Assurance in Trusted Operating Systems
This
chapter has moved our discussion from the general to the particular. We began
by studying different models of protection systems. By the time we reached the
last section, we examined three principlesisolation, security kernel, and
layered structureused in designing secure operating systems, and we looked in
detail at the approaches taken by designers of particular operating systems.
Now, we suppose that an operating system provider has taken these
considerations into account and claims to have a secure design. It is time for
us to consider assurance, ways of
convincing others that a model, design, and implementation are correct.
What
justifies our confidence in the security features of an operating system? If
someone else has evaluated the system, how have the confidence levels of
operating systems been rated? In our assessment, we must recognize that
operating systems are used in different environments; in some applications,
less secure operating systems may be acceptable. Overall, then, we need ways of
determining whether a particular operating system is appropriate for a certain
set of needs. Both in Chapter 4 and in
the previous section, we looked at design and process techniques for building
confidence in the quality and correctness of a system. In this section, we
explore ways to actually demonstrate the security of an operating system, using
techniques such as testing, formal verification, and informal validation. Snow [SNO05] explains what assurance is and why we need it.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.