Chapter 13 Operating systems and security

Separation:
bulletPhysical Users are restricted to seperate devices
bulletTemporal  Processes execute one at a time
bulletLogical each process has its own sandbox, restricted what it can do outside its sandbox
bulletCryptographic an outsider can not read the data

Memory protection:

bulletFence
bulletSegmentation
bulletPaging Same as Segmentation, but all segments are of a fixed size, no fragmentation

Access control:

bulletOS has access to all

Next Generation Secure Computing Base:

bulletStrong process isolation  prevent processes interfering with each other
bulletSealed storage hashing
bulletSecure path mouse, keyboard, monitor
bulletAttestation secure authentication of "things" (device, software, services)

  Uses public key cryptography, anonymity is provided by TTP and Zero knowledge

 

  A "Trusted Computer" is a computer that can break my security.   Ross Anderson