next up previous
Next: Security Policy Up: DARPA/NSA/DISA Joint Technology Office: Previous: DARPA/NSA/DISA Joint Technology Office:

Technology-Security Interplays

New concepts in the design of operating systems lead to new challenges for security. Traditionally, security in an operating system was achieved by strictly separating the applications from each other and from the kernel, so that security mechanisms inside the kernel could establish a secure base. But there are several new technologies that interfere with this traditional concept. Service Co-location, for example, achieves a better performance by co-locating tasks in a single address space. This raises the problem of domain protection. Several proposals for this problem exist, including software fault isolation, type-safe languages, virtual machines, and interpretation of code. Whereas these concepts address the issue of protection, it is still a question how security policies can be enforced efficiently. Another new technology is User-Level Resource Management. This could lead to applications that run in its own customized operating system environments. Although this gives applications more control over its resources, there are concerns about securely sharing resources. Furthermore, it seems to be quite difficult to formulate and enforce security policies uniformly in such a case. The authors propose the well-known concept of separating mechanism and policy. Whereas the kernel should provide policy-neutral mechanisms, servers should implement specific security services. Another issue is the trustworthiness of compiler technology. Especially when protection highly depends on compiler enforcement, it is crucial that these compilers work flawlessly and that they are trusted. Even virtual machines have security holes as shown by the Java virtual machine. It is almost impossible to achieve high security in new technologies. Nevertheless, these problems have to be addressed if the technologies should be used in new security products. Distributed computing is another concept that becomes more important. Although this doesn't introduce fundamental new security challenges, existing technologies have to be used properly. The key to achieve secure distributed technology lies in building a solid infrastructure of security services. The goal should be to create a framework of security services that can be changed independently from the applications that use this framework. Finally, the authors address the problems between security and fault tolerance. Fault tolerance and recovery algorithms are very complex and difficult. Most of the time they rely on global access to information and global management of resources. This is partly contradictory to security principles of isolation and least privilege. In this area, there is still a lot of research work to do.
next up previous
Next: Security Policy Up: DARPA/NSA/DISA Joint Technology Office: Previous: DARPA/NSA/DISA Joint Technology Office:
Tim Wellhausen
2000-01-20