Recommended security Improvements for operating systems to ensure better security and compliance
Computer system resources include CPU, memory, disk, software programs, and data/information stored in the computer system. The operating system’s processes (the process is a program in execution) and kernel do the designated task as instructed. A user’s program can make these processes do different jobs. These processes utilize the resources to perform their functions. If these tasks are malicious, then they become a threat to the system. The proper and secure operating system is necessary to avoid the compromise of an application or a program. The main goal of the operating system security is to provide an environment for applications to operate in a way that keeps all user data and private information secure or secret (Wood, n.d). Operating system security is built upon the notions of protection and trust.
Trust and protection must be fulfilled for a system to be considered secure. For example, if the trusted portion of the system is comprised, then protection mechanisms could be bypassed and vice versa. For individual objects within the system to be guaranteed, components in the system must be trusted.
Some basic requirements of secure operation systems
Protection and trust are vital concepts in OS security functions. The OS addresses several tasks that involve computer security. Pfleeger et al. (2015) have outlined some of these functions, including the protection of critical operating system data. The operating system is charged with maintaining data. This is done through the enforcement of security. This enforcement will only be effective if there is the protection of data from unauthorized (read, write/modify, delete) access. This protection could be done through encryption, isolation, and hardware control (Pfleeger et al. (2015).
Mandatory security and access control
Allocation and access control to general objects is essential for security purposes. Users need universal access to objects, but this access has to be controlled to avoid negatively impacting other users. This protection can be provided through table lookup (Yang, 2003). The operating systems usually perform access control to various objects like files. The operating system could be the only one to access primitive objects such as files, execute control over them, and creates and terminates programs that represent subjects or users. Some hardware might support the OS to fully implement fine-grained or firm access control (Pfleeger et al., 2018). The OS must maintain all file directories, under commands from the file owners. The OS can assist the owner of a file in revoking the access right it has previously granted to another user.
Historically, OS has used discretionary access control. Still, today systems that have and want to maintain more robust security and protection will need to move from the discretionary control approach to the concept of mandatory access control (MAC). With MAC, information is restricted within a specific secure area. This move enables the system to enforce strict rules about who is permitted to access particular resources (Yang, 2003). This restriction prevents the exfiltration or movement of information from a more secure environment to a less secure one. Mandatory access control is also done for processes, a practice where the operating system restricts or constrains processes from performing specific operations on other system’s objects and processes (Wood, n.d). The policy sets for access control were delegated to the operating system designers and not modifiable by the users.
MAC serves the purpose of security and compliance. It can raise the security level of the operating systems to the next class. According to Yang (2003), to increase the security level of an operating system to the next class, like class B, MAC will have to meet specific requirements. A typical MAC architecture has to enforce security policy over all subjects and objects such as users, processes, memory, files, devices, ports, etc.(Yang, 2003).
MAC offers robust separation (or containment) of applications that allow the safe execution of untrustworthy applications and permits critical processing pipelines (trusted path) to be established and guaranteed (Yang, 2003). Therefore, it offers crucial support for application security by protecting against the tampering and bypassing of secured applications. The benefits derived from MAC would never be possible with the existing DAC operating system (Yang, 2003)
It necessary for the operating system to identify each individual who requests access and make sure that the user is who they claim to be.
Audit logs are another OS function related to access control. They provide the record of which subject access which object at what time and in what way. They are more of a reactive tool than a preventive one. But, its analysis can help guide future incidents.
Virtualization is another OS security method. It provides the appearance of one set of resources by using several resources (Pfleeger et al., 2015, p. 293). Virtualization could be done by either presenting the X set of users with X data and Y set of users with Y data. In another approach, resources are provided only when needed. This limit access to resources. For example, X user sees only X resources on the virtual machine and has no idea that Y resources exist on that same machine.
Media device interposition
This is an approach where the OS applies a protection barrier around media devices connected to the system. This protection diminishes the ability of the malicious code on such devices to cause any harm to the system (Wood, n.d).
Furthermore, the OS can employ the abstract property of containment to secure its multitasking ( such as time-sharing environment, individual application jobs share the same resources of the system, e.g., CPU, memory, disk, and I/O devices). In this approach, an application can only control the resources allocated to it and operations that it can perform.
Assurance is another requirement.
Yang (2003) describes this as a process or methodology used to verify that the system’s design and implementation behave as it claims to be and meet the security requirements.
Support for various security policies is another requirement.
This is based on the pretext that the traditional MAC is too restrictive (Yang, 2003). There is the need for a secure architecture that is flexible enough to support different security policies such as separation of security policy logic from the mechanism of policy enforcement. Also, support for policy definition and policy changes with precise policy interfaces and formats supports the system’s default security performance to maintain system security without requiring detailed system configuration (Yang, 2003).
Then there is a Trusted path.
Yang (2003) describes this as a mechanism by which a trustworthy relationship is established among users and application software. This relationship enables a user or application to interact with a trusted application, which can only be triggered by either the user or trusted application (Yang, 2003) directly.
Conclusively, mandatory security, trusted path, support of different security policies, and assurance are some requirements to be met for a secure operating system.
Pfleeger, C. P., & Pfleeger, S. L., Margulies, J. (2015). Security in computing. Pearson Education, Inc.
Wood, C.A.(n.d). Secure Operating Systems. Rochester Institute of Technology. Retrieved from http://people.cs.ksu.edu/~danielwang/Investigation/System_Security/SecureOS.pdf
Yang, C. Q. (2003). Operating System Security and Secure Operating Systems. SANS Institute. Retrieved from https://www.giac.org/paper/gsec/2776/operating-system-security-secure-operating-systems/104723