General Purpose Operating System for Security-critical Applications

Computers are used by the general public for an increasing number of tasks where security is an important aspect. Most of the computers are used to execute potentially malicious applications, often without the user’s knowledge, alongside applications that process sensitive data. The common security functions of the current common operating systems do not provide sufficient protection of the confidentiality and the integrity of the sensitive data processed by one application against other applications running on behalf of the same user. We show that the operating system has an important role in security – it is often impossible to effectively deal with security at the application layer without a suitable support of the operating system. We analyze several typical examples of applications used in home and office environments and generalize the security requirements and the security properties of the data used by the applications. We design a security model including a formally defined information flow policy to protect the confidentiality and the integrity of the data. We state and prove basic security properties of the model. We analyze several existing protection profiles for operating systems, and we argue that none of them is suitable for an operating system with the intended use. We present a new protection profile that supports our new security model. Finally, we show that it is feasible to modify Linux operating system to make it compliant with the presented protection profile. ∗Recommended by thesis supervisor: Assoc. Prof. Daniel Olejár Defended at Faculty of Mathematics, Physics and Informatics, Comenius University in Bratislava on November 22, 2010. c ⃝ Copyright 2010. All rights reserved. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies show this notice on the first page or initial screen of a display along with the full citation. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works requires prior specific permission and/or a fee. Permissions may be requested from STU Press, Vazovova 5, 811 07 Bratislava, Slovakia. Janáček, J. General Purpose Operating System for Security-critical Applications. Information Sciences and Technologies Bulletin of the ACM Slovakia, Vol. 2, No. 2 (2010) 49-59