1
00:00:01,910 --> 00:00:07,550
Walk onto a course on operating system security boundaries will delve into the issue of using Windows

2
00:00:07,550 --> 00:00:14,570
systems for illustration as the most popular operating systems and use since Windows is so popular with

3
00:00:14,570 --> 00:00:15,230
users.

4
00:00:15,530 --> 00:00:22,480
We'll spend most of our working hours on protecting this system Microsoft has a well-defined security

5
00:00:22,480 --> 00:00:29,730
policy that will also use as an example to highlight some theoretical aspects Trustworthy Computing

6
00:00:29,730 --> 00:00:37,220
forms a part of Microsoft security policy initiative it was launched in 2002 and its goal is to ensure

7
00:00:37,220 --> 00:00:44,760
the security confidentiality and reliability of data processing.

8
00:00:44,810 --> 00:00:52,120
It is also to find the concept of a Windows security boundary this term relates to protecting users

9
00:00:52,120 --> 00:00:57,650
by sandboxing some areas by separating some operations that are potentially unsafe.

10
00:00:59,020 --> 00:01:04,360
They have to be isolated so they don't run in an uncontrolled manner and affect other components of

11
00:01:04,360 --> 00:01:08,450
the system environment and other users.

12
00:01:08,460 --> 00:01:14,980
The simplest boundary might look like the picture below boundary uses rules to separate code in data

13
00:01:14,980 --> 00:01:22,300
from other code and other data if it's defined in this way a boundary specifies that a code that is

14
00:01:22,300 --> 00:01:28,240
launched on one side of the boundary shouldn't access the code and data of the other side or that the

15
00:01:28,240 --> 00:01:31,470
Access has to be controlled by an explicitly defined rule.

16
00:01:32,950 --> 00:01:39,450
The rules have to be intuitive enough so that the user can grasp and follow them.

17
00:01:39,450 --> 00:01:41,370
This means that an OS developer.

18
00:01:41,370 --> 00:01:49,340
In this case Microsoft has to maintain the defined boundary developer has to react to all violations

19
00:01:49,340 --> 00:01:53,260
of the boundary and all attempts to cross it.

20
00:01:53,340 --> 00:01:58,650
If the security boundary is to isolate some processes it has to be worth the time and money it will

21
00:01:58,650 --> 00:01:59,930
cost to maintain it.

22
00:02:02,710 --> 00:02:09,740
Rules are used for a boundary have to be said explicitly You can't be a state border or the sort of

23
00:02:09,740 --> 00:02:13,900
border that you only need to slow down to cross through.

24
00:02:14,040 --> 00:02:16,960
It should be more like the border between North and South Korea.

25
00:02:18,090 --> 00:02:25,860
High fences barbed wire and a minefield in between the boundary has to be strong enough to make unauthorized

26
00:02:25,870 --> 00:02:29,790
passage impossible or at least significantly hinder it.

27
00:02:32,680 --> 00:02:38,620
If we assume it as such it turns out that maintaining security boundaries could incur too great a price

28
00:02:39,220 --> 00:02:44,970
not only for a system developer but above all for users.

29
00:02:45,030 --> 00:02:51,540
If you had a chance to work with Windows Vista you could witness this in practice the system and forced

30
00:02:51,540 --> 00:02:58,750
a strict boundary between administrator and user account roles an example of this was windows pop ups

31
00:02:58,750 --> 00:03:05,610
that repeatedly asked whether you really wanted to execute an operation Microsoft has learned their

32
00:03:05,610 --> 00:03:12,120
lesson and new versions of the system were less bothersome although as we'll see soon the boundaries

33
00:03:12,120 --> 00:03:13,540
still exists.

34
00:03:15,730 --> 00:03:22,280
The more boundaries the system implements the less user friendly it becomes.

35
00:03:22,290 --> 00:03:25,680
You can't put too much weight on security by reducing functionality

36
00:03:29,510 --> 00:03:36,040
violation of a security boundary has to be met with a prompt reaction from the software developer or

37
00:03:36,040 --> 00:03:38,660
otherwise boundaries wouldn't perform their function.

38
00:03:40,850 --> 00:03:46,580
One peculiar thing about cybercrime is that developing an attack technique requires specialized knowledge

39
00:03:46,970 --> 00:03:56,700
commitment and also money but a subsequent use of a premade scenario is much easier after a given vector

40
00:03:56,700 --> 00:03:58,170
becomes automated.

41
00:03:58,170 --> 00:04:05,090
It's a walk in the park and the boundary crossing has to entail an immediate reaction from software

42
00:04:05,090 --> 00:04:05,900
developers

43
00:04:10,100 --> 00:04:16,130
a consequence of the outlined assumptions is the fact that operating systems including Windows implement

44
00:04:16,130 --> 00:04:21,290
a lot fewer security boundaries than it would seem.

45
00:04:21,300 --> 00:04:25,530
It's worth noting that there's much fewer boundaries than the marketing materials that sing the praises

46
00:04:25,530 --> 00:04:33,820
of SLR the Epi and other security solutions would have you believe as it will turn out.

47
00:04:33,950 --> 00:04:37,640
The solutions don't necessarily define any security boundaries.