Information Technology Reference
In-Depth Information
Table 2. Summary of assessment
Principle
Windows
Linux
least privilege
Partial
Yes
economy of mechanism
Partial
Partial
complete mediation
Yes
Yes
open design
No
Yes
separation of privilege
Partial
Partial
least common mechanism
n/a
n/a
psychological acceptability
Yes
Partial
fail-safe defaults
No
Yes
accountability
Yes
Yes
tably in Windows where it can be argued that
many security exploits took advantages of these
weaknesses. Fail-safe defaults have been an issue
in previous versions of Windows with the default
storage of weak LM passwords. Likewise least
privilege was often violated through a dependency
of operating system utilities and a number of ap-
plications of running at administrator privilege
level. Least privilege issues are addressed in the
Vista release of Windows through WIC but at
this time (prior to the release of Windows Server
2008) it is still unclear that this feature will be
in Windows Server 2008 and whether the Vista
implementation of mandatory access controls
will completely address the problem of persistent
least privilege failures in Windows applications.
Fail-safe defaults have been addressed partly
through various patches to the Windows OS and
partly through WIC which will force more careful
consideration of access privileges on the part of
Windows developers.
Windows developers have put a great deal of
effort into easing administration of security poli-
cies at the enterprise level. This effort improves
the psychological acceptability of Windows and
is superior to the Linux environment where in the
past it often required installation of one or more
packages to implement enterprise-wide secu-
rity policies (for example Kerberos and LDAP).
Recent efforts by vendors such as Red Hat have
addressed this through bundling of packages for
security hardened distributions, but Windows AD
still has the advantage in ease of administration
(psychological acceptability).
While it has no specific bearing on authentica-
tion or authorization, the principle of open design is
not met by Windows. Though this is not a surprise
given the nature of the Windows' development
and the view that the underlying source code is
the intellectual property of Microsoft, the idea
that this diminishes the quality of the security
code as proposed by Saltzer and Schroeder has
some bearing on this discussion. The following
sections will extend this discussion in more detail,
assessing these security principles in terms of
authentication and authorization.
evaluation of oS implementation of
Security principles
The principle of least privilege raises concern
with both operating systems. According to Saltzer
and Schroeder “every program and every user
of the system should operate using the least set
of privileges to complete the job” (1975, p. 7).
Compliance with this principle is troublesome
in a large part because of the history of each
operating system.
Search WWH ::
Custom Search