OS Protection &

Security
• Computer security, often referred to as cybersecurity, is the
practice of protecting computer systems, networks, and data
from unauthorized access, attacks, or damage. Below are the
key concepts that form the foundation of computer security:
The core objectives of computer security are often summarized by the CIA
triad:
• Confidentiality: Ensuring that sensitive information is accessible only to
those who are authorized.
• Techniques include encryption, access controls, and secure authentication.
• Integrity: Protecting data from unauthorized modification or corruption.
• Methods like checksums, hash functions, and digital signatures help verify integrity.
• Availability: Ensuring that systems and data are accessible to authorized
users when needed.
• This involves mitigating risks like denial-of-service (DoS) attacks and ensuring
redundancy and backups.
• Authentication: Verifying the identity of a user or system
e.g., using passwords, biometrics, or tokens).
• Authorization: Granting access to resources based on permissions.
• Accountability: Ensuring that actions within a system can be traced to
an individual or process (via logging and auditing).
Threats and Vulnerabilities
• Threats: Potential causes of harm to systems or data, such as
malware, phishing attacks, or insider threats.
• Vulnerabilities: Weaknesses in a system that can be exploited by
threats, like software bugs, misconfigurations, or unpatched systems
Types of Security Controls
• Preventive Controls: Designed to stop threats before they occur (e.g.,
firewalls, antivirus software).
• Detective Controls: Identify and alert on ongoing or past security
events (e.g., intrusion detection systems).
• Corrective Controls: Restore systems to normal operation after a
security incident (e.g., backups and disaster recovery).
Security Domains
• Physical Security: Protecting hardware and facilities from physical
threats like theft or natural disasters.
• Network Security: Securing data during transmission, often through
firewalls, VPNs, and intrusion detection systems.
• Application Security: Ensuring software is free of vulnerabilities
through secure development practices and regular updates.
• Endpoint Security: Protecting individual devices like laptops, phones,
and servers from malware and unauthorized access.
Key Security Principles
• Least Privilege: Users and systems should only have the minimum
permissions necessary to perform their functions.
• Defense in Depth: Implementing multiple layers of security to reduce
risk.
• Security by Design: Building systems with security considerations
from the outset.
• Zero Trust: Assumes no user or device is inherently trusted, even
within the network perimeter
Cryptography plays a central role in computer security, involving
techniques like:
• Encryption: Securing data in transit or storage so unauthorized parties
cannot read it.
• Digital Signatures: Verifying authenticity and integrity.
• Public Key Infrastructure (PKI): Managing digital certificates and
public/private key pairs.
Security Policies and Compliance
• Policies: Set of rules and practices for securing data and systems (e.g.,
password policies, incident response plans).
• Compliance: Adhering to laws and standards like GDPR, HIPAA, or PCI
DSS
Risk Management
• Understanding, assessing, and mitigating risks are vital. The process
includes:
• Identifying risks.
• Analyzing their impact and likelihood.
• Implementing measures to reduce risks.
Incident Response
• A structured approach to handling security breaches, often involving:
• Detection.
• Containment.
• Eradication.
• Recovery.
• Post-incident review.
Basic Requirements for Trusted Operating Systems

• A trusted operating system (TOS) is designed to enforce security

policies, protect sensitive information, and ensure the integrity and
confidentiality of the system.
The basic requirements for trusted operating
systems include
• Security Policy Enforcement
• Enforce a formal security policy to control access to resources.
• Policies include discretionary access control (DAC), mandatory access control
(MAC), or a combination of both.
• Identification and Authentication (I&A)
• Ensure that only authorized users or processes can access the system by
verifying their identity using mechanisms like passwords, biometrics, or tokens.
• Access Control
• Restrict access to resources based on the security policies.
• Discretionary Access Control (DAC): Owners define access permissions.
• Mandatory Access Control (MAC): Access is based on system-enforced rules
(e.g., sensitivity labels like "confidential" or "top secret").
• Accountability (Auditing and Logging)
• Maintain an audit trail of security-relevant events to ensure accountability.
• Logs must record user activities, access attempts, and policy violations.
• Object Reuse Protection
• Ensure that storage objects (e.g., memory, disk space) are cleared of sensitive
data before being reallocated to a new user or process.
• Data Confidentiality and Integrity
• Prevent unauthorized access to sensitive data (confidentiality).
• Protect against unauthorized modifications to ensure data accuracy
(integrity).
• Trusted Path
• Provide a secure communication channel between users and the operating
system to prevent interception or impersonation by malicious entities.
• System Integrity
• Ensure that the system operates as intended by protecting against
unauthorized modifications to system components such as kernel, firmware,
or system files.
• Separation of Domains
• Isolate processes and data to prevent one domain (e.g., a user or
application) from affecting others.
• Reliability
• Ensure the operating system is dependable and performs security-critical
functions without failure.
Independent Evaluation of Trusted Operating
Systems

• The evaluation of trusted operating systems is conducted through

standardized frameworks to determine the system's ability to meet
security requirements.
Evaluation Criteria

• Common Criteria (CC):

• An internationally recognized standard (ISO/IEC 15408) for evaluating the
security of IT products.
• Provides a framework for specifying and evaluating security requirements.
• Key Components of Common Criteria:
• Protection Profiles (PPs): Define security requirements for specific categories
of products (e.g., firewalls, operating systems).
• Security Targets (STs): Specific security requirements and objectives for the
product under evaluation.
• Evaluation Assurance Levels (EALs):
• Range from EAL1 (functionally tested) to EAL7 (formally verified design and tested).
• Higher levels indicate greater confidence in the system's security.
• Trusted Computer System Evaluation Criteria (TCSEC):
• Known as the Orange Book, it was an early standard for evaluating trusted
operating systems.
• Defined security levels (e.g., D, C, B, A) based on features like discretionary
access control, mandatory access control, and assurance.
• ITSEC (Information Technology Security Evaluation Criteria):
• A precursor to the Common Criteria, focusing on both functionality and
assurance.
• Used in Europe before Common Criteria became the standard.
Evaluation Process
• Pre-Evaluation Phase:
• The vendor submits the system along with documentation describing its security features
and how they comply with evaluation criteria.
• Includes architectural designs, specifications, and security policies.
• Security Target (ST) Analysis:
• Evaluators review the ST to ensure it aligns with Protection Profiles and defines the
product’s security objectives.
• Testing and Validation:
• Evaluators test the operating system to verify that it implements the specified security
features correctly and effectively.
• Includes functional testing (does it meet its requirements?) and penetration testing (is it
resistant to attacks?).
• Vulnerability Assessment:
• Evaluators analyze the system for vulnerabilities, including those caused by design flaws or
implementation errors.
• Assurance Activities:
• Evaluators assess the development process, configuration management, and testing
practices used by the vendor.
• Formal methods may be applied for higher assurance levels (e.g., mathematical proofs of
security properties).
• Certification and Reporting:
• If the system meets the specified criteria, it is certified at a specific EAL or equivalent
level.
• A detailed evaluation report is issued, highlighting the system's strengths and limitations.
• Post-Evaluation Activities:
• Maintenance activities ensure that changes to the system (e.g., patches, updates) do not
compromise its security certification.
• Trusted operating systems aim to meet stringent security
requirements, focusing on access control, accountability, data
protection, and system integrity.
• Independent evaluations, based on frameworks like the Common
Criteria, provide a systematic and transparent process for verifying
the security of these systems, ensuring that they meet the necessary
standards for use in sensitive environments.