Paradigmas de Segurança em Sistemas Operacionais
Resumo
A segurança tem se tornado um dos principais focos no desenvolvimento de aplicações em geral. O crescimento do número de incidentes de segurança, entretanto, demonstra que os esforços estão sendo insuficientes para conter o avanço dos hackers. Neste artigo, são apresentados os paradigmas de segurança sobre os quais se baseiam os sistemas operacionais de uso mais comum, e suas falhas, alertando assim para os motivos que tem levado ao crescimento do número de ataques. São apresentados, também, novos paradigmas de segurança analisando os aspectos que impedem uma rápida adoção dos mesmos.
Referências
Baker, D. (1996). Fortresses built upon sand. In Proceedings of the New Security Paradigms Workshop.
Bell, D. E. and Padula, L. J. L. (1973). Secure computer systems: Mathematical foundations and model. Technical report, The MITRE Corporation, Bedford, MA, EUA.
CERT (2003). Cert/cc statistics 1988-2003. Disponível em <http://www.cert.org/stats/>. Acesso em: 16/02/04.
DoD (1985). Trusted Computer Security Evaluation Criteria. Department of Defense. DOD 5200.28-STD.
Feiertag, R. J. and Organick, E. (1971). The multics input-output system. In Proceedings of the Third Symposium on Operation Systems Principles, pages 35-41, New York.
Ferraiolo, D. and Kuhn, R. (1992). Role-based access control. In Poceedings of The 15th National Computer Security Conference.
Ford, B., Hibler, M., Lepreau, J., abd Godmar Back, P. T., and Clawson, S. (1996). Microkernels meet recursive virtual machines. In Proceedings of 2nd USENIX Symposium on Operating Systems Design and Impementation.
Garfinkel, S. and Spafford, G. (1996). Pratical Unix & Internet Security. O'Reilly & Associates, Inc., USA, 2nd edition. 971 p.
Gilburd, Z. (2003). Gentoo x86 selinux installation guide. Disponível em: <http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-install.xml>.
Harrison, M. A., Ruzzo,W. L., and Ullman, J. D. (1976). Protection in operating systems. Commun. ACM, 19(8):461-471.
Jaeger, T., Zhang, X., and Cacheda, F. (2003). Policy management using access control spaces. ACM Trans. Inf. Syst. Secur., 6(3):327-364.
Liedtke, J. (1996). L4 Reference Manual. IBM T. J.Watson Research Center. RC 20549.
Loscocco, P. and Smalley, S. (2001a). Integrating flexible support for security policies into the linux operating system. In Proccedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, Boston Mass.
Loscocco, P. and Smalley, S. (2001b). Meeting critical security objectives with securityenhanced linux. In Proccedings of The 2001 Ottawa Linux Symposium, Ottawa, Ont., Canada.
Loscocco, P. A., Smalley, S. D., Muckelbauer, P. A., Taylor, R. C., Turner, S. J., and Farrel, J. F. (1998). The inevitability of failure: The flawed assumption of security in modern computing environment. In Proceedings of the 21st National Information Systems Security Conference, pages 303-314.
Mazieres, D. and Kaashoek, M. (1997). Secure applications need flexible operating systems. In Proceedings of the 6th Workshop on Hot Topics in Operating Systems.
Nakamura, E. and de Geus, P. L. (2002). Segurança de Redes em ambientes cooperativos. Editora Berkeley, São Paulo, first edition.
Ritchie, D. M. and Thompson, K. (1974). The unix time-sharing system. Commun. ACM, 17(7):365-375.
Secure Computing Corporation (1998). Assurance in the fluke microkernel: Formal security model. Technical report, Secure Computing Corporation. MD A904-97-C-3047 CDRL A003.
Silbertschatz, P. B., Galvin, P. B., and Gagne, G. (2002). Operating System Concepts. John Wiley & Sons, Inc., New York, 6th edition. 887 p.
Swift, M. M., Hopkins, A., Brundrett, P., Van Dyke, C., Garg, P., Chan, S., Goertzel, M., and Jensenworth, G. (2002). Improving the granularity of access control for windows 2000. ACM Trans. Inf. Syst. Secur., 5(4):398-437.
Tanenbaum, A. S. (2003). Computer Networks. Prentiche Hall, New Jersey - USA, 4th edition.
Tanenbaum, A. S. and Woodhull, A. S. (1997). Operating systems: Design and Implementation. Prentice Hall, New Jersey - USA, 2nd edition.
Walker, K. W., Bagder, D. F., Petkac, M. J., Sherman, L., and Oostendorp, K. A. (1996). Confining root programs with domain and type enforcement. In Proceedings of The 6th USENIX Security Symposium, San Jose, California.
Bell, D. E. and Padula, L. J. L. (1973). Secure computer systems: Mathematical foundations and model. Technical report, The MITRE Corporation, Bedford, MA, EUA.
CERT (2003). Cert/cc statistics 1988-2003. Disponível em <http://www.cert.org/stats/>. Acesso em: 16/02/04.
DoD (1985). Trusted Computer Security Evaluation Criteria. Department of Defense. DOD 5200.28-STD.
Feiertag, R. J. and Organick, E. (1971). The multics input-output system. In Proceedings of the Third Symposium on Operation Systems Principles, pages 35-41, New York.
Ferraiolo, D. and Kuhn, R. (1992). Role-based access control. In Poceedings of The 15th National Computer Security Conference.
Ford, B., Hibler, M., Lepreau, J., abd Godmar Back, P. T., and Clawson, S. (1996). Microkernels meet recursive virtual machines. In Proceedings of 2nd USENIX Symposium on Operating Systems Design and Impementation.
Garfinkel, S. and Spafford, G. (1996). Pratical Unix & Internet Security. O'Reilly & Associates, Inc., USA, 2nd edition. 971 p.
Gilburd, Z. (2003). Gentoo x86 selinux installation guide. Disponível em: <http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-install.xml>.
Harrison, M. A., Ruzzo,W. L., and Ullman, J. D. (1976). Protection in operating systems. Commun. ACM, 19(8):461-471.
Jaeger, T., Zhang, X., and Cacheda, F. (2003). Policy management using access control spaces. ACM Trans. Inf. Syst. Secur., 6(3):327-364.
Liedtke, J. (1996). L4 Reference Manual. IBM T. J.Watson Research Center. RC 20549.
Loscocco, P. and Smalley, S. (2001a). Integrating flexible support for security policies into the linux operating system. In Proccedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, Boston Mass.
Loscocco, P. and Smalley, S. (2001b). Meeting critical security objectives with securityenhanced linux. In Proccedings of The 2001 Ottawa Linux Symposium, Ottawa, Ont., Canada.
Loscocco, P. A., Smalley, S. D., Muckelbauer, P. A., Taylor, R. C., Turner, S. J., and Farrel, J. F. (1998). The inevitability of failure: The flawed assumption of security in modern computing environment. In Proceedings of the 21st National Information Systems Security Conference, pages 303-314.
Mazieres, D. and Kaashoek, M. (1997). Secure applications need flexible operating systems. In Proceedings of the 6th Workshop on Hot Topics in Operating Systems.
Nakamura, E. and de Geus, P. L. (2002). Segurança de Redes em ambientes cooperativos. Editora Berkeley, São Paulo, first edition.
Ritchie, D. M. and Thompson, K. (1974). The unix time-sharing system. Commun. ACM, 17(7):365-375.
Secure Computing Corporation (1998). Assurance in the fluke microkernel: Formal security model. Technical report, Secure Computing Corporation. MD A904-97-C-3047 CDRL A003.
Silbertschatz, P. B., Galvin, P. B., and Gagne, G. (2002). Operating System Concepts. John Wiley & Sons, Inc., New York, 6th edition. 887 p.
Swift, M. M., Hopkins, A., Brundrett, P., Van Dyke, C., Garg, P., Chan, S., Goertzel, M., and Jensenworth, G. (2002). Improving the granularity of access control for windows 2000. ACM Trans. Inf. Syst. Secur., 5(4):398-437.
Tanenbaum, A. S. (2003). Computer Networks. Prentiche Hall, New Jersey - USA, 4th edition.
Tanenbaum, A. S. and Woodhull, A. S. (1997). Operating systems: Design and Implementation. Prentice Hall, New Jersey - USA, 2nd edition.
Walker, K. W., Bagder, D. F., Petkac, M. J., Sherman, L., and Oostendorp, K. A. (1996). Confining root programs with domain and type enforcement. In Proceedings of The 6th USENIX Security Symposium, San Jose, California.
Publicado
10/05/2004
Como Citar
KROPIWIEC, Diogo Ditzel; GEUS, Paulo Lício de.
Paradigmas de Segurança em Sistemas Operacionais. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 4. , 2004, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2004
.
p. 71-82.
DOI: https://doi.org/10.5753/sbseg.2004.21227.
