1 / 24

Computer and Information Security

Computer and Information Security. OS Security Functions. Separation: keep users/processes separate Physical, Temporal, Logical, Cryptographic separation Memory protection: Ensures that one user’s process cannot access others’ memory Fence Base/bounds register Tagging Segmentation

metta
Download Presentation

Computer and Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer and Information Security

  2. OS Security Functions • Separation: keep users/processes separate • Physical, Temporal, Logical, Cryptographic separation • Memory protection: • Ensures that one user’s process cannot access others’ memory • Fence • Base/bounds register • Tagging • Segmentation • Paging • Access control: • Authentication and Authorization

  3. Trusted Operating System • An OS is trusted if we rely on it for • Memory protection • Separation • Access control • Every OS does these things • But if a trusted OS fails to provide these, our security fails. Part 4  Software 3

  4. Trust vs Security • Security is a judgment of effectiveness of a particular mechanisms. • Security depends on trust. • Trust impliesreliance • Trust is binary: trust or we don’ t. Part 4  Software 4

  5. Trusted Systems • Trust implies reliance • A trusted system is one that we relied on for security. • An untrusted system is not one that we relied on for security • Only a trusted system can break your security! Part 4  Software 5

  6. Trusted OS • OS mediates interactions between subjects (users) and objects (resources) • Trusted OS must decide • Which objects to protect and how • Which subjects are allowed to do what Part 4  Software 6

  7. Trusted OS design principles. • Least privilege: • S/O takes minimum necessary set of privileges. • Economy of mechanism (simplicity): • security mechanisms should be as simple as possible. • Open design:Avoid security by obscurity. • Secret keys or passwords, but not secret algorithms • Complete mediation: • Every access to every object must be checked.

  8. Trusted OS design principles. • Separation of privileges: • A system should not grant permission based on one conditions. • Failsafe Defaults: No access by default. • Least common mechanism: • Mechanisms used to access resources should not be shared. • Psychological Acceptability (ease of use) • If protection mechanism is difficult, nobody will use it, or it will be used in the wrong way.

  9. Assurance • “Degree of confidence that the security controls operate correctly and protect the system as intended” • Applies to: • product security requirements, security policy, product design, implementation, operation. • various approaches analyzing, checking, testing various aspects

  10. System Certification • Government attempt to certify “security level” of products • Still required today if you want to sell your product to the government Part 2  Access Control 10

  11. Orange Book • Trusted Computing System Evaluation Criteria (TCSEC), 1983 • Universally known as the “orange book” • Name is due to color of it’s cover • About 115 pages • Developed by DoD (NSA) • Orange book generated a pseudo-religious fervor among some people Part 2  Access Control 11

  12. Orange Book Outline • Goals • Provide way to assess security products • Provide guidance on how to build more secure products. • Four divisions labeled D thru A • D is lowest, A is highest • Divisions split into numbered classes Part 2  Access Control 12

  13. Common Criteria (CC) • Successor to the orange book (ca. 1998) • Due to inflation, more than 1000 pages • An international government standard • CC is relevant in practice, but only if you want to sell to the government • Evaluation Assurance Levels (EALs) • 1 thru 7, from lowest to highest security Part 2  Access Control 13

  14. EAL 1 thru 7 • EAL 1: functionally tested • EAL 2: structurally tested • EAL 3: methodically tested and checked • EAL 4: methodically designed, tested, and reviewed (high level to low level vulnerability analysis) • EAL 5: semiformally designed and tested • EAL 6: semiformally verified design and tested • EAL 7: formally verified design and tested (formal analysis and formally showing correspondence)

  15. EAL • Note: product with high EAL may not be more secure than one with lower EAL • Why? • Also, because product has EAL doesn’t mean it’s better than the competition • Why? Part 2  Access Control 15

  16. EAL • EAL4 is most commonly sought • Minimum needed to sell to government • EAL7 requires formal proofs • Who performs evaluations? • Government accredited labs, of course • For a hefty fee (like, at least 6 figures) Part 2  Access Control 16

  17. Evaluation Process • ensure security features correct & effective • performed during/after target of evaluation (TOE) development • input: security target, evidence, actual TOE • result: confirm security target satisfied for TOE • process relates security target to some of TOE: • high-level design, low-level design, functional spec, source code, object code, hardware realization • higher levels need semiformal/formal models • higher levels need greater rigor and cost

  18. Evaluation Parties & Phases • Evaluation parties: • sponsor - customer or vendor • developer - provides evidence for evaluation • evaluator - confirms requirements satisfied • certifier - agency monitoring evaluation process • Phases: • preparation (initial contact) • conduct of evaluation (structured process) • conclusion (final evaluation) • Government agency regulates: NIST, NSA jointly operate Common Criteria Eval and Validation Scheme (US CCEVS)

  19. Virtualization • A technology that provides an abstraction of the resources used by some software which runs in a simulated environment called a virtual machine (VM) • Benefits include better efficiency in the use of the physical system resources • Provides support for multiple distinct operating systems and associated applications on one physical system • To Download VirtualBox and use it: • https://www.youtube.com/watch?v=sB_5fqiysi4

  20. VirtualBox

  21. Full Virtualization Variations 1- Native virtualization: the hypervisor executes directly on the underlying hardware • Hosted OS is just another app • More secure: fewer layers

  22. Full Virtualization Variations 2- Hosted virtualization: Hosted OS run along other apps • Adds additional layers: increased security concerns

  23. Virtualization Security Issues • Security concerns include: • Guest OS isolation: ensuring that programs executing within a guest OS may only access and use the resources allocated to it • Guest OS monitoring by the hypervisor: has privileged access to the programs and data in each guest OS and must be trust • Virtualized environment security: particularly image and snapshotmanagement which attackers may attempt to view or modify

  24. Summary • Trusted OS: Trust vs Security • Trusted OS design principles • Assurance. • Orange Book • Common Criteria (CC) • EAL • Evaluation process, parties & phases • Virtualization.

More Related