Topic: operating system security

topics > computer science > Group: security

operating system

computer architecture
device driver
distributed system security
error safe systems
limitations of system security
mobile code
operating system kernel
password protection
power fail recovery
proof-carrying code
safety critical systems
security by access rights
security by audit trail
security by capabilities
security by secure domains
security leaks and weaknesses
type-safe and secure languages

Subtopic: security features up

Quote: for security, Inferno provides message digests, encrypted channels, authenticated file names, and signed modules; based on CryptoLib [»dorwSM1_1997]

Subtopic: security kernel up

Quote: a security kernel mistakenly combines separation and mediation of security issues [»rushJ7_1983]
Quote: EDSYS is a secure system because users can not create load modules; only completely debugged programs are allowed to run [»bernN3_1977]
Quote: EROS has formal verification of security properties and very little performance loss [»shapJS1_2002]

Subtopic: trusted computing base up

Quote: SPIN depends only on Modula-3's interfaces, type safety, and automatic memory management; no dangling pointers or array overflow [»bersBN12_1995]
Quote: SPIN uses Modula-3 to guarantee that an extension's interface is obeyed; compiler is part of trusted computing base [»grimR2_2001]
Quote: SPIN's core services (e.g., memory and processor) must be trusted; incorrect usage isolated to the extension [»bersBN12_1995]

Subtopic: safe kernel extensions up

Quote: simple, fast proof-carrying code; guaranteed conformance with a operating system's safety policy; e.g., network packet filters [»necuGC10_1996]

Subtopic: memory allocation up

Quote: use region-based memory allocation for secure systems; smaller trusted computing base, avoids garbage collection pauses, region profiling, safe memory operations without leaks [»walkD7_2000]
Quote: in Overshadow, a hypervisor encrypts memory in a virtual machine; it appears normal to the unmodified application; 30% slower [»chenX3_2008]

Subtopic: secure bootstrap up

Quote: a secure system must start in a consistent and secure state; EROS periodically verifies a consistent, global checkpoint of the entire state of the machine; used for bootstrapping [»shapJS1_2002]

Subtopic: device driver up

Quote: Nooks wraps a device driver in a lightweight protection domain; copies kernel objects and checks parameters [»taneAS5_2006]

Subtopic: hardware security up

Quote: Intel x86 provides segment protection levels and page protection levels [»chiuTC3_1999]
Quote: efficient intra-address space protection by combining segmentation and paging hardware [»chiuTC3_1999]
Quote: protect the kernel from extension modules by loading each module into a less privileged segment within kernel space [»chiuTC3_1999]
Quote: on Intel architectures, an interrupt gate allows user processes to call kernel services [»chiuTC3_1999]
Quote: 10x cost for hardware-based extensions vs. 40x cost for kernel-process call-return; also, avoids TLB misses [»chiuTC3_1999]

Subtopic: insecurity up

Quote: huge operating systems with poor fault isolation; any statement can overwrite key data structures of unrelated components

Related Topics up

Group: operating system   (27 topics, 924 quotes)

Topic: authentication (93 items)
Topic: computer architecture (46 items)
Topic: device driver (15 items)
Topic: distributed system security (17 items)
Topic: encryption (45 items)
Topic: error safe systems (76 items)
Topic: limitations of system security (39 items)
Topic: mobile code (14 items)
Topic: operating system kernel (67 items)
Topic: password protection (44 items)
Topic: power fail recovery (6 items)
Topic: proof-carrying code (7 items)
Topic: safety critical systems (32 items)
Topic: security by access rights (38 items)
Topic: security by audit trail (18 items)
Topic: security by capabilities (65 items)
Topic: security by secure domains (45 items)
Topic: security leaks and weaknesses (67 items)
Topic: type-safe and secure languages
(43 items)

Updated barberCB 6/05
Copyright © 2002-2008 by C. Bradford Barber. All rights reserved.
Thesa is a trademark of C. Bradford Barber.