1
00:00:01,720 --> 00:00:07,830
Welcome to a lecture on the security of operating systems the first module in the series will focus

2
00:00:07,830 --> 00:00:13,210
on operating system security models illustrated by Windows systems.

3
00:00:13,250 --> 00:00:18,020
We will try and answer the following question what level of protection can be offered by an operating

4
00:00:18,020 --> 00:00:18,910
system.

5
00:00:21,520 --> 00:00:24,330
Let's start with basic security.

6
00:00:24,360 --> 00:00:27,270
What sort of protection can be expected from operating systems

7
00:00:30,810 --> 00:00:35,560
an operating system must above all guarantee the availability of provided services.

8
00:00:37,080 --> 00:00:41,560
We as users need to be sure that the tasks we want to execute will be executed.

9
00:00:43,480 --> 00:00:48,250
We also need to be sure that the system performance will be reliable for example that the system will

10
00:00:48,250 --> 00:00:48,920
not fail

11
00:00:51,710 --> 00:00:56,690
and the aspect that is most relevant in this course is that the data is stored and processed by an operating

12
00:00:56,690 --> 00:01:02,000
system will remain secure and confidential and that its integrity won't be compromised.

13
00:01:04,430 --> 00:01:12,370
Modern operating systems or any of the computers we're used are almost always connected to some network.

14
00:01:12,400 --> 00:01:15,930
There are also almost always connected to the global network the Internet

15
00:01:18,870 --> 00:01:24,010
their environment supports a number of applications which exchange data with external services without

16
00:01:24,010 --> 00:01:24,860
her knowledge.

17
00:01:27,160 --> 00:01:32,380
This is a problem because we have no control or little control over the data that can be found in our

18
00:01:32,380 --> 00:01:34,340
computer and is processed by it.

19
00:01:39,340 --> 00:01:44,210
A good example of this are any viruses or any other programs that update regularly

20
00:01:46,810 --> 00:01:52,180
some developers set the default control to such an aggressive level that an anti-virus checks for virus

21
00:01:52,180 --> 00:01:59,450
database updates multiple times per minute if you monitor network traffic you'll see that your scanner

22
00:01:59,450 --> 00:02:04,060
sends out an update query regularly even every 15 or 20 seconds.

23
00:02:10,750 --> 00:02:16,450
To standardize the security that is provided by a computer system a classification for evaluating security

24
00:02:16,450 --> 00:02:20,070
levels has been introduced.

25
00:02:20,220 --> 00:02:25,320
Initially the assessment criteria of operating system security were published in a document called the

26
00:02:25,320 --> 00:02:28,300
Orange Book.

27
00:02:28,360 --> 00:02:32,410
It was part of a rainbow book series on computer systems security.

28
00:02:32,410 --> 00:02:38,910
Several years later the evaluation standard was updated and systematized.

29
00:02:38,950 --> 00:02:43,450
Today the binding standards are the common criteria for information technology.

30
00:02:43,510 --> 00:02:51,480
The CC norm as you can see there are several standard categories.

31
00:02:51,500 --> 00:02:56,600
The table above shows relationships or the corresponding security levels under the Orange Book and the

32
00:02:56,600 --> 00:03:02,010
Common Criteria standards.

33
00:03:02,020 --> 00:03:04,370
Let's start with the most basic systems.

34
00:03:04,420 --> 00:03:07,460
This is the division or the first e-mail level

35
00:03:10,250 --> 00:03:15,480
to be classified at this level an operating system doesn't have to offer any guarantee of protection.

36
00:03:17,730 --> 00:03:22,570
The system doesn't support for example the separation of user sessions.

37
00:03:22,580 --> 00:03:28,020
This means that the physical address to the computer means defacto gaining full control over the system.

38
00:03:30,780 --> 00:03:39,100
This includes the ability to open and modify other users data to give you an example the Windows 9x

39
00:03:39,100 --> 00:03:41,750
serious systems are classified at this level.

40
00:03:44,060 --> 00:03:49,700
The second level provides for discretionary data protection a system is required to authenticate an

41
00:03:49,700 --> 00:03:58,370
authorized users in a secure manner once identification is completed prior to executing each command.

42
00:03:58,470 --> 00:04:01,880
A user will be verified for having appropriate privileges to run it.

43
00:04:04,190 --> 00:04:09,840
Early Linux and Unix systems are classified at this level.

44
00:04:10,070 --> 00:04:16,240
The third level systems enforce access control adding to the features supported in level two systems

45
00:04:16,660 --> 00:04:23,930
systems classified at this level are required to provide for user activity monitoring each allowed or

46
00:04:23,930 --> 00:04:26,320
disallowed operation has to be logged.

47
00:04:28,770 --> 00:04:32,220
An example of a system class at this division is Windows A.E.

48
00:04:35,010 --> 00:04:41,370
the fourth level is restricted to systems that support labelled security protection.

49
00:04:41,420 --> 00:04:44,360
It's an implementation of a model known in cryptography.

50
00:04:44,360 --> 00:04:50,920
The security theory has the bell Lapa doula model will come back to this in the future.

51
00:04:52,820 --> 00:04:59,290
In a nutshell the model assigns sensitivity levels for certain types of data.

52
00:04:59,490 --> 00:05:04,530
A person with a given level of privileges will be able to access only the data that was assigned to

53
00:05:04,530 --> 00:05:07,330
the corresponding or lower sensitivity label.

54
00:05:09,870 --> 00:05:17,510
Newer Windows and Linux systems are classed at this level the fifth level also enforces structured protection

55
00:05:20,140 --> 00:05:24,910
it requires the operating system structure to allow for the monitoring and control of all operations

56
00:05:25,000 --> 00:05:26,860
executed by the system.

57
00:05:29,360 --> 00:05:33,770
This means that the uncontrollable tampering with data of another process is impossible.

58
00:05:35,340 --> 00:05:43,940
All launched operations are atomic operations and the access to the data processed by it must be authorized.

59
00:05:43,990 --> 00:05:47,200
The fifth level doesn't encompass popular operating systems.

60
00:05:48,180 --> 00:05:49,840
They don't even aspire to it.

61
00:05:52,900 --> 00:06:00,240
Some specialized versions of systems implemented on specific machines may be classed at this level.

62
00:06:00,410 --> 00:06:04,250
The six level systems required the provision of process isolation

63
00:06:06,930 --> 00:06:11,350
each security critical operation must be separate and independent in the system.

64
00:06:13,600 --> 00:06:19,060
The highest level the seventh level is assigned to those systems that are able to formally for example

65
00:06:19,060 --> 00:06:26,790
mathematically verify their security the systems have to effectively exclude any possibility of successful

66
00:06:26,790 --> 00:06:27,650
attacks.

67
00:06:32,790 --> 00:06:36,930
The security of these systems can't depend on configuration or user behavior.

68
00:06:38,240 --> 00:06:41,040
It has to offer formal assurance of full protection.

69
00:06:42,190 --> 00:06:47,190
Level 7 encompasses several devices not systems.

70
00:06:47,220 --> 00:06:50,040
They're definitely not commercially available.

71
00:06:50,040 --> 00:06:56,140
The modules that deal with operating systems security will talk above all about systems security boundaries.

72
00:06:58,320 --> 00:07:03,180
The concept of a security boundary is vitally important as safeguarding a system against cyber threats

73
00:07:03,180 --> 00:07:09,810
amounts to risk management we've realized this early on during the first modules of the first part of

74
00:07:09,810 --> 00:07:15,400
our course to manage the risks in a conscious manner.

75
00:07:15,650 --> 00:07:22,840
You have to be aware of the protection that is offered by a computer system.

76
00:07:22,870 --> 00:07:27,740
You also need to take note of the fact that an operating system can only protect data when it's running.

77
00:07:28,880 --> 00:07:34,410
It doesn't protect data against local attacks.

78
00:07:34,490 --> 00:07:39,260
We'll try to give you hints on using popular operating systems in a considerably security conscious

79
00:07:39,260 --> 00:07:39,930
way.

80
00:07:42,540 --> 00:07:47,310
And finally we'll also take a look at the concept of granting rights to users.

81
00:07:47,310 --> 00:07:54,220
What did the programs launched by users this different security model's been supported for many years

82
00:07:54,220 --> 00:07:59,370
and many computer systems also in Windows systems.

83
00:07:59,580 --> 00:08:05,610
The security model we just mentioned a model that is based on code on access rights is on the shelf

84
00:08:05,640 --> 00:08:08,060
but seldom used.

85
00:08:08,060 --> 00:08:12,710
This means that it's the task of the administrator to stop users from launching any potentially harmful

86
00:08:12,710 --> 00:08:13,850
programs.

87
00:08:16,130 --> 00:08:21,290
In the next lecture of this series we'll learn about the implementation of this.

88
00:08:21,330 --> 00:08:26,240
We'll also take a look at the techniques and tools for independent detection and removal of malware.

89
00:08:27,470 --> 00:08:34,190
The malware we refer to are mostly root kits programs that attempt to hide from users and administrators.

90
00:08:35,170 --> 00:08:41,750
At the end will evaluate the security of our systems configuration errors are in practice the largest

91
00:08:41,750 --> 00:08:48,550
source of problems with the protection measures effectiveness users and administrators often don't modify

92
00:08:48,550 --> 00:08:54,520
the default configuration of living it's set to provide the highest security which is not true.

93
00:08:55,440 --> 00:09:02,530
Or sometimes reconfigure their systems in a way that lowers the security even further.

94
00:09:02,540 --> 00:09:03,500
See you in the training.