Secure operating
system design
Jasmine Sardana
215/UCD/012
Btech Cse – Data Science
Secure operating system design refers to the process of creating an
operating system (OS) that minimizes vulnerabilities and provides
robust protection mechanisms against various threats. This design
approach encompasses multiple layers of security features,
architectural considerations, and best practices to ensure the
confidentiality, integrity, and availability of system resources and
user data.
This presentation contains measures and techniques to ensure
security in operating system
The principle of least privilege, also called "least privilege access," is
the concept that a user should only have access to what they
absolutely need in order to perform their responsibilities, and no more.
The more a given user has access to, the greater the negative impact
if their account is compromised.
The principle of least privilege is an important information security
Principle of Least construct for organizations operating in today’s hybrid workplace to
help protect them from cyberattacks and the financial, data and
Privilege reputational losses that follow when ransomware, malware and other
malicious threats impact their operations.
As an example: A marketer needs access to their organization's
website CMS in order to add and update content on the website. But if
they are also given access to the codebase — which is not necessary
for them to update content — the negative impact if their account is
compromised could be much larger
•Minimizes the attack surface, diminishing avenues a malicious actor
can use to access sensitive data or carry out an attack by protecting
superuser and administrator privileges.
•Reduces malware propagation by not allowing users to install
unauthorized applications. The principle of least privilege also stops
lateral network movement that can launch an attack against other
connected devices by limiting malware to the entry point.
•Improves operational performance with reductions in system
downtime that might otherwise occur as a result of a breach, malware
Benefits spread or incompatibility issues between applications.
•Safeguards against human error that can happen through mistake,
malice or negligence.
Sandboxing is a security practice in which you use an isolated
environment, or a “sandbox,” for testing. Within the sandbox you run
code, analyze the code in a safe, isolated environment without affecting
the application, system or platform.
Sandboxing is very effective when mounting a defense against
zero-day threats, which are threats that have not been seen before or
match any known malware on file. Even though regular email filters can
Isolation and scan emails to detect malicious senders, file types, and URLs, zero-day
Sandboxing threats pop up all the time, and they can be missed by traditional filtration.
Sandboxing provides a greater level of protection, particularly when a
malicious email slips by the filters put in place by your provider.
When sandboxing is used for testing, it creates a safe place to install and
execute a program, particularly a suspicious one, without exposing the
rest of your system. If the application contains malicious code, it can run
within the sandbox without impacting any other components of your
network.
Password-based authentication - password-based authentication relies on a
username and password or PIN. This is the most common authentication
method.People often reuse passwords and create guessable passwords with
dictionary words and publicly available personal info.
Two-factor/multifactor authentication - Two-factor authentication (2FA) requires
users provide at least one additional authentication factor beyond a password.
Additional factors can be any of the user authentication types in this article or a
Authorization one-time password sent to the user via text or email.
and Biometric authentication - Fingerprint scanning, .Palm scanning ,Facial
Access Control recognition Iris recognition .
Single sign-on - Single sign-on (SSO) enables an employee to use a
single set of credentials to access multiple applications or websites. The user has
an account with an identity provider (IdP) that is a trusted source for the
application (service provider).
Token-based authentication - Token-based authentication enables users to log in
to accounts using a physical device, such as a smartphone, security key or smart
card.
Certificate-based authentication - Certificate-based authentication uses
digital certificates issued by a certificate authority and public key cryptography to
verify user identity.
Mandatory access control (MAC). This is a security
model in which access rights are regulated by a central
authority based on multiple levels of security. Often used in
government and military environments, classifications are
assigned to system resources and the operating system or
security kernel. MAC grants or denies access to resource
objects based on the information security clearance of the
Access user or device. For example, Security-Enhanced Linux is
an implementation of MAC on Linux.
Control
Discretionary access control (DAC). This is an access control
method in which owners or administrators of the protected
system, data or resource set the policies defining who or what
is authorized to access the resource. Many of these systems
enable administrators to limit the propagation of access rights. A
common criticism of DAC systems is a lack of centralized
control.
Role-based access control (RBAC). This is a widely used
access control mechanism that restricts access to computer
resources based on individuals or groups with defined business
functions -- e.g., executive level, engineer level 1, etc. -- rather
than the identities of individual users. The role-based security
model relies on a complex structure of role assignments, role
authorizations and role permissions developed using role
engineering to regulate employee access to systems.
• Attribute-based access control. This is a methodology that
manages access rights by evaluating a set of rules, policies
and relationships using the attributes of users, systems and
environmental conditions.
Data Encryption is a method of preserving data confidentiality by
transforming it into ciphertext, which can only be decoded using a
unique decryption key produced at the time of the encryption or before
it. The conversion of plaintext into ciphertext is known as encryption.
Key Objective of Encryption Data
• Confidentiality: Encryption ensures that only authorized parties can
Data get access to data and recognize the information.
Encryption • Data Integrity: Encryption can also provide data integrity by making
sure that the encrypted data remains unchanged during transmission.
Any unauthorized changes to the encrypted information will render it
undecipherable or will fail integrity checks.
• Authentication: Encryption may be used as part of authentication
mechanisms to verify the identification of the communication party.
• Non-Repudiation: Through encryption, events can make sure that they
cannot deny their involvement in growing or sending a selected piece of
data.
Symmetric key encryption relies on mathematical functions to encrypt and
decrypt messages. The encryption is called “symmetric” because it uses a
single key for both encryption and decryption. In comparison,
asymmetric key encryption, also called public key cryptography, uses two
separate keys to encrypt and decrypt messages.
A key is a random string of binary digits or bits created specifically to
Symmetric scramble and unscramble data. A key’s length and randomness are factors
in determining a symmetric encryption algorithm’s strength. The longer
Key and more unpredictable a key is, the harder it is for attackers to break the
Encryption encryption by guessing the key.
A sender and their designated recipients have identical copies of the key,
which is kept secret to prevent outsiders from decrypting their messages.
The sender uses this key to encrypt their messages through an encryption
algorithm, called a cipher, which converts plaintext to ciphertext. The
designated recipients then use the same key to decrypt the messages by
converting the ciphertext back to plaintext. For those without the key, the
encrypted message would look like a series of random letters, numbers,
and special characters.
• Security: Symmetric key encryption is essentially unbreakable and
requires users to keep track of only one key. In fact, the US government
encrypts classified information with this method — specifically, the
aforementioned AES implementation The most secure AES cipher has a
256-bit key size. Even with supercomputers, an attacker trying to
brute force through the encryption will need millions of years to crack it.
• Speed: Symmetric key encryption is simple in that it requires only one
key of a relatively short length. As a result, it’s much faster to execute. It
does not place a huge burden on a server during encryption and
Advantages decryption, and can efficiently handle large amounts of data.
Asymmetric cryptography, also known as public key cryptography, is a
process that uses a pair of related keys -- one public key and one private key
-- to encrypt and decrypt a message and protect it from unauthorized access
or use.
A public key is a cryptographic key a person can use to encrypt a message
so it can only be decrypted by the intended recipient with their private key.
Asymmetric A private key -- also known as a secret key -- is shared only with the key's
initiator.
Key
When someone wants to send an encrypted message, they pull the intended
Encryption recipient's public key from a public directory and use it to encrypt the
message before sending it. The recipient of the message can decrypt the
message using their related private key.
If the sender encrypts the message using their private key, the
message can be decrypted only using that sender's public key, thus
authenticating the sender. These encryption and decryption
processes happen automatically; users do not need to physically
lock and unlock the message.
• Enhanced Security: Asymmetric encryption provides a higher level of
security compared to symmetric encryption where only one key is used for
both encryption and decryption while for asymmetric encryption a different
key is used for each process and the private key used for decryption is kept
secret by the receiver making, it harder for an attacker to intercept and
decrypt the data.
• Authentication: The receiver can verify the sender’s identity. This is
achieved by the sender encrypting a message with their private key which
can only be decrypted with their public key if the receiver can successfully
decrypt the message, it proves that it was sent by the sender who has the
Advantages corresponding private key.
• Non-repudiation: Asymmetric encryption also provides non-repudiation
which means that the sender cannot deny sending a message or altering its
contents this is because the message is encrypted with the sender s private
key and only their public key can decrypt it.
Depending on the use case, there are a variety of data encryption algorithms to
choose from, but the following are the most commonly used:
• DES (Data Encryption Standard) is an old symmetric encryption algorithm that is no
longer considered suitable for modern applications. As a result, DES has been
superseded by other encryption algorithms.
• Triple DES (3DES or TDES): Encrypts, decrypts, and encrypts again to create a
longer key length by running the DES algorithm three times. It may be run with a
Data single key, two keys, or three separate keys to increase security. 3DES is vulnerable
Encryption to attacks such as block collisions since it uses a block cipher.
• RSA is a one-way asymmetric encryption algorithm that was one of the first public-
Algorithms key algorithms. Because of its long key length, RSA is popular and widely used on
the Internet. It is used by browsers to create secure connections over insecure
networks and is part of many security protocols such as SSH, OpenPGP, S/MIME,
and SSL/TLS.
• Twofish is one of the fastest algorithms, with sizes of 128, 196, and 256 bits and a
complex key structure for added security. It is available for free and is included in
some of the best free software, including VeraCrypt, PeaZip, and KeePass, as well as
the OpenPGP standard.
• Elliptic Curve Cryptography (ECC) was created as an upgrade to RSA and offers
better security with significantly shorter key lengths. In the SSL/TLS protocol, ECC is
Advanced Encryption Standard (AES) is a specification for
the encryption of electronic data established by the U.S
National Institute of Standards and Technology (NIST) in
2001. AES is widely used today as it is a much stronger than
DES and triple DES despite being harder to implement.
• ES is a block cipher.It’s key size can be 128/192/256
bits.Encrypts data in blocks of 128 bits each.
Advanced E Applications:
ncryption St • Wireless security
andard (AES • Database Encryption
) • Secure communications:
• Data storage
• Virtual Private Networks (VPNs)
• File and Disk Encryption
Audit
logging
Audit logging is the process of documenting activity within the software systems used
across your organization. Audit logs record the occurrence of an event, the time at which it
occurred, the responsible user or service, and the impacted entity. All of the devices in
your network, your cloud services, and your applications emit logs that may be used for
auditing purposes.
What Types of Activity Do Audit Logs Track?
Organizations typically use audit logs to track the following types of activity:
1. Administrative activity
This includes events like creating or deleting a user account, such as deleting a user from
your CRM tool (e.g., Salesforce).
2. Data access and modification
This includes events where a user views, creates, or modifies data, such as downloading
a file from payroll software (e.g., Workday).
3. User denials or login failures
Audit logs such as Okta and VPN logs may capture when a user is unable to login to a
system (e.g., due to invalid credentials) or is denied access to resources like a specific
URL.
4. System-wide changes
Audit logs from sources like AWS Cloudtrail may capture larger events occurring within a
Whereas in the past audit logging was more common in specific industries like
finance and insurance, it is now front and center for all types of companies with a
digital footprint. Across industries, audit logging can be used to achieve the following
important goals:
1. Troubleshooting system issues Audit logs contain detailed historical
information that can be used to reconstruct the timeline of a system outage or
incident. For instance, logs can help distinguish between operator error and
system error. Audit trails can also be used to remediate a problem, such as
potentially restoring a corrupted file to its original state by examining what
Benefits of changes were made to it.
Audit Logging 2. Reconstructing security breaches -When breaches occur, an audit trail can
help organizations find out how they happened. For example, if an employee
complains that their bank account information is incorrect in the payroll system,
HR staff can examine audit logs to determine who changed the account
information and when.
3. Recommending new security and audit procedures - Organizations can
enforce individual accountability and reduce the likelihood of security breaches
or fraudulent activity by reviewing audit logs and recommending new security
procedures.
4. Providing legal evidence - In legal proceedings, audit logs can provide proof of
validity of a specific event, such as an individual’s e-signature on a document.
Vulnerability management means detecting and addressing
vulnerabilities within the infrastructure of an organization. The process
involves constant surveillance of both software and hardware for
potential security weaknesses that could be exploited by threat actors.
Vulnerability management is not limited to scanning and identifying
weaknesses but also involves the crucial steps of risk assessment,
remediation, and ongoing monitoring to reduce the attack surface.
Vulnerability
management
1- Security Posture Assessment
Vulnerability management extends beyond the digital realm to assess
the organization’s overall security posture. It takes into account physical
security, human factors, and the entire IT ecosystem, providing holistic
insights into non-technical vulnerabilities as well as technical bugs to
make sure all grounds of security are covered!
2-Continuous Monitoring and Adaptive Response
Vulnerability management is an ongoing process that involves
Importance continuous monitoring of vulnerabilities and adjustments to security
strategies as new threats emerge. This adaptability ensures that
organizations can respond to emerging threats effectively and in due
time.
3- Risk-Based Prioritization
In vulnerability management, not only do we consider the severity of
the vulnerability but also the context within which it happened. This
approach allows organizations to address vulnerabilities that pose the
greatest risk to their operations and business continuity.
Patch management, on a much smaller scale, focuses on the
systematic process of acquiring, testing, and deploying patches and
updates to software, operating systems, and applications. These
Patch patches are provided by software vendors to address known
security vulnerabilities. The primary objective of this process is to
management eliminate known vulnerabilities and maintain the security and
stability of software and systems.
1- Risk Mitigation
According to NinjaOne reports, 57% of data breaches could have been successfully
averted if available patches were installed and systems were up-to-date! When you
regularly apply patches, you significantly reduce the window of opportunity for
cybercriminals to exploit security weaknesses and save your company thousands or even
millions of dollars that otherwise, you would have to spend on the aftermath of a data
breach
2- Compliance Adherence
Various data protection regulations demand that organizations maintain up-to-date
software to protect sensitive information. Not only does complying with such standards
and requirements help you avoid costly penalties but it also demonstrates your
commitment to data privacy, earning trust among your stakeholders.
Importance 3- Reputation Preservation
In the business world, they often call customer trust the single most important currency
that, once lost, can’t be compensated! No matter what services you provide and what
benefits your product offers, your reputation can make or break your reputation. One of
the factors that can stand in your way is ignoring patch management, which can result in
data breaches, making headlines, and damaging your brand’s trustworthiness.
4- Cost Savings
While patch management comes at little or no cost, the costs associated with addressing
security incidents and recovering from breaches can be exorbitantPatch management
reduces the financial burden by preventing these incidents in the first place. It’s a cost-
effective strategy that minimizes the need for emergency responses, legal actions, and
the loss of revenue that often follows a successful cyberattack.
Security Development Lifecycle (SDL): A structured approach to
software development, SDL integrates security considerations
throughout the entire software development lifecycle. Secure OS
designs adhere to SDL principles, incorporating security
requirements, threat modeling, code review, and security testing
into the development process to identify and mitigate security risks
early on.
Thankyou