Information Technology Reference
In-Depth Information
strictest requirements of domestic and international standards, at the same time
designed for use together with the existing systems and applications in the way they
are, without any changes or alterations. This approach alone will make it possible to
deal with both special problems of protecting individual data processing complexes
and to obtain a radical solution to the problem in the shape of a comprehensive secure
OS serving as a basis for the construction of secure systems of various degrees of
complexity.
3 Methods to Ensure Compatibility of the Secure OS with Popular
Applications
There are several approaches to the problem of building a secure operating system
capable of running applications of the commonly used OS, at the same time providing
the required protection of the information resources used by these applications. Let us
discuss these approaches, their advantages and disadvantages.
1. Attainment of a full binary compatibility of the secure OS and the popular OS at
the level of the application code and the application programming interface (API).
This is a task of ultimate complexity, because such compatibility cannot be found
even among the products by well-known manufacturers, who have immense
resources and capacities at their disposal. For example, no one has yet succeeded
(despite numerous efforts) in achieving full compatibility of OS of UNIX and
Windows families on the level of the binary code and the API. If such
compatibility is ever attained, it will be only at the expense of reproducing the
architecture of popular systems down to the minute details, inevitably receiving as
the legacy all inherent problems and bottlenecks connected with the security issues,
making it impossible to solve the problem in question — to create a secure system.
2. Emulation of the application programming interfaces of commonly used OS by the
software of the secure OS. In this case re-compilation of applications for the new
environment will be needed. If emulation is performed correctly, the application
should not be able to notice that it is running in a foreign environment, since it will
interact with the same API. Taking into account the sophisticated APIs of modern
OS, this solution looks rather complicated and labor-intensive.
3. Embedding the security features in an open-source OS. This road looks very
tempting because the results can be obtained quickly, but it will demand
continuous reworking of the modified product, which will always stay behind the
original version, losing in compatibility. In case the architecture of the original
product is changed radically, there will be a stage when it will be impossible to
introduce the required alterations. This is why this approach ultimately does not
show much promise.
4. Hybrid OS. If the source codes of the OS are open, a much simpler and less labor-
intensive solution, besides, allowing to achieve a better degree of compatibility,
will be to modify the source code of the OS in such a way that it could be run as a
common user process within the secure OS. This approach will provide for a full
compatibility with the popular OS, because it will be used “as is”, wholly with its
architecture and APIs, and it will not involve extra expenses — what we need is to
modify an open system in such a way that it could became operable in the process
Search WWH ::




Custom Search