Abstract
The consequences of security breaches due to system administrator errors can be catastrophic. Software systems in general, and OSes in particular, ultimately depend on a fully trusted administrator whom is granted superuser privileges that allow him to fully control the system. Consequently, an administrator acting negligently or unethically can easily compromise user data in irreversible ways by leaking, modifying, or deleting data. In this paper we propose a new set of guiding principles for OS design that we call the broker security model. Our model aims to increase OS security without hindering manageability. This is achieved by a two-step process that (1) restricts administrator privileges to preclude inspection and modification of user data, and (2) allows for management tasks that are mediated by a layer of trusted programs—brokers—interposed between the management interface and system objects. We demonstrate the viability of this approach by building BrokULOS, a Linux-based OS that suppresses superuser privileges and exposes a narrow management interface consisting of a set of tailor-made brokers. Our evaluation shows that our modifications to Linux add negligible overhead to applications while preserving system manageability.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Federal Government’s Cloud Plans: A $20 Billion Shift, http://www.cio.com/article/671013/Federal_Government_s_Cloud_Plans_A_20_Billion_Shift
Lxc Linux Containers, http://lxc.sourceforge.net
Trusted GRUB, http://trousers.sourceforge.net/grub.html
Ubuntu, http://www.ubuntu.com/
Verizon to Put Medical Records in the Cloud, http://www.networkcomputing.com/cloud-computing/229501444
Insecurity of Privileged Users: Global Survey of IT Practitioners. Tech. rep. Ponem Institute and HP (2011), http://h30507.www3.hp.com/hpblogs/attachments/hpblogs/666/62/1/HP%20Privileged%20User%20Study%20FINAL%20December%202011.pdf
Bell, E.D., La Padula, J.L.: Secure computer system: Unified exposition and Multics interpretation. Tech. rep. MITRE Corp. (1976)
Biba, K.J.: Integrity considerations for secure computer systems. Tech. rep. MITRE Corp. (1977)
Clark, D.D., Wilson, D.R.: A Comparison of Commercial and Military Computer Security Policies. In: IEEE Symposium on Security and Privacy (1987)
Colp, P., Nanavati, M., Zhu, J., Aiello, W., Coker, G., Deegan, T., Loscocco, P., Warfield, A.: Breaking up is hard to do: security and functionality in a commodity hypervisor. In: SOSP (2011)
ENISA: Cloud Computing - SME Survey (2009), http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-sme-survey/
ENISA: Cloud Computing Risk Assessment (2009), http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment
GBdirect: Linux System Administration (2004), http://training.gbdirect.co.uk
Hamilton, J.: An Architecture for Modular Data Centers. In: CIDR (2007)
Härtig, H., Hohmuth, M., Feske, N., Helmuth, C., Lackorzynski, A., Mehnert, F., Peter, M.: The Nizza Secure-system Architecture. In: CollaborateCom (2005)
Esteve, J., Boldrito, R.: GNU/Linux Advanced Administration (2007)
Kamp, P., Watson, R.N.M.: Jails: Confining the omnipotent root. In: SANE 2000 (2000)
Keeney, M.: Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. Tech. rep. U.S. Secret Service and CMU (2005), http://www.secretservice.gov/ntac/its_report_050516.pdf
Kim, T., Zeldovich, N.: Making Linux Protection Mechanisms Egalitarian with UserFS. In: USENIX Security Symposium 2010 (2010)
Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: Formal verification of an OS kernel. In: SOSP (2009)
Kowalski, E.: Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector. Tech. rep. U.S. Secret Service and CMU (2008), http://www.secretservice.gov/ntac/final_it_sector_2008_0109.pdf
Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information Flow Control for Standard OS Abstractions. In: SOSP (2007)
McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V.D., Perrig, A.: TrustVisor: Efficient TCB Reduction and Attestation. In: IEEE Symposium on Security and Privacy (2010)
McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An Execution Infrastructure for TCB Minimization. In: EuroSys (2008)
Microsoft: BitLocker Drive Encryption, http://www.microsoft.com/whdc/system/platform/hwsecurity/default.mspx
Murray, D.G., Milos, G., Hand, S.: Improving Xen Security Through Disaggregation. In: VEE (2008)
Myers, A.C., Liskov, B.: A Decentralized Model for Information Flow Control. In: SOSP (1997)
NSA: Security-Enhanced Linux (SELinux) (2001), http://www.nsa.gov/selinux
Parno, B., McCune, J.M., Perrig, A.: Bootstrapping Trust in Commodity Computers. In: IEEE Symposium on Security and Privacy (2010)
Cox, R., Grosse, E., Pike, R., Presotto, D., Quinlan, S.: Security in Plan 9. In: USENIX Security Symposium 2002 (2002)
Santos, N., Rodrigues, R., Gummadi, K.P., Saroiu, S.: Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services. In: USENIX Security (2012)
Sirer, E.G., de Bruijn, W., Reynold, P., Shieh, A., Walsh, K., Williams, D., Schneider, F.B.: Logical Attestation: An Authorization Architecture for Trustworthy Computing. In: SOSP (2011)
Steinberg, U., Kauer, B.: NOVA: A Microhypervisor-Based Secure Virtualization Architecture. In: Eurosys (2010)
Wirzenius, L., Oja, J., Stafford, S., Weeks, A.: The Linux System Administrator’s Guide (1993-2004), http://tldp.org/LDP/sag
Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making Information Flow Explicit in HiStar. In: OSDI (2006)
Zhang, F., Chen, J., Chen, H., Zang, B.: CloudVisor: Retrofitting Protection of Virtual Machines in Multi-tenant Cloud with Nested Virtualization. In: SOSP (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Santos, N., Rodrigues, R., Ford, B. (2012). Enhancing the OS against Security Threats in System Administration. In: Narasimhan, P., Triantafillou, P. (eds) Middleware 2012. Middleware 2012. Lecture Notes in Computer Science, vol 7662. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35170-9_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-35170-9_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35169-3
Online ISBN: 978-3-642-35170-9
eBook Packages: Computer ScienceComputer Science (R0)