1. Operating System
Vulnerability and
Control
(LINUX,UNIX and WINDOWS)

2. Definition of Vulnerability
A Vulnerability is a weakness which allows
an attacker to reduce system’s information
assurance.
A Vulnerability is the intersection of three
elements: a system susceptibility or flaw,
attacker access to the flaw, and attacker
capability to exploit the flaw.


3. UNIX operating system
vulnerabilities
 Setuid Problems
 Trojan Horses
 Terminal Troubles

4. Windows Vulnerabilities
 Passwords
 Peer-to-peer file sharing
 Vulnerabilities in embedded automation features in
Microsoft Outlook and Outlook Express that can
allow execution of rogue code.

5. LINUX Vulnerabilities
 Missing permission checks
 Uninitialized data
 Memory mismanagement

6. Why is Control important in
Operating Systems?
A key problem facing designers of traditional
and embedded operating systems is the
question of how to build adaptive software
systems that are robust, predictable, and
efficient across a range of operating
conditions.

7. Architecture of Control
Systems
 Modern control systems architectures can be
considered analogous to today’s information
networks.
 It is composed of several phases, including
reconnaissance, traffic analysis, profiling of
vulnerabilities, launching attacks, escalating
privilege, maintaining access, and covering
evidence.

8. Control provided by UNIX OS
MAC : Mandatory Access
Control
DAC : Discretionary Access
Control
 If
both DAC and MAC apply to an object,
MAC wins.

9. What a trusted and secure OS
should contain?
 Memory protection
 Enforce separation
 Simplicity
 Open design
 Complete mediation
 Ease of use

11. How does TCB help in security
of OS?
 TCB stands for TRUSTRED COMPUTING
BASE.
 In OS kernel is the lowest-level part, is
responsible for various processes like inter-
process communication, message passing,
and so on.
 A Security Kernel is a part of kernel that
deals with security.

12.  Trust implies reliance and the TCB, is
everything in the OS that we rely on to
enforce security.
 If everything outside TCB is subverted, we
still have a trusted system.
 If anything in TCB is subverted , then the
security of the system is broken.

13.  Example of trusted OS are SCOMP which
was developed by Honeywell. It has less than
10,000 loc in its security kernel, and strives
for simplicity.
 Windows XP has 40,000,000 loc but still has
numerous dubious features.

14. Next Generation Secure
Computing Base(NGSCB)
 Itis a product by Microsoft.
 NGSCB was formerly known as Palladium.
 NGSCB is designed to work with a special
hardware called as Trusted Computing Group
(TCG).
 Open systems like PCs offer a poor job of
protecting secrets.
 NGSCB is called as “a virtual set-top box
inside the PC”.

15.  The TCG is a tamper-resistant hardware,
which is installed within the PC as a special
hardware.
 The tamper-resistant will provide a secure
place to store all secrets.
 NGSCB/TCG is a general security-
enhancing technology, with DRM as one
potential application.

16. Design goals of NGSCB
 To provide high assurance.
 To provide authentication operation.

17. NGSCB Feature Groups
 Strong process isolation
 Sealed storage
 Secure path
 Attestation

18. Thus it important to know the
various vulnerabilities in OS
and control them too.

19. THANK YOU…..