.g.,
Trusted Computing)
New technologies should be accompanied by integrated
security strategies!
There has long been the perception that true computer
security can never be achieved in practice
The reasons for the supposed failure are manifold
Programs intended for research have been wrongly criticized for
not fullling needs of production systems
Researchers and developers promise more than they can deliver
Developments are often targeted to specic operating system,
etc.
Complexity problem
03/18/17
7

 Computer Security:
Implementation
Security vs. correctness
The notions are not sysonymes
It is easier to build a secure system than to build a correct
system
How many operating systems are correct
and bug-free?
For all operating systems vendors must periodically issue new
releases
Bugs can usually be circumvented, but a single security hole can
render all of the systems security controls
The important fact is not the likelihood of a aw (which is high),
but the likelihood that a penetrator will nd one (which we hope is
very low)

03/18/17

8

 Computer Security:
Functionality
Security seems to be a hurdle/annoying for users
Security measures often interfere with an
honest users normal job
Vendors often implement security
enhancements in response to specic customer
demands
Many customers take it upon to themselves to
x security problems at their own sites

9

 Computer Security: Why it fails
Misconceptions of security solutions
Misconceptions can have a serious negative eect on the overall
progress towards achieving reasonable security
Example: Encryption is useful, but it does not address the
general computer security problem
File encryption does nothing to increase the level of trust in the
operating system (OS)
If you do not trust your OS to protect your les, you cannot trust
it to encrypt your les or to protect the encryption keys properly!
Weakness in architecture and design (both in
hardware and software)
High complexity of common operating systems
(monolithic design)

03/18/17
10

 Need for Secure Hardware and
Hardware Software
Even a secure operating system cannot verify its own integrity (another
party is needed)
Secure storage
DMA (Direct Memory Access) control
Isolation of security-critical programs
Hardware-based random numbers
Fundamental to cryptography

Software (operating systems)

Hardening, e.g., Secure Linux (SE Linux)
Still too complex and large TCB (Trusted Computing Base)
Complete new design
E.g., Trusted Mach, EROS (Extremely Reliable Operating System),
Singularity (Microsoft)
Compatibility problem, less market acceptance
Secure Virtual Machine Monitors
Allow reuse of legacy software

03/18/17
11

 Computer Security: User
Social engineering
Many organizations believe that computer
security technology is irrelevant to real-world
problems, because all recorded cases of
computer abuse and fraud are non-technical
But these organizations often fail to recognize
that the computer can protect against awed
procedural controls
E.g., a computer system can restrict the access to
information, so that the user only can access
information he really needs to fulll his task

03/18/17
12

 Internal and External Security
Internal security controls
Implemented within the hardware and software of
the system
Internal controls can only be eective if they are
accompanied by adequate external security
controls
External security controls
Govern physical access to the system
Cover all activities for maintaining security of the
system that the system itself cannot address

03/18/17
13

 External Controls
Physical security
E.g., locked rooms or guards
Physical security controls alone cannot address the
security problems of multiuser distributed systems
Personnel security
A level of security clearance is assigned to individuals
Employer decides whom to trust
Procedural security
Covers the processes of granting people access to
machines, input/out handling (e.g., printouts), installing
system software, attaching user terminals, etc.

03/18/17
14