Assurance in Operating Systems

Tom Kelliher, CS 325

Apr. 7, 2010

Administrivia

Announcements

Presentations by Jake and A. J.

Assignment

Read 6.1-3.

From Last Time

Secure operating system design.

Outline

  1. Assurance.

  2. Flaws.

  3. Assurance methods.

Coming Up

Security in databases.

Assurance

What is assurance?

How does an OS vendor create assurance in an OS?

Flaws

  1. Typical sources of flaws:
    1. I/O devices -- consider video drivers.

      How has Microsoft sought to remedy this?

    2. Ambiguity in access policy. Isolate user's data, but allow sharing of system libraries, etc.

      Which is it, is the system open or closed?

      Examples: default umask settings; sharing in Windows XP.

    3. Incomplete mediation.

    4. Generality.

Assurance Methods

  1. Testing. Problems with testing.

  2. Penetration testing.

  3. Formal verification.

  4. Validation, as part of a software engineering methodology.

  5. Can a proprietary nature (Solaris, formerly), and low market penetration increase assurance?

  6. Reputation and experience -- OpenBSD.

    ``Only one remote hole in the default install, in more than 10 years!''

  7. Open source, pros and cons.

  8. Evaluation -- ``Orange Book.''


Thomas P. Kelliher 2010-04-07
Tom Kelliher