1 / 21

Computer System Security CSE 5339/7339

Computer System Security CSE 5339/7339. Session 20 October 28, 2004. Contents. Separation Assurance Group Work Evaluation Examples Sandeep’s presentation. Separation:. Physical Separation Temporal Separation Cryptographic Separation Logical separation (isolation).

boyce
Télécharger la présentation

Computer System Security CSE 5339/7339

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer System SecurityCSE 5339/7339 Session 20 October 28, 2004

  2. Contents • Separation • Assurance • Group Work • Evaluation • Examples • Sandeep’s presentation

  3. Separation: • Physical Separation • Temporal Separation • Cryptographic Separation • Logical separation (isolation)

  4. Virtualization: • Illusion • The OS emulates or simulates a collection of a computer system’s resources. • Virtual Machine: Collection of real or simulated hardware facilities – processor, memory, I/O devices

  5. IBM MVS/ESA • Paging System • Virtualization is used to provide logical separation that gives the user the impression of physical separation. • Each user feels that he/she has a separate machine • Each user’s virtual memory space cab be as large as the total addressable space.

  6. Virtual machine Virtual Machine User 1 Virtual Machine User 2 Virtual Machine User 3 Real OS Real System Resources

  7. User processes Layered OS Compilers, database Utility functions OS File system, device allocation Scheduling, sharing, MM Synchronization, allocation OS kernel Security functions Security kernel Hardware

  8. Modules operating in Different Layers Least trusted code Most trusted code Data update Data comparison User ID lookup User interface User Authentication module

  9. Provably Secure Operating System (PSOS) • 16 level Layered structure (see table – page 272) • Each layer uses the services of the layers below it, and provides certain level of functionality to the layers above it. • Peel off each layer and still have a logically complete system with less functionality

  10. Conventionally vs. Hierarchically Designed Systems

  11. Assurance • Testing – based on the actual product being evaluated, not on abstraction • Verification – each of the system’s functions works correctly • Validation – the developer is building the right product (according to the specification)

  12. Testing • Can demonstrate the existence of a problem, but passing tests does not imply the absence of problems • Hard to achieve adequate test coverage within reasonable time – inputs & internal states • Observable effects versus internal structure • real-time systems – hard to keep track of all states • Penetrating Testing – tiger team analysis, ethical hacking Team of experts in the design of OS tries to crack the system

  13. Formal verification • The most rigorous method • Rules of mathematical logic to demonstrate that a system has certain security property • Proving a Theorem • Time consuming – complex process • Simple example

  14. Entry Example: find minimum min  A[1] i  1 i  i + 1 yes i > n Exit no yes min < A[i] no min  A[i]

  15. Example – Finding the minimum value Assertions P: n > 0 Q: n > 0 and 1  i  n and min  A[1] R: n > 0 and S: n > 0 and 1  i  n and i = n + 1 and for all j 1  j  i -1 for all j 1  j  i -1 min  A[j] min  A[j]

  16. Exercise 1 • Four sources of weaknesses in OS security: • I/O • Ambiguity in access policy • Incomplete mediation • Generality Group work

  17. Validation • Requirements checking – system does things it should do(in security, system does not do things it is not supposed to do) • Design and code reviews – traceability from each requirement to design and code components • System testing – data expected from reading the requirement document can be confirmed in the actual running of the systems

  18. Evaluation • Review: requirements, design, implementation, assurance • US “Orange Book” Evaluation – Trusted Computer System Evaluation Criteria (TCSEC) • European ITSEC Evaluation – Information Technology Security Evaluation Criteria • US Combined Federal Criteria– 1992 joiintly buy NIST and NSA

  19. TCSEC (Examine the table in page 284) • The levels of trust are described as four divisions: A, B, C, D, where A has the most comprehensive degree of security. • Within a class, numbers are used. The higher numbers indicate tighter security requirements. • 4 clusters of ratings: • D – no requirements • C1/C2/B1 – commercial OS • B2 – proof of security of the underlying model • B3/A1 – proven descriptive and formal design of the trusted OS

  20. Implementation Examples • UNIX – environment of trustworthy collaborators • PR/SM – protection against inadvertent or malicious attempts by a process in one domain to interfere with one in a different domain • VAX Security Kernel – by DEC, targeted A1 level of the TCSEC

  21. Exercise 2 Group work

More Related