Clark Atlanta University

Information Assurance Design

CIS 473: Introduction to Operating Systems

Overview:

Description

Objective

Goals/Outcome

Outline

Suggested Assignments

References

Suggested Time: 3-4 class periods

Course Length: 3 Hours

Pre-Requisite : CIS 301

Target Audience

Levels	Disciplines
Levels	CS	CIS
Undergraduate	x	x
Graduate

Description:

The information assurance module for this course focuses on concepts of information assurance dealing with operating systems. It introduces IA concepts related to secure operating systems and discusses protected objects, access control, separation in OS, memory and file protection, as well as vulnerabilities and attacks that are commonly associated with operating systems.

Goals/Outcome:

The students will be able to:

Identify IA concepts relating to operating systems.

Identify several security vulnerabilities and the types of attacks that operating systems are susceptible to.

Discuss attacks that are target operating systems

Identify methods for protect operating systems from intruders.

Objective(s):

The primary purpose of this course is to:

·        Provide an understanding of information design principles related to computer organization.

·        Identify general objects controlled by the operating system and discuss methods of their protection.

·        Identify vulnerabilities associated with operating system design.

·        To describe different types of attacks targeted at Operating Systems.

·        Identify the importance of separation in the protection of operating systems.

·        Identify methods of defense for computer systems.

Outline:

Introduction to IA Concepts related to Operating Systems

Ø      Privilege

Ø      Integrity

Ø      Trusted System

Ø      Secure Operating System/subsystem

§         Protected Objects

Ø      Memory

Ø      Sharable I/O Devices

Ø      Serially reusable I/O Devices

Ø      Sharable Programs and Sub-procedures

Ø      Networks

Ø      Sharable Data

·        Levels of Protection in Operating Systems

Ø      Do not Protect

Ø      Isolate

Ø      Share all of nothing

Ø      Share access via limitation

o       Classification levels

o       Control of Access to General Objects

Vulnerabilities related to Operating System

Ø      Incomplete Parameter Checking

Possible Attacks on Operating Systems:

Ø      Bomb

Ø      Trojan Horse-Rootkit

Ø      Exploitation

Ø      Pseudo-Flaw

Ø      Negative Acknowledgement Attack

Separation in Operating Systems

Ø      Physical Separation

Ø      Temporal Separation

Ø      Logical Separation

Ø      Cryptographic Separation

Memory and Address Protection

Fence

Relocation

Base/Bounds Registers

Tagged Architecture

Segmentation

Paging

Combined Paging and Segmentation

·        File Protection Mechanisms

·        Trusted OS

Ø      Design Elements

Ø      Security Features

Ø      Assurance in Trusted Operating Systems

Other Methods of Defense

Ø      Host-Based Security

Ø      Operation System Controls

Ø      Reference Monitor

Suggested Assignments:

·        Alfred insurance needs a security policy in order to protect their organization’s computers from attack. Research security policies and develop one for Alfred Insurance that adequately protects the resources of their computers.

·        Write a paper discussing the meaning of separation in operating systems and discuss its importance. Be sure to include mechanisms for ensuring separation in operating systems.

References:

·        Pleegar, Charles P. and Shari Lawrence. Security in Computing. Upper Saddle River, NJ : Prentice Hall, 2003

·        “Principles of Survivability and Information Assurance.” CERT Coordination Center. March, 2005 <http://www.cert.org/info_assurance/principles.html#p1>