Operating System Security

Date on which it was created: Created: October 13, 2003
Date on which it was last-updated:Last Updated: February 12, 2004

Module version number: Version 0.1
Author of the module: Dr. Ping Chen


Code: OSS


Objectives

Operating systems are the prime providers of security in computing systems. From the perspective of both users and designers this module covers what primitive security services a general operating system provides and how an operating system should be designed to be trusted.


Prerequisite

Operating System


Submodules

Submodule 

Title

Code

Description

Prerequisite

1 Overview of Operating System Security OSS1 Four aspects of a trusted OS; Pros and cons; Information and role Compartmentalization; Mandatory Access Control; Sensitivity Labels; Trusted OS Implementations; Common Criteria Assurance Levels Operating systems
2 Memory and file protection OSS2 This submodule discusses techniques used for memory and address protection and file protection. Memory and address protection can be built into the hardware mechanisms, such as fence, relocation, base/bounds registers, tagged architecture, segmentation, paging. File protection means include all-none protection, group protection, single permissions and temporary acquired permission. OSS1
3 User authentication OSS3

There are mainly three authentication mechanisms: passwords, physical identification and biometrics. This submodule covers use of passwords and its common problems.

cryptography
4 Security policies and models OSS4

Definition of a trusted system. Military security policy. Commercial security policies.

Discussion of security models: Lattice model. Bell-La Padula confidentiality model. Biba integrity model. Graham-Denning model. Take-Grant systems.

cryptography
5 Design of secure operating systems OSS5

Trusted system design elements. Security features of ordinary operating systems. Security features of trusted operating systems. Kernelized design. Separation/isolation. Virtualization. Layered design. 

OSS2
6 Examples of secure operating systems OSS6

Typical operation systems flaws. Assurance methods. Examples of general-purpose operation systems. Examples of operating systems designed for security. 

Operating systems

 

Resources

Books
Articles
Links

Glossary