First page Back Continue Last page Overview Graphics
Why Secure the Operating System?
Information attacks don't require a corrupt user.
Applications can be circumvented.
Must process in the clear.
Network is too far.
Hardware is too close.
End system security requires a secure OS.
Secure end-to-end transactions requires secure end systems.
Notes:
SELinux project motivated by NSA's recognition of the critical role of operating system security in supporting higher level security requirements.
Increasing connectivity and data sharing make the risk even higher today.
Malicious code and even "malicious data" attacks are a threat even with benign users.
Applications depend on the OS to protect them against subversion and bypass.
Encryption doesn't protect the data while it is being processed.
Network firewalls, guards, etc. operate too far from from the real processing, cannot protect data at the desired granularity, are susceptible to malicious insiders, malicious software executed by benign insiders, and malicious data attacks, and cannot provide end-to-end security for inbound or outbound transactions.
Hardware virtualization operates at too low of a level to allow controlled sharing at desired granularity.
Secure applications require a secure OS, and secure transactions require not only secure communications but also secure endpoints.