Securing OS

The NSA Orange Book [30] is the most quoted source with respect to operating system security requirements and evaluation criteria. It defines five secure levels for operating systems along with their functional requirements (increasingly more secure):

• C2: Authentication^3.5, DAC^3.6.
• B1: Mandatory Access Control^3.7 (MAC), Audit^3.8
• B2: Structured Security^3.9, Elimination of Storage Covert Channels
• B3: Minimized Trusted Computing Base^3.10 (TCB), Elimination of Timing Covert Channels
• A1: Proven Security^3.11 (non functional requirement)

Most of the commercial and server side operating systems fall into C2 category and so does Linux. To advance from C2 category the crucial functional requirement is Mandatory Access Controls. MAC mechanisms are aimed directly at eliminating the problems described so far and attributed largely to DAC. MAC model relies heavily on least privilege approach to system privilege allocation.

Footnotes

... Authentication^3.5

Enables identification of the users making system requests.

... DAC^3.6

Users define control over their objects at their own discretion.

... Control^3.7

System administrators define system access control policy, not users.

... Audit^3.8

System source code audit to identify sources and means of attacks and eliminate them

... Security^3.9

Multi-layer security.

... Base^3.10

Minimize the amount of security-relevant code in the system.

... Security^3.11

Proven in practice.