Lecture 21 : Trusted Operating System

Lecture # 21 on Monday, April 14th began with a presentation by Gabriel about Non-Malicious Program errors. These are the classic errors that have enabled many recent security breaches. He referred three types of Non-Malicious program errors: Buffer Overflows, Incomplete Mediation & Time-of-Check to Time-of-Use Errors. After mentioning importance of stack, basic ways how buffer can be overflowed were also explained with the help of basic little program. EBP is the address at the beginning of the stack. He explained stack overrun attack with the help of basic algorithm. He concluded the presentation after mentioning some methods to prevent buffer overflow, those are: Non-executable stack, Static Analysis, Dynamic runtime protection, & Use safer versions.
Then, Dr. Gunes gave us an overview of Lecture # 20 during which he talked about trusted operating system design and different security design principles. He highlighted an idea,” after designing a trusted OS how it will complicate the things further”. On one hand he stated an ordinary operating system functions & its security features however on other hand he mentioned a trusted operating system functions and its security features. Further, he mentioned, the kernel is a part of an OS that performs lowest level functions whereas the security kernel is responsible for enforcing security mechanisms for the entire OS. The kernel generally performs 6 functions and those are coverage, separation, unity, modifiability, compactness, and verifiability.
Then, Dr. Gunes moved on to lecture # 21 topics & started with the term reference monitor which is the portion of a security kernel that controls the accesses to objects, in short it acts as a gate keeper. Hardware, processes, primitive files, protected memory & inter-process communication are the system elements on which security enforcement depends. He remarked that a piece of hardware is harder to tamper with, compared to a software. Next, he explained a typical division into TCB & non-TCB sections with the help of a diagram & then he described four basic interactions which TCB monitors & those are: process activation, execution domain switching, memory protection & I/O operation.
Further, he described a combined security kernel/operating system architecture as well as separate security kernel architecture. Physical, temporal, cryptographic & logical are the four ways to separate one process from others. Then, he drew our attention to the concept of virtualization, virtual machine as well as the layered OS design with modules operating in different layers. There are 3 ways to assure that a model, design, & implementations are correct & those are: testing, verification, & validation.
Furthermore, Dr. Gunes moved on to a new chapter & he started with the term security policies. He noted that Military security policy is a hierarchical policy & he emphasized an idea of compartments & sensitivity levels also. He went through classification & clearance concepts. Finally, Dr. Gunes concluded the lecture after describing 4 different security models in brief & those are: Lattice model, Bell-La Padula model, Harrison Ruzzo Ullman model & Take Grant model.