The Security Kernel

The Security Kernel - Computer Security The Security...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
11/07/11 1 Computer Security The Security Kernel-
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
11/07/11 2 The Security Kernel Layers of an IT system Applications Services Operating System OS kernel Hardware
Background image of page 2
11/07/11 3 OS integrity Orange Book Glossary –  DoD Trusted Computing Evaluation Criteria TCSEC Reference monitor An abstract machine that mediates all accesses to object by subjects. Security Kernel Hardware, firmware & software that implement the reference monitor. Trusted computing base (TCB) The protecting mechanisms within a computer system (hardware, firmware & software) that enforce the security policy.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
11/07/11 4 OS integrity Generic security policies    Users should not be able to modify the operating system Users should be able to use ( invoke ) the operating system Users should not be able to misuse the operating system. To achieve these goals two mechanisms are used: status information and controlled invocation ( restricted previlege )
Background image of page 4
11/07/11 5 OS integrity Modes of operation    The OS should be able to distinguish computations on supervisor (system) mode : on behalf of the OS user mode: on behalf of the users . This prevents users from writing directly to memory and corrupting the logical file structure. If a user wants to execute an operation requiring supervisor mode, then the processor has to switch modes this process is called controlled invocation .
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
11/07/11 6 OS integrity C ontrolled invocation Example A user wants to execute an operation requiring supervisory mode, e.g, write to a memory location. To deal with this, the processor has to switch between modes, but this is a problem. Simply changing the status bit to supervisor mode would give the user all privileges associated with this mode, without any control of what the user actually does.
Background image of page 6
11/07/11 7 OS integrity C ontrolled invocation Example –continued Therefore it is desirable that the system only performs a certain predefined set of operations in supervisory mode and then return to user mode before handing back control to the user. We refer to this as controlled invocation
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
11/07/11 8 OS integrity Hardware security features A schematic description of a computer CPU Bus Memory
Background image of page 8
11/07/11 9 Computer architecture The Central Processing Unit The Arithmetic Logic Unit Registers General purpose Dedicated Program counter Stack pointer Status register
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
11/07/11 10 Computer architecture Memory structure Random Access Memory Security concerns: integrity, confidentiality Read-Only Memory Security concerns : confidentiality Erasable & Programmable ROM Security concerns : more sophisticated attacks Write-once ROM Security: good for recording audit trails, storing crypto keys, etc.
Background image of page 10
11/07/11 11 Computer architecture Processes and Threads A process is a program in execution. It consists of: executable code data the execution context. A process works in its own address space and can communicate with
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 49

The Security Kernel - Computer Security The Security...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online