Information Technology Reference
In-Depth Information
program (Bates, 2004). Once the new program
is loaded, the program which has been exploited
executes the new program code which has been
loaded into the overrun buffer. These exploits
are in part due to an inadequate least privilege
implementation on the host operating system. Any
Windows exploit which involves installation of
software on the host operating system is poten-
tially the result of account privileges assigned to
an application in excess of what was needed by
the application (CERT Incident Note IN-2001-09).
Such exploits are rare on Linux and even when
they do occur, the exploit does not always achieve
root access permissions and are thus limited in
the amount of malicious activity which can be
performed on the system (CERT Vulnerability
Note VU#596387).
The principle of economy of mechanism sug-
gests that the system under examination must be
small and open to inspection. It is most likely
that Saltzer and Schroeder were proposing that
the operating system being examined would be
sufficiently small as to allow a quick security
audit. Both Linux and Windows have grown to be
large, complex operating systems with numerous
modules used for authentication and authorization.
It is not clear that either operating system would
fully conform to this principle.
The principle of complete mediation applies
to the manner in which the core operating system
manages security. This operating system operation
was a concern when Saltzer and Schroeder wrote
their principles in 1975, but modern operating
systems provide adequate implementations of this
principle. Both Windows and Linux check the
permissions of objects in kernel-space. Media-
tion is thorough and complete in both operating
systems.
The principle of open design also applies to the
ability to audit the security operations of operating
system. Linux is an open source operating system
which allows examination of its source code and
therefore complies with this principle. Windows
is proprietary source code and Microsoft does not
generally allow examination of its source code
so therefore Windows does not comply with this
principle.
The principle of separation of privilege r e c o m -
mends that more than one security mechanism
should be used to implement security features.
In relation to authentication and authorization,
Windows and Linux have had limited implemen-
tation of this feature. With the addition of WIC
and MAC which add mandatory access controls
to the legacy discretionary access controls of
the operating system, separation of privilege
has improved in both operating systems though
additional mechanisms could be added, for ex-
ample defaulting to both biometric and password
authentication, or providing multiple levels of
authentication for a security principle. (Though
WIC is definitely a part of the Windows desktop
operating system, it is not clear if it will be part
of the Windows Server 2008 release.)
The principle of least common mechanism
applies to implementation of internal operating
system security and control of system tasks. It is
not practical to evaluate this principle in relation
to authentication and authorization.
With regard to fail-safe defaults, both Windows
and Linux provide installation default accounts,
but unlike previous versions of both operating
systems they no longer use default passwords.
Passwords are chosen during installation and
if password best practices are followed, an ac-
ceptable level of authentication security should
be maintained. An additional level of security is
provided with mandatory access controls. The
implementation of these controls in SELinux pro-
vides robust control over the default behavior of
applications. A Windows (Vista) implementation
of this control provides some controls but lacks
the complete implementation of MAC and it is un-
certain whether this will become part of Windows
Server 2008. Currently Linux provides the most
complete implementation of this principle.
In evaluating their default password authenti-
cation methods, the use of password encryption
Search WWH ::




Custom Search