Information Technology Reference
In-Depth Information
IA
2
views of OS security provide insight into some IA architectural consider-
ations for selecting an OS:
n
Information technology
Application support: COTS options vary dramatically between OSs.
Production
The needs of the production environment may drive OS selection.
Ultimately driven by business requirements, the technology to sup-
port the business may require specialized hardware that drives OS
selection.
−
n
−
n
n
−
−
Policies
Policies will drive OS selection.
OS will also drive policies to accommodate for inherent capabilities.
Prohibit activity X on OS ABC because of inherent security flaws; how-
ever, activity X on OS XYZ is fine due to better implementation.
Business process
The needs of the business process drive the technology.
Real-time GPS mapping capabilities for the military, where speed
and accuracy preserve lives, are a dramatically different need than an
executive looking for the latest daily accounting reports.
n
n
−
n
n
−
People
Technical abilities, technical tolerances (e.g., graphic interface versus
command line)
User experience levels; training/retraining requirements
−
OS classifications that may support a variety of architectural drivers include
single user, multiuser, multiprocessor, multitasking, multithreading, and real-time.
Likewise, OS paradigms lend support to a variety of architectural drivers: central-
ized—thick server, thin client; distributed—thin server, thick client; or parallel
processing—multiple OSs working together on a common task. In addition to OS
classifications and paradigms are the OS services supporting secure operations. The
most common OS security services include:
n
−
OS structure
Kernel construct
Static kernel versus configurable kernel
Bare bones microkernel with other kernel modules activated/con-
trolled by parameter options
Kernel interfaces via abstraction layers and not direct hooks
Boot-up
Pre-OS load options; BIOS configurations to block system hijacking dur-
ing boot
n
n
n
n
−
