Assurance in Operating Systems
Tom Kelliher, CS 325
Nov. 7, 2011
Secure operating system design.
- Assurance methods.
Security in databases.
What is assurance?
How does an OS vendor create assurance in an OS?
- Typical sources of flaws:
- I/O devices -- consider video drivers.
How has Microsoft sought to remedy this?
- Ambiguity in access policy. Isolate user's data, but allow
sharing of system libraries, etc.
Which is it, is the system open or closed?
Examples: default umask settings; sharing in Windows XP.
- Incomplete mediation.
- Testing. Problems with testing.
- Penetration testing.
- Formal verification.
- Validation, as part of a software engineering methodology.
- Can a proprietary nature (Solaris, formerly), and low market
penetration increase assurance?
- Reputation and experience -- OpenBSD.
``Only one remote hole in the default install, in more than 10 years!''
- Open source, pros and cons.
- Evaluation -- ``Orange Book.''
Thomas P. Kelliher