© 2014 IJIRT | Volume 1 Issue 5 | ISSN : 2349-6002

Operating Systems Security – A Review

Ipsita Vashista, Harsha Suri, Disha Papneja
Dronacharya College of Engineering

process (or task) and TCB (Task Control Block), virtual

Abstract—Operating System is the core piece of software memory space, file, port, and IPC (Inter Process
which runs on all information systems, such as network Communication), etc. [11].
devices (routers, firewalls, etc.), Web servers, customer The access decisions of most of the commercial operating
desktops, PDAs, and so on. And the security of operating
systems (MS Windows, UNIX, etc.) is based on user identity
systems is one of the fundamental concerns in the security of
cyberspace and e-commerce. Issues of operating system and ownership. The role of the user, trustworthiness of the
security occupy a central role in applied computer science; programs, sensitivity or integrity of data, and other such
yet there has been no satisfactory complete solution to the security relevant criteria are not considered. It is not possible
problem of computer security. Many known vulnerabilities to control data flows or enforce a system wide security policy
discovered so far are rooted from the bugs or deficiency in as long as users or applications have complete discretion over
operating systems. objects. Due to such weakness it is very easy to break in the
This paper is a review on the security and lack of it in the most security of a system once an application has been
commercial operating systems like UNIX and Microsoft compromised. Some examples of potential exploits from a
Windows, and its effect to the overall security of Web based
applications and services.
compromised application are [5]:
 Use of unprotected system resources illegitimately.
Index Terms— System Security, Mandatory Security, For example, a worm program launches attack via
Security Perimeter, SE-Linux, RBAC. emails to all targets in the address book of a user after
it gets control in a user account.
I. INTRODUCTION  Subversion of application enforced protection through
Also known as operating system, kernel is the core piece of the control of underneath system. For example, to
software every modern computer system from network deface a Web site by gaining the control of the Web
servers, workstation desktops, to laptops and hand held server of the site, say changing a virtual directory in
devices. It is executed on top of a bare machine of hardware Microsoft IIS.
that allocates the basic resources of the system (CPU,  Gain direct access to protected system resources by
memory, device driver, communication port, etc.), and misusing privileges. For example, a compromised
supervises the execution of all applications within the “send mail” program running as root on a standard
system. Microsoft Windows, different flavors of UNIX Unix OS will result in super user privileges for the
(BSD, AIX, HP-UX, Solaris, etc.), Mac OS, and Linux are attacker and uncontrolled accesses to all system
some of the popular commercial and Open Source operating resources.
systems.  Furnish of bogus security decision-making
Operating systems have a critical role in the operation of information. For example, spoof of a file handle of
any computer systems. The security (or the lack of it) of an Sun’s NFS may easily give remote attackers gaining
operating system has fundamental effects on the overall access to files on the remote file server.
security of a computer system (including the security of all Protection against malicious code of an application using
the applications and softwares running on that system). Any existing mechanisms of most commercial operating systems
compromises in the security of an operating system will put is not possible since a program running under the name of a
any application running on the system in danger. Lack of specific user receives all of the privileges associated with
proper control and containment of execution of individual that user.
applications in an operating system may lead to attack or III. MODEL OF SECURITY
break-in from one application to other applications [11].
In an access control based security model, there are two
II. SECURITY OF OPERATING SYSTEMS sets-a set of objects and a set of subjects, which can itself be
an object. Each object and subject has a corresponding
Concurrent execution of multiple applications in a single
security attribute or label or clearance, and a defined set of
physical computing hardware (which may have multiple
control rule or security policy. This determines which
processing units) is provided by most of the modern
subject is authorized to access which object. For example,
computer systems. In these multitasking and time sharing
in military security model [7], a security label consists of
environments, individual applications share the same system
two components: a security level with one of the four
resources, e.g. CPU, disk, memory, etc. under the operating
ratings: unclassified, confidential, secret, and top secret,
system’s control. In order to protect the execution of
where unclassified < confidential < secret < top secret, and
individual application jobs from possible interference and
“<” means “less sensitive than”; a set of zero or more
attack of other jobs, most contemporary operating systems
categories (also known as compartments) that describe
implement some abstract property of containment, such as
kinds of information, for instance, the names CRYPTO,
IJIRT 100350 INTERNATONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY 1167
 © 2014 IJIRT | Volume 1 Issue 5 | ISSN : 2349-6002
NUCLEAR might mean information about cryptographic actually behave as it claims to be and meet the security
algorithms, and nuclear related technology. Given two requirements [11].
security labels, (X, S1) and (Y, S2), (X, S1) is defined as
V. A CASE STUDY OF SE-LINUX
being “at least as sensitive as” (Y, S2) iff X • Y and S2
S1. For example, (TOP SECRET, {CRYPTO, In this section, NSA’s SE-Linux is discussed as a case study
NUCLEAR}) > (SECRET, {CRYPTO}) where “>” means of the recent efforts in the development of secure operating
“more sensitive than”. In general, security labels are systems [6].
partially ordered. That is, it is possible for two labels to be
incomparable, in the sense that neither is more sensitive BACKGROUND
than the other. For example, neither of the following is National Security Agency (NSA) which is the ultimate
comparable to each other: (TOP SECRET, {CRYPTO}) gatekeeper of information security and assurance within
(SECRET, {NUCLEAR}). A more generalized hierarchy USA, has been involved in determining security
of security classes (or levels) with a mathematical basis criteria/requirements for information systems. The
was presented by Bell and La Padula in 1973 [8]. development of SE-Linux is indeed the results of several
The National Computer Security Center (NCSC), later previous projects of NSA, especially the dtos and flask [3,
4].
DOD (Department of Defense) published an official
An important attribute of SE-Linux release is that it follows
standard called “Trusted Computer System Evaluation
the same Open Source Initiative as that of the Linux. All
Criteria” [1], universally known as “the Orange Book” to documentation and source code of SE-Linux are publicly
direct computer security safeguards to defend classified available at NSA Web site [6] under the same terms and
information in remote access, remote sharing computer conditions of Linux. This is in hope to reach a wide
systems. The Orange Book defines fundamental security audience and to encourage further efforts and research of
requirements for computer systems and specifies a series secure operating systems.
of criteria for various levels of security ratings of a
computer system based on its system design and security ARCHITECTURE
feature [11].
IV. REQUIREMENTS OF SECURE OPERATING SYSTEMS The SE-Linux is an adoption of the Flask security
architecture in Linux operating system. The integration of
In most operating systems, either all of the privileges are the security architecture with Linux is accomplished in a
granted, or none of the privileges are granted. This is the way that a new kernel module, called the Security Server
one shot approach of access control and is due to the lack (SS) that implements the security policy decision logic, is
of built-in mechanisms for the implementation of security added into a non-security- enhanced Linux (hereafter as
policies. The perception that the users and the programs ordinary Linux) that is patched with LSM (Linux Security
that they work upon are the good guys could be very Module) [11-13] for maintaining security attributes in
dangerous. They can no longer be deemed safe with kernel data structures and for the mechanism of security
internet connectivity. The information needs to be control enforcement. Security contexts are not directly
restricted within a “security perimeter” with strict rules bound to objects in the system. Instead, each object that
enforced by the system about who is permitted access to requires a security label is assigned with a security identifier
specific resources [11]. Also information should not be (SID) that is mapped to a security context. This mapping is
allowed to move from a more secure environment to a less maintained by SS at run time.
secure one.
Some of the basic requirements of an operating system are An identity is given to every subject (process) of the
mandatory security, support of diverse security policies system. This comes from a user when the user logs on to
and assurance. the system (this identity is orthogonal to Linux UID, and
 Mandatory security – It is a built-in mechanism or will remain unchanged even after a process changes its
logic within the operating system (often called UID). A set of roles can be defined in security policies for
system security module or system security individual users that may be entered by processes with the
administrator) that implements and tightly controls given user’s identity. Each role is specified by a security
the definition and assignment of security attributes policy for allowable actions whenever a subject assumes the
and their actions (security policies) for every role (role-based access control RBAC). However, different
operation or function provided by the system [11]. from the typical RBAC in which permissions are directly
 Support of diverse security policies – A traditional granted to roles, type enforcement (TE) is used with roles
mac mechanisms (such as the multi-level security – for fine- grained access controls in SE-Linux.
mls [8]) usually base its security decisions strictly on
security clearances for subjects and security labels Security policies are specified in text-based policy
for object, and are normally too restricted to serve as configuration files using a simple language developed for
a general security solution [11]. SS. The policy configuration for a specific installation of
 Assurance – A process or methodology to verify the SE-Linux is checked and compiled into binary and loaded at
design and implementation of the system that should boot time into SS (if allowed by the policy, it may also be
reloaded at runtime)[11].

IJIRT 100350 INTERNATONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY 1168

 © 2014 IJIRT | Volume 1 Issue 5 | ISSN : 2349-6002
VI. CONCLUSION
With the ever growing security alerts, a better way to
address the root causes of vulnerabilities in the operating
systems should be explored. The methods discussed in this
article – executing applications from a strongly guarded,
secure operating system – can provide a frontier in battling
with many of existing cyber-space threats of the real world

Although, not all the dangers of current cyber space may

be eradicated and the security of individual applications
may still suffer from the vulnerabilities of their own with
these techniques, with a secure operating system, the
damages and the impacts among various applications can
be controlled.

REFERENCES
[1] DOD 5200.28-STD, “DOD Trusted Computer System
Evaluation Criteria” (Orange Book), 26 December
1985,
[Link]
[Link]..
[2] DOD 5200.28-STD, “DOD Trusted Computer System
Evaluation Criteria” (Orange Book), 26 December
1985,
[Link]
[Link]..
[3] “Flask: Flux Advanced security Kernel”,
[Link]
[4] DTOS Technical Reports,
[Link]
[Link].
[5] Chris Dalton and Tse Huong Choo, “An Operating
System Approach to Securing E-Services”,
Communications of the ACM, V. 44, No. 2, p. 58,
2001.
[6] Charlie Kaufman, Radia Perlman, and Mike
Speciner, “Network Security: Private Communication
in a Public World”, PTR Prentice Hall, Englewood
Cliffs, New Jersey, 1995.
[7] D.E. Bell and L. J. La Padula, “Secure Computer
Systems: Mathematical Foundations and Model”,
Technical Report M74-244, The MITRE Corporation,
Bedford, MA, May 1973.
[8] Ames, Stanley R., Jr., and J.G. Keeton-Williams,
“Demonstrating security for trusted applications on a
security kernel base”, IEEE Comp. Soc. Proc. 1980
Symp. Security and Privacy, April 1980.
[9] Stephen Smalley and Timothy Fraser, “A Security
Policy Configuration for the Security-Enhanced
Linux”, [Link]
[10] H. Chen, P. Belhumeur, and D. Jacobs. In search of
illumination invariants. In IEEE Conf. on Comp.
Vision and Patt. Recog., pages 254–261, 2000 Linux
Security Modules: General Security Hooks for Linux,
[Link]
[Link].
[11] Global Information Assurance Certification Paper,
SANS University

IJIRT 100350 INTERNATONAL JOURNAL OF INNOVATIVE RESEARCH IN TECHNOLOGY 1169