Page 88 - DCAP516_COMPUTER

Page 88 - DCAP516_COMPUTER_SECURITY

P. 88

Computer Security

Notes The Trusted Computing Base (TCB)

The trusted computing base is the name given to the part of the operating system used to enforce
security policy. Naturally, this must include the security kernel. Functions of the TCB include
the following:
1. hardware management, including processors, memory, registers, and I/O devices,
2. process management, including process scheduling,
3. interrupt handling, including management of the clocks and timing functions, and

4. management of primitive low-level I/O operations.
Virtualization is one of the more important tools of a trusted operating system. By this term we
mean that the operating system emulates a collection of the computer system’s sensitive resources.
Obviously virtualized objects must be supported by real objects, but the idea is that these real
objects can be managed via the virtual objects.

As an example of a virtualized object, consider a shared printer. The printer is a real object to
which it is possible to print directly. Simultaneous execution of several programs, each with
direct access to the printer would yield an output with the results of each program intermixed –
a big mess. In fact the printer is virtualized and replaced by the print spooler, which is the only
process allowed to print directly to the printer. Each process accessing the virtualized printer is
really accessing the print spooler, which writes the data to a disk file associated with the process.
When the process is finished with the printer, the spooler closes the file, and queues it up for
being printed on the real printer.
A virtual machine is a collection of hardware facilities, each of which could be real or simulated
in software. One common feature is virtual memory, in which each process appears to have
access to all of the memory of the computer, with the possible exception of memory allocated to
the operating system.

Task What do you mean by TCB? What are its functions?

7.7 Assurance in Operating Systems

Assurance in a an operating system refers to an estimate of the likelihood that a system will not
fail in some particular way” For an operating system designed to be secure, assurance is the
mechanism for convincing others that the security model is correct, as are the design and
implementation of the OS. How does one gain confidence that an operating system should be
trusted? One way is by gaining confidence that a number of the more obvious security
vulnerabilities have been addressed in the design of the system.

Input/Output processing represents one of the larger vulnerabilities in operating systems. There
are a number of reasons for the vulnerability of this processing, including:
1. the fact that I/O processing is interrupt driven, and

2. the fact that I/O processing is often performed by independent hardware systems, and
3. the complexity of the I/O code itself, and
4. the desire to have the I/O process bypass the security monitors as an efficiency issue.

Methods for gaining assurance include testing by the creator of the software, formal testing by
a unit that is independent of the software development process, formal verification (when

82 LOVELY PROFESSIONAL UNIVERSITY

83 84 85 86 87 88 89 90 91 92 93