Security is a negative goal, and an attacker can break the system by many ways like permissions, disk locks, reuse memory, backup, steal disk, attackers grades.txt. The goals of Policy goals of an organization are Information Security and Liveness, which are as follows:
Information security goals include: Privacy- Limit who can read the data & Integrity: limit who can write the data.
Liveness Goals are: Availability- which is to ensure services are operational.
Operating system Security (OS Security) is the process of ensuring OS integrity, confidentiality, and availability. OS security refers to specific steps used to protect the OS from threat, viruses, malware or remote hacker intrusions.
Risk model of assumption: Threat modeling is a process by which potential risk can be identified, enumerated and prioritized from a possible attackers point of view. An adversary can be inside the organization or can be outside the organization. The adversary can be a hardware vendor, software vendor, administrator, employee or competitor, enemy state etc someone outside the network.
The threat model in this case are:
- Adversary control some computers or network.
- Adversary controls some software on computers.
- The adversary is privy to some information such as password or keys.
- Social engineering attacks.
- Adversary trying to hack or attack the network or system from outside.
Guard model of Security:
Typically in a client-server architecture, we would have some resource (data) on a server which would be accessed by the client. In guard model, the server would consult a guard for all access control decision. Hence this model follows complete mediation as the only way to access the resources which are via the guard.
The design of the guard model is on two basic principles which are Authentication and Authorisation, and this simplifies security.
The model works on following principles.
1. Complete mediation: All resources are accessed only via the guard.
2. Policy and Mechanism: High level concise and clear policy and well lined up security mechanism.
3. The interaction between layers and components.
4. Taking into cognizance social engineering and phishing attacks.
The challenges with model are:
1. Complete mediation is challenging: Backdoor access also needs to checked.
2. Software bugs in mediation.
3. The disparity between Policy and Mechanism.
4. Difficulty in enforcing policy and getting the desired outcome.
The Guard model does not provide full prove solution to all security challenges, another option we have is the separation of privilege. We can split the system into modules and give each module the least privilege to do its job.
1. Use multiple physical machines. Separate machines for database and websites.
2. Use of virtual machine to split.
3. Application to be split in components.
Challenges in the Privilege separation
1. The need for modules to share.
2. Performance.
3. The configuration of privileges.
4. Reduce trusted software.
Trust computing base (TCB)
TCB is the set of hardware, firmware or software components, which are critical to its security systems. The bugs or vulnerability might affect the security property of the entire system. The principle is that all software that must be trusted to achieve security. The another theory is that less software would lead to fewer bugs and this would eventually lead to fewer exploits.
Challenges in TCB:
1. Undermining of privilege separation.
2. New and undiscovered class of bugs.
3. Many bugs.
We also face security challenges due to Program, Compilers, and codes. We would need to take measures like disabling certain optimization, use bugs finding tools, look out for undefined behavior.
