CS283 - Lecture 6 - Part 7 - Additional Topics - Trusted Operating Systems

CS283 - Lecture 6 - Part 7 - Additional Topics - Trusted Operating Systems

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
12/05/09 CS283- 172/Fall06/GWU/Vora/Identity GWU CS 172/283 Autumn 2009 Draws extensively from Memon’s notes, Brooklyn Poly And Pfleeger text, Chapter 5 Lecture 6 - Part 7 - Additional Topics – Trusted Operating Systems
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Need A Policy: description of requirements A Model: policy representation: check if policy can be enforced A Design: implementation of policy Trust: based on features and assurance GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 7 - Rev 20091124
Background image of page 2
3 Design Principles for Secure Systems Two basic themes: Simplicity – KISS Makes design and interactions easy Easy to prove its safety Restriction Minimize the power of entities Utilize compartmentalization Apply Common Sense! GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 7 - Rev 20091124
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Principles of good design 1. least privilege 2. fail-safe defaults 3. economy of mechanism 4. complete mediation 5. open design 6. separation of privilege 7. least common mechanism 8. psychological acceptability GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 7 - Rev 20091124
Background image of page 4
5 Principle of least privilege Entity should be given only those privileges needed to perform a task Function/role should control the rights Temporary elevation of privilege should be relinquished immediately upon task completion Granularity of privileges GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 7 - Rev 20091124
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Principle of fail-safe defaults Unless a subject is given explicit access to an object, it should be denied access to the object. Default access to an object is none If a subject is unable to complete its task before it terminates it should undo the changes made to the state of the system. Restrict privileges at the time of creation GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 7 - Rev 20091124
Background image of page 6
7 Principle of economy of mechanism Security mechanisms should be as simple as possible. This results in fewer errors Testing and verification is easier Assumptions are fewer GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 7 - Rev 20091124
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Principle of complete mediation All accesses to objects should be checked to ensure they are allowed. Improper access attempts should be expected and protected against Security vs. performance issues GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 7 - Rev 20091124
Background image of page 8
9 Principle of open design Security of a mechanism should not depend upon secrecy of its design or implementation Secrecy != security Complexity != security “Security through obscurity” Cryptography and openness For example, AES GWU CS 172/283 - Autumn 2009 Holmblad - Lecture 06 – Part 7 - Rev 20091124
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principle of separation of privilege System should not grant permission based on a single condition Company checks over $75,000 to be signed by two officers. GWU CS 172/283 - Autumn 2009
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This document was uploaded on 12/05/2009.

Page1 / 33

CS283 - Lecture 6 - Part 7 - Additional Topics - Trusted Operating Systems

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online