Skip to main content
SpringerLink
Log in

Enhancing the OS against Security Threats in System Administration

  • Conference paper
Middleware 2012 (Middleware 2012)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7662))

Abstract

The consequences of security breaches due to system administrator errors can be catastrophic. Software systems in general, and OSes in particular, ultimately depend on a fully trusted administrator whom is granted superuser privileges that allow him to fully control the system. Consequently, an administrator acting negligently or unethically can easily compromise user data in irreversible ways by leaking, modifying, or deleting data. In this paper we propose a new set of guiding principles for OS design that we call the broker security model. Our model aims to increase OS security without hindering manageability. This is achieved by a two-step process that (1) restricts administrator privileges to preclude inspection and modification of user data, and (2) allows for management tasks that are mediated by a layer of trusted programs—brokers—interposed between the management interface and system objects. We demonstrate the viability of this approach by building BrokULOS, a Linux-based OS that suppresses superuser privileges and exposes a narrow management interface consisting of a set of tailor-made brokers. Our evaluation shows that our modifications to Linux add negligible overhead to applications while preserving system manageability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Federal Government’s Cloud Plans: A $20 Billion Shift, http://www.cio.com/article/671013/Federal_Government_s_Cloud_Plans_A_20_Billion_Shift

  2. Lxc Linux Containers, http://lxc.sourceforge.net

  3. Trusted GRUB, http://trousers.sourceforge.net/grub.html

  4. Ubuntu, http://www.ubuntu.com/

  5. Verizon to Put Medical Records in the Cloud, http://www.networkcomputing.com/cloud-computing/229501444

  6. Insecurity of Privileged Users: Global Survey of IT Practitioners. Tech. rep. Ponem Institute and HP (2011), http://h30507.www3.hp.com/hpblogs/attachments/hpblogs/666/62/1/HP%20Privileged%20User%20Study%20FINAL%20December%202011.pdf

  7. AppArmor, http://www.novell.com/linux/security/apparmor

  8. Bell, E.D., La Padula, J.L.: Secure computer system: Unified exposition and Multics interpretation. Tech. rep. MITRE Corp. (1976)

    Google Scholar 

  9. Biba, K.J.: Integrity considerations for secure computer systems. Tech. rep. MITRE Corp. (1977)

    Google Scholar 

  10. Clark, D.D., Wilson, D.R.: A Comparison of Commercial and Military Computer Security Policies. In: IEEE Symposium on Security and Privacy (1987)

    Google Scholar 

  11. Colp, P., Nanavati, M., Zhu, J., Aiello, W., Coker, G., Deegan, T., Loscocco, P., Warfield, A.: Breaking up is hard to do: security and functionality in a commodity hypervisor. In: SOSP (2011)

    Google Scholar 

  12. ENISA: Cloud Computing - SME Survey (2009), http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-sme-survey/

  13. ENISA: Cloud Computing Risk Assessment (2009), http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment

  14. GBdirect: Linux System Administration (2004), http://training.gbdirect.co.uk

  15. Hamilton, J.: An Architecture for Modular Data Centers. In: CIDR (2007)

    Google Scholar 

  16. Härtig, H., Hohmuth, M., Feske, N., Helmuth, C., Lackorzynski, A., Mehnert, F., Peter, M.: The Nizza Secure-system Architecture. In: CollaborateCom (2005)

    Google Scholar 

  17. Esteve, J., Boldrito, R.: GNU/Linux Advanced Administration (2007)

    Google Scholar 

  18. Kamp, P., Watson, R.N.M.: Jails: Confining the omnipotent root. In: SANE 2000 (2000)

    Google Scholar 

  19. Keeney, M.: Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. Tech. rep. U.S. Secret Service and CMU (2005), http://www.secretservice.gov/ntac/its_report_050516.pdf

  20. Kim, T., Zeldovich, N.: Making Linux Protection Mechanisms Egalitarian with UserFS. In: USENIX Security Symposium 2010 (2010)

    Google Scholar 

  21. Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: Formal verification of an OS kernel. In: SOSP (2009)

    Google Scholar 

  22. Kowalski, E.: Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector. Tech. rep. U.S. Secret Service and CMU (2008), http://www.secretservice.gov/ntac/final_it_sector_2008_0109.pdf

  23. Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information Flow Control for Standard OS Abstractions. In: SOSP (2007)

    Google Scholar 

  24. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V.D., Perrig, A.: TrustVisor: Efficient TCB Reduction and Attestation. In: IEEE Symposium on Security and Privacy (2010)

    Google Scholar 

  25. McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An Execution Infrastructure for TCB Minimization. In: EuroSys (2008)

    Google Scholar 

  26. Microsoft: BitLocker Drive Encryption, http://www.microsoft.com/whdc/system/platform/hwsecurity/default.mspx

  27. Murray, D.G., Milos, G., Hand, S.: Improving Xen Security Through Disaggregation. In: VEE (2008)

    Google Scholar 

  28. Myers, A.C., Liskov, B.: A Decentralized Model for Information Flow Control. In: SOSP (1997)

    Google Scholar 

  29. NSA: Security-Enhanced Linux (SELinux) (2001), http://www.nsa.gov/selinux

  30. Parno, B., McCune, J.M., Perrig, A.: Bootstrapping Trust in Commodity Computers. In: IEEE Symposium on Security and Privacy (2010)

    Google Scholar 

  31. Cox, R., Grosse, E., Pike, R., Presotto, D., Quinlan, S.: Security in Plan 9. In: USENIX Security Symposium 2002 (2002)

    Google Scholar 

  32. Santos, N., Rodrigues, R., Gummadi, K.P., Saroiu, S.: Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services. In: USENIX Security (2012)

    Google Scholar 

  33. Sirer, E.G., de Bruijn, W., Reynold, P., Shieh, A., Walsh, K., Williams, D., Schneider, F.B.: Logical Attestation: An Authorization Architecture for Trustworthy Computing. In: SOSP (2011)

    Google Scholar 

  34. Steinberg, U., Kauer, B.: NOVA: A Microhypervisor-Based Secure Virtualization Architecture. In: Eurosys (2010)

    Google Scholar 

  35. Wirzenius, L., Oja, J., Stafford, S., Weeks, A.: The Linux System Administrator’s Guide (1993-2004), http://tldp.org/LDP/sag

  36. Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making Information Flow Explicit in HiStar. In: OSDI (2006)

    Google Scholar 

  37. Zhang, F., Chen, J., Chen, H., Zang, B.: CloudVisor: Retrofitting Protection of Virtual Machines in Multi-tenant Cloud with Nested Virtualization. In: SOSP (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. MPI-SWS, Germany

    Nuno Santos

  2. CITI, Universidade Nova de Lisboa, Portugal

    Rodrigo Rodrigues

  3. Yale University, US

    Bryan Ford

Authors
  1. Nuno Santos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rodrigo Rodrigues
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bryan Ford
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Electrical and Computer Engineering Department, Carnegie Mellon University, 4720 Forbes Avenue, 15213, Pittsburgh, PA, USA

    Priya Narasimhan

  2. Department of Computer Engineering and Informatics, University of Patras, University Campus, 26504, Rio, Greece

    Peter Triantafillou

Rights and permissions

Reprints and permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Santos, N., Rodrigues, R., Ford, B. (2012). Enhancing the OS against Security Threats in System Administration. In: Narasimhan, P., Triantafillou, P. (eds) Middleware 2012. Middleware 2012. Lecture Notes in Computer Science, vol 7662. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35170-9_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35170-9_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35169-3

  • Online ISBN: 978-3-642-35170-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation