Lecture 14 - b. Temporal separation separation by time...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Class Notes: October 28, 2008 Covert channels Storage channels Timing channels Identifying potential covert channels Very difficult a. Shared resource matrix a. Designed to tell you all possible routes for information to flow throughout your system. b. Develop a matrix of resources (in rows) and processes (in columns) b. Information Method a. Is really just a flow analysis from a program syntax (can be automated within a compiler) A:=B B A C:=A A C, - B->C F(x), x f Steganography: hide information within a picture Read Chapter 3.5 Operating System Security
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Protection in a general purpose operating system What can operating systems protect, and what methods are available for this protection? What do we need to protect? 1. User programs (from each other) 2. Objects a. Memory b. Shareable I/O Devices c. Shareable programs and sub-procedures d. Networks e. Shareable data Security Methods of an Operating System 1. Separation a. Physical separation – separation by physical location
Background image of page 2
Background image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: b. Temporal separation separation by time (things run at different times) c. Logical separation No logical connection between the two d. Cryptographic separation (the complexity of a-d increases with the letters descending, also the security decreases as from a-b and b-c) But we also need sharing , otherwise what is the point of having an operating system. Options: 1. Do nothing 2. Isolate processes that are unaware of each other 3. Share all 4. Share nothing 5. Share via access limitations (checks allowability of each access based on each object) 6. Share by capabilities (allows dynamic creation of access rights) 7. Limit the use of an object (monitors the usage after access is given to make sure that you arent doing anything bad). The difficulty to implement increases from 1-7, the fineness of the protection also increases from 1-7....
View Full Document

This note was uploaded on 04/20/2010 for the course CECS 478 taught by Professor Englert during the Spring '10 term at CSU Long Beach.

Page1 / 3

Lecture 14 - b. Temporal separation separation by time...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online