Security is of increasing concern in the modern world. Not only is our physical security becoming more difficult to maintain, even in the developed world, but with the advent of the information age, our information and the infrastructure via which it is stored, processed and communicated, is increasingly important to control. The security of our information and its supporting infrastructure is the focus of this conference. One of the key aspects of keeping computerized information secure is keeping the computer system secure and vital to that is the operating system.
Operating system security is itself paramount if we are to secure the information it controls. In order to have a secure operating system it must be supported by a suitable computer architecture, and the implementation of the computer architecture must of course itself be appropriately engineered. If the underlying technology from which the operating system is built and on which it is supported is not secure, then one can have no confidence in the security of the operating system and of the information it maintains for the users.
Thus, in this short overview of operating systems security we will delve into the requirements for the supporting computer and communication system, look at the design, operation and function of the operating system, investigate the implementation of a secure operating system, discuss security policies that can be supported by the system, and attempt to bring this complex structure together in a way that provides some insight into the design, construction and operation of a secure operating system.
Acknowledgements This is primarily a personal view of the current state of operating systems security. At the end I include some references but this is not a complete survey. This presentation also contains material taken from the background chapters of Dan Mossop’s PhD thesis.
Biographical Sketch Ronald Pose completed his B.Sc.(Hons) degree and his Ph.D. at Monash University, Melbourne, Australia. He majored in both Chemistry and in Computer Science, with a minor in Mathematical Statistics. His Ph.D. involved the design and implementation of a novel capability-based operating system kernel, the Password-Capability System , and the design and construction of tightly-coupled multiprocessor hardware with novel addressing mechanisms to support it. In 1987 Ronald Pose was employed as a Research Scientist at Telecom Australia Research Laboratories where he worked on the application of public key cryptography and authentication and certification techniques. He joined the faculty of Monash University in 1988. There he has supervised a number of research students with whom he has worked on a wide variety of research projects including neural networks, genetic algorithm function optimization, network routing, low latency virtual reality address recalculation pipeline display system, and self-reconfigurable computer systems. Dr. Pose's current research interests include virtual reality and telerobotics technology, computer architecture, parallel and distributed computer systems architecture, secure operating systems, reconfigurable computer systems architecture, multiprocessor interconnection networks, wireless ad hoc networks and spread-spectrum microwave communication technology, computer system security. He currently has Ph.D. students working on computer security analysis, multi-user virtual reality, and wireless ad-hoc networking.
I will assume that the audience has used a computer and has some familiarity with a popular operating system such as Microsoft Windows XP, Unix, or MacOS. While each of these has the characteristics of an operating system, none of them could be considered very secure. That is not to say that the world is necessarily at great peril in terms of its information systems given that the vast majority of computer systems use such operating systems, however computer systems security can never be extremely strong while we continue with current systems and practices.
An important issue is how important is security, and how much are we willing to pay for it, in financial, convenience, performance and other terms. A perfectly secure system is unlikely to be popular since it will by necessity, omit many of the popular but highly insecure features to which people have become accustomed. Interestingly many of the emerging problems that are now plaguing us as computer users, like junk e-mail, computer viruses and worms, and loss of privacy, are largely self-inflicted, through use of insecure technologies. E-mail was ‘safe’ before the advent of attachments, especially executable attachments. Web surfing was ‘safe’ before executable applets and other active sites became possible and popular. However operating systems have never really been secure in themselves. They have tended to rely on skilled users and administrators to cooperate in maintaining security. Now that the end user and administrator is likely to be technically naïve, it is more important to design and produce systems that give the lay users some hope of maintaining their information security. This requires good operating systems security infrastructure provided in a form that is easy to use and understand.
In this talk I can only outline the basic principles and give pointers to appropriate technologies that can assist us in our search for information security. This is an open field where there is a real need for new ideas, and an even bigger need to question the current practices. We have sold the public a way of dealing with information that is inherently insecure, and have made these unsafe practices and technology ubiquitous. Huge industries have developed based on insecurity of information and in trading information. These could be threatened by widespread use of secure systems. Similarly there are many governments around the world that have vested interests in ensuring that people’s information systems are insecure, so as to allow monitoring of the population are their activities. There are enormous legal questions regarding the safeguarding of information, information privacy, international law, intellectual property etc. Interestingly these issues can all impact on the design, implementation, deployment and use of secure operating systems.
“ a secure system is a system on which enough trust can be put to use it together with sensitive information”
“ concerned with the protection of valuable assets from harm, which is a significant negative consequence to the asset … security deals with malicious harm, which is harm resulting from attacks or probes by someone or something playing the role of attacker”
“ A means of restricting access to objects based on the sensitivity of the information contained in the objects and the formal authorization of subjects to access information of such sensitivity” - US DoD
it is the users rather than the system restricting access
“ A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission on to any other subject (unless restrained by mandatory access control)” - US DoD