Network Security Library
Javascript Feeds    RSS Feed    Security Dashboard    SearchSecurity.com
About | Contact | Advertise | Site Map
Print Printer Friendly      PDF PDF Version
intrusion detection E-mail      Save Save This

Operating Systems Security Considerations


{LANG_NAVORIGIN} Operating System
Mohammad Heidari 07/16/2005



Abstract



An operating system is a fundamental component of most modern computer systems, Operating systems are close to the hardware, it masks the details of the underlying hardware from the programmer and provides lowest layer of software visible to users. It can be viewed as a resource manager, responsible for fair resource sharing between different processes in the system. On the other hand, Operating systems control access to application memory and scheduling of the processor. Applications must be run like OS-Level services and the developer of these apps does not know the level of details needed to develop secure applications on their own, If the OS isn’t doing these things securely, it generally compromise all security at higher levels, So The OS is a very logical place to enforce and support security. This paper presents the common built-in security criteria and mechanisms in OSs, it also introduces the common Vulnerabilities.


Introduction



OS Security revolves around the appropriate protection of four elements. Confidentiality prevents or minimizes unauthorized access and disclosure of data and information. Integrity makes sure that the data being worked with is actually the correct data. Availability (as defined in RFC 2828) is the property of a system or system resource being accessible and usable upon demand by an authorized system entity, according to performance specification for the system. Authenticity makes possible that a computer system be able to verify the identity of a user. Availability deals with the computer system assets (Hardware, Software, and Data). Hardware is the most vulnerable to attack (Accidental and deliberate damage to equipment as well as theft). A key threat to software is an attack on availability (Configuration management, Software modification, and so on). However the discussion about availability is beyond the scope of this paper. Confidentiality and Integrity deal with the three important roles: Protection Models, Capability and Assurance. One of the important factors of Confidentiality and integrity is Protection models. The model is the most important aspect of security, even if everything else in the system is perfect, it will still be exploitable if a weak model is used. Each of the protection models should be proven to ensure that they are as close as possible .Well known protection models include the Bell-LaPadula hierarchical mandatory access confidentiality model and the Biba hierarchical integrity model. Systems may tend to use several protection models rather than a single comprehensive one. The next part is Capability. Capabilities are the tools and functionality that the operating system uses to implement a given model and may include things like the specific access controls or what privileges are available and how they are defined. Examples include groups, how setting the system time is controlled, or having the system crash when it is unable to audit particular events. The last part of Confidentiality and integrity is Assurance. Assurances are a way of determining that the models are implemented correctly and cannot be bypassed, additionally assurances can cover nearly all aspects of the operating system, from the maturity level of the development team to the quality and comprehensiveness of the documentation to the architecture of the operating system itself. For example, using microkernel architecture allows for much higher assurances as all aspects of the protection models may be implemented at a single point known as a reference monitor.


Protection Mechanisms



The concept of multiprogramming introduces the sharing resources among users. This sharing involves Memory, I/O devices, Programs and Data. The ability to share these resources introduces the need for protection. An OS may offer protection along the following Spectrum: [1]

No Protection: This is appropriate when sensitive procedures are being run at separate times.

Isolation: This approach implies that each process operates separately from other processes, with no sharing. Each process has its own address space, files, and other objects

Share all or Share nothing: In this method, the owner of an object declares it to be public or private, in the other words, only the owner‘s processes may access the object.

Share via access limitation: The OS checks the permissibility of each access by a specific user to specific object; the OS therefore acts as a guard between users and objects, ensuring that only authorized accesses occur.

Share via dynamic capabilities: This extends the concept of access control to allow dynamic creation of sharing rights for objects.

Limit use of an object: This form of protection limits not just access to an object but the use to which that object may be put.

A given OS may provide different degree of protection for different objects, users and applications The OS needs to balance the need to allow sharing, with the need to protect the resources of individual users.


Protection of Memory



In a multiprogramming environment, protection of main memory is essential. The concern here is not just security but the correct functioning of the various processes that are active. The separation Of the memory space of various processes is easily accomplished with a virtual-memory scheme. Segmentation or Paging, or two in combination, provides an effective tools of managing main memory. If complete isolation is sought, then the OS must simply ensure that each segment or page accessible only by the process to which it is assigned. This is accomplished by requiring that there be no duplicate entries in page and/or segment tables. If sharing is to be allowed then the same segment or page may appear in more than one table. Segmentation specially lends itself to the implementation of protection and sharing policies. Because each segment table entry includes a length as well as a base address. A program can not access a main memory location beyond the limit of a segment. To achieve sharing, it is possible for a segment to be referenced in the segment tables of more than on process. In the paging system, the page structure of the programs and data is not visible to the programmer.

The measures taken to control access in a data processing systems fall into two categories:

User-Oriented Access Control



User control of access is sometimes referred to as Authentication. [2] the most common technique for user access control on a shared system or server is the user log, which requires ID and Password. User access control in distributed environment can be either centralized or decentralized In a centralized approach network provides a log on service, determining who is allowed to use the network and to whom the user is allowed to connect. Decentralized user access control treats the network as a transport communication link, and the destination host carries out the usual log on procedure. In many networks, two levels of access control may be used.
















E-Mail Link

Your IP address will be sent with this e-mail
From e-mail to e-mail



Stats
11775 Views
4.33/5 Rating
15 Votes
Papers
Newest
Highest Rated
Most Viewed
Reference

Services
Javascript Feeds
RSS (New Papers)
Security Dashboard

Our Stuff
About SecurityDocs
Advertise
Contact

Valid HTML 4.01!
Valid CSS!


Unless otherwise noted, all paper copyrights are owned by the author. The rest copyright 2003-2005 TechTarget

Privacy : Contact