CS283 - Lecture 5 - Part 1 - Security Policy - 20091006

CS283 - Lecture 5 - Part 1 - Security Policy - 20091006 -...

Info icon This preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
GWU CS 172/283 Autumn 2009 Draws extensively from: Memon’s notes, Brooklyn Poly Pfleeger Text, Chapter 5 Bishop’s text, Chapter 4, Bishop’s slides, Chapter 4 Security Policy
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 Security Services in an OS A general purpose Operating System provides the following security mechanisms: Memory protection File protection General object protection Access authentication How do we go about designing a “trusted” OS (that is, one that we believe implements the above mechanisms)? The term “trust” has a different meaning than the term “secure”. GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 05 – Part 1- Rev 20091006
Image of page 2
3 Trust is derived from three components A Policy: which provides a description of requirements A Model: which provides a representation of policy A Design: which is an implementation of policy Trust: derives from the user’s perception that the design properly implements the security policy GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 05 – Part 1- Rev 20091006
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
4 Trust Policies, mechanisms and procedures make assumptions and the system user trusts that these assumptions hold. For example, a System Administrator (SA) receives security patch and installs it. Has she increased the security of the system by installing the patch? For example, aspirin from drugstore is considered trustworthy. On what basis should the purchaser draw such a conclusion? GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 05 – Part 1- Rev 20091006
Image of page 4
5 Trust: Example 1 A System Administrator (SA) installs a patch 1. The SA trusts that the patch came from the supplier and not some rogue entitity, and that the patch was not tampered with in transit 2. The SA trusts that the vendor tested patch thoroughly 3. The SA trusts that the vendor’s test environment corresponds to local environment where the SA is planning to deploy the patch 4. The SA trusts that the patch is installed correctly with the tools that the SA has to perform such installation GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 05 – Part 1- Rev 20091006
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
6 Trust: Example 2 Aspirin from drugstore is considered trustworthy. The basis of the purchaser’s trust in this product is a consequence of: Testing and certification by the US Federal Drug A Administration. The suppliers Conformance to Manufacturing standards of the manufacturing company and regulatory mechanisms that ensure such conformance The Safety seal on the bottle. GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 05 – Part 1- Rev 20091006
Image of page 6
7 Trust: Example 3 Formal Verification Method: This method gives a mathematical proof that given input i , program P produces output o as specified Suppose a security-related program S has been formally verified to work with operating system O What are the assumptions that are made in this context?
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern