Paradigmas de Segurança em Sistemas Operacionais
Abstract
Security has become one of the principal concerns during the development of applications in general. However, the continual growth in the number or security incidents reported demonstrates that such efforts have not been sufficient to contain the hacker's advances. In this paper, the security paradigms used by the more common operating systems are presented and their vulnerabilities discussed, highlighting the factors that have contributed to the growing number of attacks. New security paradigms are also presented and the factors that hinder their fast adoption are analyzed.
References
Baker, D. (1996). Fortresses built upon sand. In Proceedings of the New Security Paradigms Workshop.
Bell, D. E. and Padula, L. J. L. (1973). Secure computer systems: Mathematical foundations and model. Technical report, The MITRE Corporation, Bedford, MA, EUA.
CERT (2003). Cert/cc statistics 1988-2003. Disponível em <http://www.cert.org/stats/>. Acesso em: 16/02/04.
DoD (1985). Trusted Computer Security Evaluation Criteria. Department of Defense. DOD 5200.28-STD.
Feiertag, R. J. and Organick, E. (1971). The multics input-output system. In Proceedings of the Third Symposium on Operation Systems Principles, pages 35-41, New York.
Ferraiolo, D. and Kuhn, R. (1992). Role-based access control. In Poceedings of The 15th National Computer Security Conference.
Ford, B., Hibler, M., Lepreau, J., abd Godmar Back, P. T., and Clawson, S. (1996). Microkernels meet recursive virtual machines. In Proceedings of 2nd USENIX Symposium on Operating Systems Design and Impementation.
Garfinkel, S. and Spafford, G. (1996). Pratical Unix & Internet Security. O'Reilly & Associates, Inc., USA, 2nd edition. 971 p.
Gilburd, Z. (2003). Gentoo x86 selinux installation guide. Disponível em: <http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-install.xml>.
Harrison, M. A., Ruzzo,W. L., and Ullman, J. D. (1976). Protection in operating systems. Commun. ACM, 19(8):461-471.
Jaeger, T., Zhang, X., and Cacheda, F. (2003). Policy management using access control spaces. ACM Trans. Inf. Syst. Secur., 6(3):327-364.
Liedtke, J. (1996). L4 Reference Manual. IBM T. J.Watson Research Center. RC 20549.
Loscocco, P. and Smalley, S. (2001a). Integrating flexible support for security policies into the linux operating system. In Proccedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, Boston Mass.
Loscocco, P. and Smalley, S. (2001b). Meeting critical security objectives with securityenhanced linux. In Proccedings of The 2001 Ottawa Linux Symposium, Ottawa, Ont., Canada.
Loscocco, P. A., Smalley, S. D., Muckelbauer, P. A., Taylor, R. C., Turner, S. J., and Farrel, J. F. (1998). The inevitability of failure: The flawed assumption of security in modern computing environment. In Proceedings of the 21st National Information Systems Security Conference, pages 303-314.
Mazieres, D. and Kaashoek, M. (1997). Secure applications need flexible operating systems. In Proceedings of the 6th Workshop on Hot Topics in Operating Systems.
Nakamura, E. and de Geus, P. L. (2002). Segurança de Redes em ambientes cooperativos. Editora Berkeley, São Paulo, first edition.
Ritchie, D. M. and Thompson, K. (1974). The unix time-sharing system. Commun. ACM, 17(7):365-375.
Secure Computing Corporation (1998). Assurance in the fluke microkernel: Formal security model. Technical report, Secure Computing Corporation. MD A904-97-C-3047 CDRL A003.
Silbertschatz, P. B., Galvin, P. B., and Gagne, G. (2002). Operating System Concepts. John Wiley & Sons, Inc., New York, 6th edition. 887 p.
Swift, M. M., Hopkins, A., Brundrett, P., Van Dyke, C., Garg, P., Chan, S., Goertzel, M., and Jensenworth, G. (2002). Improving the granularity of access control for windows 2000. ACM Trans. Inf. Syst. Secur., 5(4):398-437.
Tanenbaum, A. S. (2003). Computer Networks. Prentiche Hall, New Jersey - USA, 4th edition.
Tanenbaum, A. S. and Woodhull, A. S. (1997). Operating systems: Design and Implementation. Prentice Hall, New Jersey - USA, 2nd edition.
Walker, K. W., Bagder, D. F., Petkac, M. J., Sherman, L., and Oostendorp, K. A. (1996). Confining root programs with domain and type enforcement. In Proceedings of The 6th USENIX Security Symposium, San Jose, California.
Bell, D. E. and Padula, L. J. L. (1973). Secure computer systems: Mathematical foundations and model. Technical report, The MITRE Corporation, Bedford, MA, EUA.
CERT (2003). Cert/cc statistics 1988-2003. Disponível em <http://www.cert.org/stats/>. Acesso em: 16/02/04.
DoD (1985). Trusted Computer Security Evaluation Criteria. Department of Defense. DOD 5200.28-STD.
Feiertag, R. J. and Organick, E. (1971). The multics input-output system. In Proceedings of the Third Symposium on Operation Systems Principles, pages 35-41, New York.
Ferraiolo, D. and Kuhn, R. (1992). Role-based access control. In Poceedings of The 15th National Computer Security Conference.
Ford, B., Hibler, M., Lepreau, J., abd Godmar Back, P. T., and Clawson, S. (1996). Microkernels meet recursive virtual machines. In Proceedings of 2nd USENIX Symposium on Operating Systems Design and Impementation.
Garfinkel, S. and Spafford, G. (1996). Pratical Unix & Internet Security. O'Reilly & Associates, Inc., USA, 2nd edition. 971 p.
Gilburd, Z. (2003). Gentoo x86 selinux installation guide. Disponível em: <http://www.gentoo.org/proj/en/hardened/selinux/selinux-x86-install.xml>.
Harrison, M. A., Ruzzo,W. L., and Ullman, J. D. (1976). Protection in operating systems. Commun. ACM, 19(8):461-471.
Jaeger, T., Zhang, X., and Cacheda, F. (2003). Policy management using access control spaces. ACM Trans. Inf. Syst. Secur., 6(3):327-364.
Liedtke, J. (1996). L4 Reference Manual. IBM T. J.Watson Research Center. RC 20549.
Loscocco, P. and Smalley, S. (2001a). Integrating flexible support for security policies into the linux operating system. In Proccedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, Boston Mass.
Loscocco, P. and Smalley, S. (2001b). Meeting critical security objectives with securityenhanced linux. In Proccedings of The 2001 Ottawa Linux Symposium, Ottawa, Ont., Canada.
Loscocco, P. A., Smalley, S. D., Muckelbauer, P. A., Taylor, R. C., Turner, S. J., and Farrel, J. F. (1998). The inevitability of failure: The flawed assumption of security in modern computing environment. In Proceedings of the 21st National Information Systems Security Conference, pages 303-314.
Mazieres, D. and Kaashoek, M. (1997). Secure applications need flexible operating systems. In Proceedings of the 6th Workshop on Hot Topics in Operating Systems.
Nakamura, E. and de Geus, P. L. (2002). Segurança de Redes em ambientes cooperativos. Editora Berkeley, São Paulo, first edition.
Ritchie, D. M. and Thompson, K. (1974). The unix time-sharing system. Commun. ACM, 17(7):365-375.
Secure Computing Corporation (1998). Assurance in the fluke microkernel: Formal security model. Technical report, Secure Computing Corporation. MD A904-97-C-3047 CDRL A003.
Silbertschatz, P. B., Galvin, P. B., and Gagne, G. (2002). Operating System Concepts. John Wiley & Sons, Inc., New York, 6th edition. 887 p.
Swift, M. M., Hopkins, A., Brundrett, P., Van Dyke, C., Garg, P., Chan, S., Goertzel, M., and Jensenworth, G. (2002). Improving the granularity of access control for windows 2000. ACM Trans. Inf. Syst. Secur., 5(4):398-437.
Tanenbaum, A. S. (2003). Computer Networks. Prentiche Hall, New Jersey - USA, 4th edition.
Tanenbaum, A. S. and Woodhull, A. S. (1997). Operating systems: Design and Implementation. Prentice Hall, New Jersey - USA, 2nd edition.
Walker, K. W., Bagder, D. F., Petkac, M. J., Sherman, L., and Oostendorp, K. A. (1996). Confining root programs with domain and type enforcement. In Proceedings of The 6th USENIX Security Symposium, San Jose, California.
Published
2004-05-10
How to Cite
KROPIWIEC, Diogo Ditzel; GEUS, Paulo Lício de.
Paradigmas de Segurança em Sistemas Operacionais. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 4. , 2004, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2004
.
p. 71-82.
DOI: https://doi.org/10.5753/sbseg.2004.21227.
