SweetStudy (HomeworkMarket.com)

0

Authentication and access control project

Accesscontrolsupportinoperatingsystem.pdf

Home >Information Systems homework help >Authentication and access control project

Access Control Support in Operating Systems

Definition of Operating System

The National Institute of Standards

and Technology (NIST) defines an

operating system as "a collection of

software that manages computer

hardware resources and provides

common services for computer

programs" (Barker, Smid, &

Branstad, p. 133). An operating

system is essentially a resource

manager that interfaces between a

user and the hardware resources of

a computer: CPU, memory, disk,

network, mouse, keyboard, and the

like.

Operating systems allow users and

applications, like browsers, games,

and productivity tools such as

Word and Excel to run and perform

in an environment in a harmonious

way. They protect each program

from other programs and ensure all

programs make progress according

to some priority. Thus, scheduling

applications to run is a major

function of an operating system.

Another important feature of an

operating system is that it provides a

shell or an application programming

interface (API) for users and applications

to interact with the hardware at a high

level. This high-level interface ensures

that same applications continue to run

with less or more resources (e.g., 64

Mbytes of RAM  or 128 Mbytes of RAM), on different hardware (CPU, memory,

disk, etc., of different types or

manufacturers), and when the operating

system is updated or the version is

changed.

An important step in an organization’s

security strategy is hardening of

operating systems. Patching the

operating system using auto-update is

the first line of defense. Removing

unnecessary services, applications, and

protocols, and edging on the side of

caution in granting access and privileges,

are other recommended steps for

hardening for improved security. The

Guide to General Server Security (NIST

SP800-123 ) provides many of the

guidelines here.

All modern operating systems implement

access controls , including providing

support for multifactor authentication.

Nearly all of them, including Linux and

Windows, provide some form of

discretionary access controls. Security

Enhanced RedHat Linux (SELinux), HP-

UX, and AIX (from IBM) has features for

RBAC implementation. Mandatory access

control mechanisms also exist in secure

versions of Linux, including SELinux, and

SUSE Linux (Software und System-

Entwicklung (German in origin), and later

versions of Windows, from Vista onward.

Windows supports Mac products only for

integrity using the Biba integrity model; it

does not support Mac for confidentiality.

The CIA triad —confidentiality,

integrity, and availability—is the core of

operating system security. Tools,

techniques, and policies are implemented

to protect the operating system from

threats aimed at exploiting vulnerabilities

and compromising information assets.

Microsoft publishes current updates on

the security features and patches for

supported versions of their operating

systems. Linux, an open-source version

of the UNIX operating system, also

maintains guides on implementing and

maintaining security across many distros.

Significant resources are available

online for those who wish to research

more on Windows, Linux, and Mac OS-X

operating systems.

A virtual machine has more layers than a

native operating system–based machine,

leading to the potential for more

vulnerabilities and thus more security

problems. The hypervisor layer also

monitors several virtual layers over it,

potentially enabling direct information

leak and covert channels between virtual

machines. NIST's Guide to Security for

Full Virtualization Technologies (NIST

SP800-125) is a comprehensive resource.

The government publishes STIGs

(Security Technical Implementation

Guides) detailing the expectations for

hardening computer infrastructure. STIGs

serve as standardized rules for

government networks built using

commercial components, including

operating systems, database

management systems, and

communication systems. The purpose of

the STIGs is to define the usage and

modifications of commercial components

so that environments are configured and

implemented in a highly secure manner.

References

Barker, E., Smid, M., & Branstad, D.

(2015, October). A Profile for

U.S. Federal Cryptographic Key

Management Systems (CKMS).

doi:http://dx.doi.org/10.6028/NI

ST.SP.800-152

Scarfone, K., Jansen, W., & Tracy, M.

(2008, July). Guide to General

Server Security. Retrieved from

Information Technology

Laboratory, Computer Security

Resource Center:

https://csrc.nist.gov/publications

/detail/sp/800-123/final

Scarfone, K., Souppaya, M., & Hoffman,

P. (2011, January). Guide to

Security for Full Virtualization

Technologies. Retrieved from

Information Technology

Laboratory, Computer Security

Resource Center:

https://csrc.nist.gov/publications

/detail/sp/800-125/final

Unclassified DISA STIG List. (2020).

https://www.stigviewer.com/stig

s

Security and Privacy Controls

for Federal Information

Systems and Organizations

Increasing Windows Security

by Hardening PC

Configurations

© 2021 University of Maryland Global Campus

All links to external sites were verified at the time of

publication. UMGC is not responsible for the validity

or integrity of information located at external sites.

Learning Topic

Print

Resources

6/3/21, 1:38 PM Page 1 of 1