Designing a Secure Operating System

Operating System Security: Designing a Secure Operating System

• An operating system (OS) is an interface between a computer user and hardware.
• The OS coordinates functions such as control of memory, CPU access, and storage through the kernel, which interfaces with the BIOS and device drivers.
• Application software, such as Microsoft Office, Firefox, and Skype, communicate with the OS through the Application Programming Interface (API).
• The OS is responsible for processor management, resource management, and security, while the kernel is responsible for process management, task management, memory management, and disk management.
• To build a successful operating system, three major functions must be implemented: resource mechanisms, scheduling (process management), and security.
• A secure operating system provides security mechanisms that ensure the system's security goals are enforced despite the threats faced by the system.
• Security becomes an issue due to the interaction of processes in modern computer systems and the sharing of data among users.
• A threat model defines a set of operations that an attacker may use to compromise a system, and a secure operating system cannot trust processes outside of the Trusted Computing Base (TCB).
• Security goals describe how the system implements access to system resources that satisfy confidentiality, integrity, and availability (CIA).
• The TCB is the software and data upon which the system depends for system security, and it must mediate all security-sensitive operations, be correct, and be protected.
• Identifying and verifying the correctness of the TCB software is a complex task.
• To ensure a secure operating system, it needs to enforce security goals, provide a clearly identified TCB, define a threat model, and ensure protection of the TCB under that model.