design and implementation of security operating system

8/13/2019 Design and Implementation of Security Operating System

1/6

Proceedings of the Fifth International Conference on Machine Learning and Cybernetics, Dalian, 13-16 August 2006

1-4244-0060-0/06/$20.00 2006 IEEE

2776

DESIGN AND IMPLEMENTATION OF SECURITY OPERATING SYSTEMBASED ON TRUSTED COMPUTING

XIAO-WEI NIE1, DENG-GUO FENG

1, JIAN-JUN CHE

2, XIN-PU WANG

3

1State Key Laboratory of Information Security of Graduate School of Chinese Academy of Science 1000492Immensity & Foison Technology Inc.100039

3China Internet Network Information Center. 100080

E-MAIL: [email protected]

Abstract:According to analyzing and researching the concept and

structure of trusted computing, this paper reviews the relative

work of security operating system based on trusted computing.

Then a security model based on trusted computing IBLP is

advanced through the improvement of a classical security

model BLP. The overall design scheme and modularized

implementation of a secure operating system for trusted

computing is presented on the base of the above work. Finally,

the experiment result indicates the effectiveness and feasibility

of our system.

Keywords:

Trusted computing; security operating system; securitymodel; access control

1. Introduction

Anderson proposed the concept of trusted computingfirst, which is mainly applied to fault-tolerant calculating,

failure detection and redundant backup technology, alreadywidely applied to aspects like trusted hardware platform,trusted software system, trusted network and so on atpresent. According to the ISO/IEC 15408, the so-called

trusted computing is: A trusted component, operation, orprocess is one whose behavior is predictable under almost

any operating condition and which is highly resistant tosubversion by application software, viruses and a givenlevel of physical interference. According to the abovedefinition, the trusted computing will become the infinitetrusted concept. Trusted platforms will allow systems toextend trust to clients running on these platforms, thus

providing the benefits of open platforms: wide availability,diverse hardware types, and the ability to run manyapplications from many mutually distrusting sources whilestill retaining trust in clients.

The vision of trusted platforms can not be achievedwith most of todays operating systems which offer poor

assurance and implement a security model that is largely

orthogonal to that required for trusted computing. To meetthe demands of implementing a trusted platform, weestablish a security model based on the trusted computing,outline the design plan of security operating system basedon the trusted platform and implement it based on themodularization

In the next section, we review the trusted computingorganizations, then describe trusted system structure andsecurity requirement for trusted computing. In section 3, wediscuss a security model BLP and improve it based ontrusted computing concept. In section 4, we advance theoverall design of the security operating system based on

trusted computing and describe its main module. Section 5describes experiments that highlight the security functionand performance of our system. The paper is concluded insection 6 by a summary and outlook of our work.

2. Trusted computing platform

From October 1999,Trusted Computing Platform

Alliance (TCPA), which is originated by HP, IBM, Inteland Microsoft and other companies, has expanded morethan the 200 members, covering all major manufacturersworldwide [1]. TCPA concentrates to strengthen the securityof the computing platform system framework and releases

TPM main standard (v1.1) on January 2001. TCPA isreorganized to Trusted Computing Group (TCG) on March

2003, releasing TPM main standard (v1.2). TheTCPA/TCG system structure is illustrated in Figure 1.

The TCPA/TCG structure contains 4 essential factors:1.TPM (Trusted Platform Module). It is the core of

hardware level security framework, which generatesencryption key, achieves high-speed data encryption and

decryption, secondarily protects BIOS and the OS frombeing malicious modified.

2.CRTM (Core Root Trust Module). It initializesentire system and authenticates BIOS.


2/6


2777

3.TCPA OS. TCPA operating system supportshardware modules and application. On the TCPA platform,the TCPA control function must launch through the

operating system, including authentication to exterior entity,differentiation between different applications.

4.Compatibility. TCPA allows the existing computersystem hardware foundation to exist continuously.Comparing with NGSCB, TCPA is an opener system,which permits more widespread trusted computing

realization based on it.

Figure 1.TCPA/TCG system structure

As shown in the Figure 1, Operating System based onTCPA is one of the most important parts, which offerssecurity link between trusted hardware and application.Now there are lots of work on operating system based on

TCPA such as integrity mechanism developed by IBM T. J.Watson Research Center

[2];AEGIS system structure for

integrity examination developed by University ofPennsylvania[3];Bear platform as a security box advancedby Dartmouth College[4];Terra, based on virtual machine

technology developed by Computer Science Department,Stanford University[5,6]; Xen system for hardware share in a

safe mode developed by University of CambridgeComputer Laboratory[7]. While most of them focus on the

security box and application for trusted computing, wemainly discuss the whole security operating system based

on trusted computing platform.

3. Security model for trusted computing

3.1. BLP model

BLP model is a security model that simulates acomputer system accord with military security policy,advanced by David Bell and Leonard La Padula, and is theearliest, most frequently used model. It is a state machinemodel, which formalized defines rules of system states and

state-switch, while constitutes a set of security axioms forrestricting state switching between system states [8,9].In BLP, there are 4 access attributes:

e access (execute with neither observe nor alter)

raccess(observe with no alter)

a access(alter with no observe)

w access (both observe and alter)

At the same time, BLP uses a tripleB ( AOS ,, ) to

denote the current access state set. In BLP, Sdenotes the set

of subject, O denotes the set of object, andA denotes the

access attribute andA consists of e access, r access, a access

and w access. Any access state b ),,( xos B .

The basic two important and basal axiom are simplesecurity property (ss-property) and * property (star

property):1.Simple security (ss-property). The ss-property is

satisfied if:

Bxos ),,( , ))()((),,( oSesSeros

Every "observation" access tripleb ),,( ros in the

current access set has the property that the security level ofsubject dominates the security level of object.

2. * Property (star property). The star property issatisfied if

Bxos ),,(

))()((),,( oSesSeaos and ))()((),,( oSesSewos =

Every alteration access triple b ),,( aos has the

property that the security level of object dominates thesecurity level of subject.

Every alteration and observation triple

b ),,( wos has the property that the security level of the

subject equals the level of the object.BLP also uses trusted subject concept to indicate the

subject not constrained by star property in actual system, inorder to ensure system normally operated and managed.

However, BLP model does not fully meet the securityrequirement of the trusted computing, as there are theproblems following:

1.In BLP model, the trusted subject does not have star

property constraint, getting a too large access privilege,which does not match minimum privileges principle, so theoperation privilege and application scope of trusted subjectshould be improved.

2.The BLP model focuses primarily on confidentialitycontrol, which controls information being transferred from

higher security level to lower security level, and has lack ofintegrity control over "alteration upward" operation, whichfails to effectively limit hidden channels.


3/6


2778

3.2. Design of IBLP security model

For the security requirement of trusted computing, wedesign a security model based on trusted computing

through the improvement of BLP and call it IBLP.

3.2.1. Definitionof IBLP

1.Security attribute. We will make an integratedconsideration about the confidentiality, integrity of everysubject and object [9]. Every subject and object has a

security attribute that includes three components:

confidentiality levelSc , integrity level Si and access

category sets Ca .2.Security domain. The security domain of subject

S can be classified as common subject C and trusted

subject T . Trusted security attributes of trusted subject aretheir trusted level.

3.2.2. Axiomof IBLP

1. Simple security property (Ss-property).

Ss-property is satisfied if: Bxos ),,(

)))()()()()()((),,(( oCaSCaoSisSioScsScrosCs ;(1)

))()()()()()((),,(( oCaSCaoSisSioScsSceosCs ;(2)

)))()()())((),,(( oCaSCaoScsScrosTs ;(3)

and

)))()()())((),,(( oCaSCaoScsSceosTs (4)

Formula (1) and (2) means that the common subjectcan neither observe nor execute information of the

object on the higher confidentiality level, and can neitherobserve nor execute information of the object on thelower integrity level in order to prevent integrity fromdamaged, also can not access unrelated informationillegally.

Formula (3) and (4) means that the trusted subject on

the lower confidentiality level can neither observe nor

execute information of the object on the higherconfidentiality level and unrelated information but canobserve and execute information of the object on thelower integrity level, and is trusted that has the ability toguarantee the integrity of the information.

2. Star-property

Star-property can be satisfied if: Bxos ),,(

)))()()()()()((),,(( oCaSCaoSisSioScsScaosCs == ; (5)

)))()()()()()((),,(( oCaSCaoSisSioScsScwosCs == ; (6)

)))()()()((),,(( oCaSCaoSisSiaosTS ; (7)

and

)))()()()((),,(( oCaSCaoSisSiwosTS (8)Formula (5) and (6) means that the common subject

can only alter information of the object on the sameconfidentiality and integrity level, and can not leakinformation to unrelated objects.

Formula (7) and (8) means that the trusted subject onthe lower integrity level can not alter information ofobject on the higher integrity level but can alterinformation of object on the lower confidentiality level andis trusted that has the ability to not leak information on thehigher confidentiality level to the objects on the lowerconfidentiality level and the information to the unrelated

objects.

3.2.3. Analysisof IBLP

1.IBLP is consistent with the basic security feature of

BLP.The ss-property of IBLP is consistent with the

ss-property of BLP. The star-property of IBLP can be seena special case of the starproperty of BLP.

2.IBLP meets the principle of minimum privilege.IBLP establishes the access rule for every subject,

which limits its privilege to finish its own work.3.IBLP prevents the occurrence of covert channel.

Based on confidentiality protection, IBLP adds on

integrity protection and limit alteration operation to thesame security level between subject and object in starproperty, to achieve the control of the covert channel of theoperating system.

4.IBLP meets the security requirement of trusted

computing in a more flexible way.Firstly, IBLP makes an integrated consideration about

the confidentiality and integrity of every subject and object.Then it classifies the domain of subject and access categoryof every subject and object. Finally, it establishes the accesscontrol principle on them, to achieve the security

requirement of trusted computing.

4. Security operating system for trusted computing

4.1. Overall design

According to the security requirement of trustedcomputing and the security model IBLP established in thesection 3, we proposed the integral design for securityoperating system based on trusted computing, as is shownin Figure 2.


4/6


2779

Application

Trusted software

Login

programme

Privilege

user

Common

user

System call

interface

Security

kernel

Hardware

Trusted

identification

Discretionary access

control /Mandatory

access control

Privileged

access control

Security

audit

Kernel programme

Trusted hardware

Integrity

measurement

Figure 2. The overall designSecurity operating system is an important link

mechanism between hardware and applications, which ismainly responsible for certificating processes anddistinguishing applications. Security mechanism of theoperating system consists of discretionary access control,

mandatory access control, integrity measurement, trustedidentification, privileged access control and security audit.The discretionary access control makes access controls tosystem resources primarily based on the needs of users. Themandatory access control classifies information systemsresources according to the security level, and controls user

access resources according to different security levels. The

integrity measurement makes use of TPM to protect thecontent loaded of the operating system from beingmalicious modified. The trusted identification mechanismmainly inspects the credibility of the software according tothe security policy of the security model IBLP established.

The privileged access control makes sure that every processgets the appropriate privilege. The security audit can recordall the behaviors related to the security of the system,offering the actual security data for security management.

4.2. Modular implementation

The trusted computing based security operating system

is modularly developed and implemented on an open codeLinux environment.

4.2.1. Trusted identification

Trusted identification is used to ensure that onlylegitimate users can access the system resources. Itidentifies the true identity of each user, and makes a namefor each user a unique identifier. The unique identifiermust not be forged so that an user can not imitate anotheruser. The action associating the only identifier with the user

is called identification, to identify the true identity of users.On the other hand, in order to maintain normal operation of

the system, some process that exceeds access controlmechanism need to be a privileged process, and the trustedidentification need to identify which process is a privilegedprocess.

4.2.2. Privileged access control

The privileged access control based on IBLP ensures

that a trusted process only gets the security privilege thatmeets the requirement of its task. When a particular trustedprocess accesses resources, the mechanism based on IBLPimplements the resources access control to ensure that atrusted process meet the security requirement of minimum

privilege.

4.2.3. Discretionary access control

Discretionary Access Control (DAC) uses accesscontrol list (ACL) defined by user to implement accesscontrol of resources. A typical ACL mechanism shows asfollows: < Type, Id, Perm >, in which type means theprocess type, Id is user id or group Id and Perm means

access privilege.

4.2.4. Mandatory access control

Mandatory access control (MAC) mainly managessystem resources by classifying them according to theirsecurity level. According to the requirement of the securitymodel IBLP in section 3, the system needs to assign to each

process, document and IPC object (message queue, signalset and shared storage area) the corresponding security

level. When a process accesses an object (a file forexample), according to the security mark (security level,etc.) of the process and access mode, MAC mechanismbased on IBLP compares the security level between the

process and the object, to determine whether the processcan access the object.


5/6


2780

4.2.5. Integrity Measurement

The integrity measurement mainly protects the contentcontinuously loaded by OS after secure boot of TPM. Our

integrity measurement architecture consists of measurementmechanism, integrity challenge mechanism and integrityvalidation mechanism. The measurement mechanismdetermines which part of the run-time environment tomeasure, when to measure, and how to securely maintainthe measurements. The integrity challenge mechanism

allows authorized challengers to retrieve measurement listsof a computing platform and verify their freshness andcompleteness. The integrity validation mechanism validate

that the measurement list is non-tampered and fresh as wellas validating that all individual measurement entries ofruntime components describe trustworthy code or

configuration files.Figure 3 shows how our integrity measurement

mechanism enables integrity attestation. Measurement listis initiated by measurement mechanism, which induce ameasurement of a file, store the measurement in an orderedlist in the kernel, and report the extension of the

measurement list to the TPM. The integrity challengemechanism allows integrity validation to request the

measurement list together with the TPM- signed aggregateof the measurement list (step 1 in Fig 3). Receiving such a

challenge, the integrity challenge mechanism first retrievesthe signed aggregate from the TPM (steps 2 and 3 in Fig 3)

and afterwards the measurement list from the kernel (step 4in Fig 3). Both are then returned to the attesting party in

step 5. Finally, the integrity validation mechanism canvalidate the information and reason about thetrustworthiness of the attesting systems run-time integrityin step 6.

4.2.6. Security audit

The security audit mainly audits any security related

events, generate and reveal secret or sensitive information

for the purpose that system manager can better understandand control the security situation of the system. We dividesecurity related events into register event and system events.As Linux has achieved the security audits against registerevents, our security audit here focuses on the system events.

In order to ensure every security related system event isaudited, the security audit against the only interface of userapplications and the system calls is implemented. At thesame time, for some system privileged instructions whichusually use system call and may have an impact on thesystem security, considering the audit against every system

calls used by privileged instruction will make audit too

complex and difficult to understand for auditor to judge thesituation of instruction being used, we add our audit againstprivileged instruction.

TPM

Platform configuration

register

Platform configuration

register

...

Integrity Challenge

Mechanism

Trusted Bios

Measurements

Integrity Validation

Mechanism

Report

Store

Report

2 QuoteReq 3 QuoteRes

1.Integrity Challenge

5.Integrity Responce

6. Validate Response 4.Retrieve

Measurement list

Measurement Mechanism

Figure 3: TPM-based Integrity Measurement

5. Experiment and Performance

5.1. Security Function

To check our systems security function, we establish

an experiment environment to implement penetrating testfor our security operating system.

On the base of known vulnerability of Linux system,we carry out penetrating test for our security operatingsystem. Some typical experiment result can be listed ontable1.

As is shown in Table 1, our system can detect and

defend against most of the attack at present.

Table 1. Rate of detection for typical attack of our security

operating system

Attacktype

IPCheating

BufferOverflow

Denial ofService

Rootkit

Rate ofdetection

80% 85% 87% 95%

5.2. Decline of Performance

We mainly examine decline of performance of our


6/6


2781

system through the execution efficiency of IPC, Processand the system call of file system.In the course of examination, we execute routine

test_ipc, test_fork and test_fs in common Linux and oursystem respectively. The decline rate of efficiency can beshown in table2.

As is shown in table2, the decline rate of efficiency ofour system is no more than 10%, which is acceptable bymost users.

Table 2. Decline rate of efficiency

Test project Test_ipc Test_fork Test_fs

Decline rate 8% 10% 10%

6. Conclusions

Security operating system is the key for the

implementation of a trusted computing platform. In thisarticle, according to the trusted computing securityrequirements, through appropriate improving the traditionalsecurity model BLP, we design a trusted computing basedsecurity model IBLP. Then we presented the design andimplementation of a secure operating system for trusted

computing platform. The system extends the TCG trustconcepts from the BIOS all the way up into the generaloperating system.

The next step of the work primarily is the development

of function of the security operating system andimprovement of its performance. We will improve our

system to be more compatible with the security requirementof trusted computing application. At the same time, we willadopt optimization algorithms to improve the performanceof our system to make more optimized balance between theperformance and availability of the security operationsystems.

Acknowledgements

This paper is supported by the state key laboratory ofinformation security of Graduate School of Chinese

Academy of Science and institute of software of ChineseAcademy of Science.

This work is supported by the National HighTechnology Research and Development Programme (863

Programme) under grant No. 2002AA142151.

References

[1] Sean W.Smith, Trusted computing platform designand application, Springer, Boston, USA, 2005.

[2] Reiner Sailer and Xiaolan Zhang and Trent Jaeger andLeendert van Doorn, Design and Implementation of a

TCG-based Integrity Measurement Architecture,Proceedings of the 13th USENIX Security Symposium,San Diego, CA, USA, August 913, 2004.

[3] William A Arbaughz, David J Farber, Jonathan M

Smith, A Secure and Reliable Bootstrap Architecture,

1997 IEEE Security and Privacy Conference, USA,pp.65-71, 1997.

[4] John Marchesini, Sean W. Smith, Omen Wild, JoshStabiner, Alex Brsamian, Open-Source Applicationsof TCPA Hardware, 20th Annual Computer SecurityApplications Conference,Tucson, AZ, USA, 6-10December, 2004.

[5] Tal Garfinkel, Ben Pfaff, Jim Chow, MendelRosenblum, Dan Boneh, Terra: A VirtualMachine-Based Platform for Trusted Computing,SOSP03, Bolton Landing, New York, USA, October1922, 2003.

[6] Tal Garfinkel Mendel Rosenblum Dan Boneh,

Flexible OS Support and Applications for TrustedComputing, In Proceedings of the 9th Workshop onHot Topics in Operating Systems, Kauai, Hawaii,USA,May 2003.

[7] Paul Barham, Boris Dragovic, Keir Fraser, StevenHand, Tim Harris, Xen and the Art of Virtualization,

SOSP'03, Bolton Landing, New York, USA, October19-22, 2003.

[8] D.E. Bell,L. J. La Padula, Secure Computer System:Unified Exposition and Multics Interpretation , MitreCorp, Technical Report 01730,Bedford MA:MitreCorp,1976.

[9] Xie jun, Xu feng, Huang hao, Trust Degree Based

Multilevel Security Policy and Its Model of StateMachine, Journal of Software, Vol 15, No.11,pp.1701-1708, 2004.

design and implementation of security operating system

Documents