1

A U T H O R S – X . N I E , D. F E N G, J. C H E , X . WA N G

P R E S E N T E D BY- P R E O YAT I K H A N

K E N T S TAT E U N I V E R S I T Y

Design and Implementation of Security Operating System based

on Trusted Computing

2

Contents

•Introduction•Trusted computing platform•Security model for trusted computing•Security operating system for trusted computing•Experiment and Performance•Conclusions

3

Introduction

Analyzes and reviews relative work of security operating system based on trusted computing.

Classical security model BLP is improved to get IBLP.

The overall design scheme and modularized implementation of a secure system for trusted computing.

Experiment result to show effectiveness and feasibility of their system.

4

Trusted computing

Behavior is predictable in any operating condition.

Highly resistant to subversion by application software, viruses and a given level of physical interference.

5

Trusted Computing Platform

Allows systems to extend trust to clients running on these platforms.

Provides open platforms: wide availability, diverse hardware types, and the ability to run many applications from many mutually distrusting sources while still retaining trust in clients.

6

Trusted Computing Platform(cont.)

TCPA/TCG structure contains 4 essential factors.1. TPM(Trusted Platform Module).

Core of hardware level security framework. Generates encryption key. Protects BIOS and the OS from malicious activity.

2. CRTM( Core Root Trust Module). Initializes entire systems and authenticates BIOS.

3. TCPA OS. Supports hardware modules and applications. Launches TCPA control function .

4. Compatibility. Allows the existing computer system hardware

foundation to exists continuously.

7

Trusted Computing Platform(cont.)

TCPA Application

TCPA Operating System

TPM CRTM CPU Other Chips

Present PartTrusted Part

Figure1: TCPA/TCG system structure

8

Security model for trusted computing

BLP model: simulates a computer system accord with military security policy.

In BLP there are 4 access attributes: e access (execute with neither observe nor alter) r access (observe with no alter) a access (alter with no observe) w access (both observe and alter)

9

Security model for trusted computing(cont.)

BLP denotes B(S,O,A) to denote the current access state set.

S - set of subjectO - set of objectA - access attribute, consists of e access, r

access, a access and w access.

10

Security model for trusted computing

Two important axiom: ss- property and star property.

Simple security(ss-property):

* Property (Star property):

11

Security model for trusted computing

Problems with BLP model: Trusted subject does not have star property constraint Too large access privilege Does not match minimum privilege principle. Lack of integrity control.

12

Design of IBLP security model

The authors of this paper designed a security model based on trusted computing through the improvement of BLP and called it IBLP.

13

Definition of IBLP

1. Security attribute.• Security attribute for each subject and object

includes- Confidentiality level Sc Integrity level Si Access category sets Ca

2. Security domain.• The security domain of subject S can be classified

as common subject C and trusted subject T.

14

Axiom of IBLP

1. Simple security property(Ss-property).

1 and 2 : common subject can neither observe nor execute information of the object

on the higher confidentiality level. lower integrity level.

3 and 4 : Trusted subject on the lower confidentiality level can neither observe nor

execute information of the object on the higher confidentiality level. But can observe and execute information of the object, lower integrity level.

15

Axiom of IBLP

1. Star-property.

5 and 6 : common subject can only alter information of the object on the

same confidentiality and integrity level .

7 and 8 : Trusted subject on the lower integrity level can not alter

information of object on the higher integrity level but can alter information of object on the lower confidentiality level.

16

Axiom of IBLP

1. Simple security property(Ss-property).

2. Star-property.

17

Analysis of IBLP

1. Consistent with the basic security feature of BLP.

ss-property of IBLP is consistent with the ss-property of BLP.

The star property of IBLP can be seen a special case of the star-property of BLP.

2. Meets the principle of minimum privilege.3. Prevents the occurrence of covert channel.4. Meets the security requirement of trusted

computing in a more flexible way.

18

Security operating system for trusted computing

Figure 2. The overall design

19

Security operating system for trusted computing (cont.)

Modular implementation: Modularly developed and implemented on an open

code Linux environment.Trusted identification:

Is used to ensure that only legitimate users can access the system resources.

20

Security operating system for trusted computing (cont.)

Privileged access control: Ensures that a trusted process only gets the security

privilege that meets the requirement of its task.Discretionary access control:

Uses ACL defined by user to implement access control of resources.

<Type, Id, Perm>Mandatory access control:

Manages system resources by classifying them according to their security level.

21

Security operating system for trusted computing (cont.)

Integrity Measurement: Mainly protects the content continuously loaded by OS after

secure boot of TPM.

Figure 3: TPM-based Integrity Measurement

22

Security operating system for trusted computing (cont.)

Security audit: Audits any security related events Generate and reveal secret information for system

manager to control security situation.

23

Experiment and Performance

Security Function: Can detect and defend most of the attack at present.

Table 1. Rate of detection for typical attack.

Attack type

IP cheating

Buffer Overflow

Denial of Service

Rootkit

Rate of detection

80% 85% 87% 95%

24

Experiment and Performance(cont.)

Decline of Performance: The decline rate of efficiency is no more than 10%

Table 2. decline rate of efficiency.

Test project

Test ipc Test fork Test fs

Decline rate

8% 10% 10%

25

Conclusions

Improved traditional security model BLP, and designed a trusted computing based security model IBLP.

Presented the design and implementation of a secure operating system for trusted computing platform.

26

Conclusions(cont.)

Will improve the system to be more compatible with the security requirement of trusted computing application.

Will adopt optimizations algorithms to improve the performance.

27

Thank You