Chapter 13

Operating Systems and Security

UNIX is basically a simple operating system,but you have to be a genius to understand the simplicity.

—Dennis Ritchie

And it is a mark of prudence never to trust whollyin those things which have once deceived us.

—Rene Descartes

13.1 Introduction

In this chapter, we’ll look at some of the security issues related to operating systems (OSs). OSs are large and complex pieces of software. Recall that in Chapter 12 we argued that there are almost certain to be security flaws in any large and complex computer program. But here we are concerned with the security protection provided by the OS, not with the very real threat of bad OS software. That is, we are concerned with the role of the OS as the security enforcer. This is a large topic that ties into many other aspects of security and we’ll just barely scratch the surface.

First, we’ll describe the primary security-related functions of any modern operating system. Then we’ll discuss the notion of a trusted OS, and we’ll conclude with a look at Microsoft’s fairly recent effort to develop a trusted operating system, which goes by the catchy name of the Next Generation Secure Computing Base, or better yet, NGSCB.

13.2 OS Security Functions

An OS must deal with potential security issues whether they arise accidentally or as part of a malicious attack. Modern OSs are designed for multi-user environments and multi-tasking operations. Consequently, an OS must, at a minimum, deal with separation, memory ...

Get Information Security: Principles and Practice, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.