SB 18: OS Security Flashcards
How can you provide assurances when building a system?
Thorough analysis of threats and vulnerabilities that apply to the system being built. I.e will the system be connected to the internet?
It is an iterative process that involves threat analysis and definition and eventually provides a full list of all necessary requirements.
What is a fat-finger error?
When an authorized user makes a mistake or inadvertently corrupts or misuses the system.
What is a security objective?
Abstract high-level requirements meant to “specify” countermeasures to mitigate the threats that have been identified. Provide clues for mechanisms needed to implement the requirements. They help in developing detailed requirements.
What are some architectural considerations?
- To determine the primary focus of control of security enforcement mechanisms. The focus lies on controlling data. What kind of access control should be implemented and what privileges can processes and users have.
- Should security functions be centralized or distributed among the systems and system components? It is easier to analyze and give assurance if the security functions are centralized however it can become a bottleneck and impact performance.
Where can a security mechanism be implemented?
An OS system is comprised of different levels. It is important to select the correct layer for a mechanism where it is most effective and efficient. Once a layer has been selected you need to think about how to protect the layers below.
For a layer to be secure the layers below it need to have security mechanisms in place as well. It is not always possible to implement the security mechanisms in the desired level due to access restrictions.
What is a reference monitor?
An access control concept of an abstract machine that mediated all access to objects by subjects.
What is a reference validation mechanism (RVM)?
An implementation of the reference monitor concept.
1. be tamper-proof
2. always be invoked
3. never be bypassed
4. be small enough to analyze and test
5. the completeness of which can be assured.
The first three must be met in a secure and trusted system.
Nr four can provide evidence of assurance.
Nr five engenders trust by assuring the OS meets the requirements.
What is a security kernel?
A combination of hardware and software that implements a reference monitor. An early example of a RVM.
What is a trusted computing base?
The trusted computing base (TCB) of a computer system is the set of all hardware, firmware, and/or software components that are critical to its security, in the sense that bugs or vulnerabilities occurring inside the TCB might jeopardize the security properties of the entire system.
It consists of all protection mechanisms within a computer system that are responsible for enforcing a security policy.
One or more components that together enforce the security policy. Its ability to enforce the policy depend on the mechanisms and the correct input of parameters.
What is a sandbox?
A virtual environment where we can run things as if they’re in a real environment, but very carefully in order to limit our processes. A VM that takes security into consideration.
What is a VM?
An application that can simulate another environment. Not necessarily designed with security in mind. There are malware that can detect if they are being run in a VM or not and that will act differently when that is the case.
What are some techniques for evaluating the assurance of a system?
Informal: Uses natural languages. Minimum rigor on processes.
Semi-formal: Uses natural languages. Uses specific methods with some rigor. Attempts to mimic formal.
Formal: Mathematics and other machine-parsable languages with tools and rigorous techniques like formal proofs.
What is a trusted system?
A system that has been shown to meet well defined requirements through evaluation by credible experts who are certified.
What is the common criteria?
A framework to establish the level of trust a system has by providing evidence of the security of the system.
What does assurance look like throughout the life cycle of a system, what different types of assurances are there?
Policy: the evidence that the set of requirements in the policy is complete, consistent and technically sound.
Design: the evidence that the design is sufficient to meet the requirements.
Implementation: the evidence that the implementation is consistent with the requirements. Can be done with testing, proof of correctness and vulnerability assessment.
Operational/administrative: the evidence that it sustains the security policy requirements during installation, configuration and day-to-day operation.
It is an iterative process and in practice the steps are dependent on the evidence of the previous step.
