- Security of computing systems is vital and increasingly important
- OS security is particularly critical because:
- Everything runs on top of the OS
- OS has control over all hardware resources
- OS is large and complex, increasing likelihood of flaws
- OS must support multiple concurrent processes
- Essentially everything the OS controls, including:
- Process memory
- Files and storage
- CPU scheduling
- Network communication
- Peripheral devices
- System calls and OS services
- Confidentiality - Keep sensitive information hidden
- Integrity - Prevent unauthorized changes to data/systems
- Availability - Ensure authorized access to resources
- Specific rules to achieve security goals
- OS provides mechanisms to implement flexible policies
- Policies must be carefully designed and applied
- Economy of mechanism - Keep systems simple
- Fail-safe defaults - Default to secure settings
- Complete mediation - Check every access
- Open design - Assume attacker knows system details
- Separation of privilege - Require multiple credentials
- Least privilege - Grant minimal necessary permissions
- Least common mechanism - Separate mechanisms when possible
- Acceptability - Make security usable
- Process isolation and virtual memory
- Controlled hardware access
- System call checks
- Access control on OS services
- OS security is critical but challenging
- Goals focus on confidentiality, integrity, availability
- Mechanisms enable flexible security policies
- Good design principles help create more secure systems