Submodules
|
Submodule |
Title |
Code |
Description |
Prerequisite |
| 1 | Overview of Operating System Security | OSS1 | Four aspects of a trusted OS; Pros and cons; Information and role Compartmentalization; Mandatory Access Control; Sensitivity Labels; Trusted OS Implementations; Common Criteria Assurance Levels | Operating systems |
| 2 | Memory and file protection | OSS2 | This submodule discusses techniques used for memory and address protection and file protection. Memory and address protection can be built into the hardware mechanisms, such as fence, relocation, base/bounds registers, tagged architecture, segmentation, paging. File protection means include all-none protection, group protection, single permissions and temporary acquired permission. | OSS1 |
| 3 | User authentication | OSS3 |
There are mainly three authentication mechanisms: passwords, physical identification and biometrics. This submodule covers use of passwords and its common problems. |
cryptography |
| 4 | Security policies and models | OSS4 |
Definition of a trusted system. Military security policy. Commercial security policies. Discussion of security models: Lattice model. Bell-La Padula confidentiality model. Biba integrity model. Graham-Denning model. Take-Grant systems. |
cryptography |
| 5 | Design of secure operating systems | OSS5 |
Trusted system design elements. Security features of ordinary operating systems. Security features of trusted operating systems. Kernelized design. Separation/isolation. Virtualization. Layered design. |
OSS2 |
| 6 | Examples of secure operating systems | OSS6 |
Typical operation systems flaws. Assurance methods. Examples of general-purpose operation systems. Examples of operating systems designed for security. |
Operating systems |