Module Five

Security perimeter separates tcb from the rest of the

Info iconThis preview shows pages 4–6. Sign up to view the full content.

View Full Document Right Arrow Icon
Security perimeter - separates TCB from the rest of the system n Trusted Path - must exist for user to gain protected access to the TCB Protection Rings n Ring 0 - Most privileged domain is in the middle ring 0, usually the OS Kernel n Security Kernel - is hardware, firmware and software (TCB) that implements the Reference Monitor n Reference Monitor – a system component that enforces access control of an object n Reference Monitor Concept - an abstract machine that mediates all access of subjects to objects n Security Kernel must n Mediate all access n Be protected from modification n Be verified as correct n Access rights decrease as rings increase, according to least privilege
Background image of page 4

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
n Ring system implemented by MIT in MULTICS designed 64 rings, in practice 8 rings were used Other Approaches n Using separate hardware n Using virtual machines on the same machine with different levels of security n Using a software security kernel that has its own hardware protection domain Security Labels n Assigned to a resource to indicate classification level n Usually not changed n Effective access control mechanism n Require additional overhead for verification Security Modes Systems operate in different modes based on the level of classification and clearance of the users n High Mode of Operation all users have a security clearance or authorization to access the information but not necessarily a need-to-know for all the information processed on the system (only some of the data). n Multi Level Operation - Permits two or more classification levels of information to be processed at the same time when all the users do not have the clearance of formal approval to access all the information being processed by the system n Dedicated all users have the clearance or authorization and need-to-know to all data processed within the system. n Compartmented all users have the clearance to access all the information processed by the system, but might not have the need-to-know and formal access approval. n Controlled – type of multilevel security limited level of trust in the systems hardware/software n Limited Access – minimum level of clearance is uncleared (no clearance) and sensitive but unclassified data Additional Considerations n Covert Channel – Unintended communication path between two resources that allows transfer of information in violation of security policy n Lack of Parameter Checking – Failure to check the size of input streams, Can allow Buffer Overflow n Maintenance Hook – (trapdoor) allows maintenance of system bypassing security n Time of Check to Time of Use – attack that exploits the difference in time between time security applied and time that service is used Recovery Procedures n Failure must not compromise the security of the system n If system restart is required it must re-start in safe mode (maintenance mode) n Maintenance Mode - allows access only by privileged users n Fault Tolerance – allows component of system to fail and recover n Fail Safe System
Background image of page 5
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page4 / 10

Security perimeter separates TCB from the rest of the...

This preview shows document pages 4 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online