About the series
Lecturer: Dr. Sekar Chandersekaran, Institute for Defense Analyses
Abstract
Operating system security is usually considered the foundation of computer security. In practice, there are only two mainstream operating systems today: Unix (pick your flavor) and Windows. The steady stream of flaw reports and patch releases to these systems ought to motivate us to understand the reasons for this situation and also to determine how much of this situation is created by changing technologies and programming paradigms and the significant increase of new function.
This talk will describe security features and assurances found in IBM's Secure Locus/Secure Xenix, developed over a decade ago and successfully evaluated at Orange Book B2 level, and those found in today's Microsoft Windows XP and .Net server, currently undergoing Common Criteria evaluation at the EAL 4 level. The talk will compare and contrast these systems from many points of view, including system functionality, domain functionality, networking aspects, target of evaluation functionality (TOE), structuring, least privilege, assurance gathering and others.
Locus was a distributed Unix system that was enhanced to run on a large number (up to a few hundred) PC and mainframe systems connected via a local area network. This distributed OS was developed by IBM between 1984 and 1987. It provided complete transparency to all console users and was considerably enhanced to meet all 'Orange Book' B3 requirements with the exception of modularity requirements. However, IBM decided not to introduce Locus as a commercial product and the OS evaluation was shifted to a single Unix system (Secure Xenix) which successfully completed B2 evaluation in 1989 and was marketed commercially.
About the Lecturer:
Dr. Chandersekaran has spent much of his career leading efforts that have resulted in marketable security products. His achievements encompass work on security kernel designs for Multics, design of key portions of software supporting military packet switched networks in both Canada and the US, and more recently on public key infrastructure support at both IBM and Microsoft. He led the IBM efforts to develop Secure Locus and Secure Xenix, and he recently completed two years with Microsoft working on the implementation of a variety of security-related projects in Microsoft's operating systems. He is currently with the Institute for Defense Analyses, where he is pursuing research on Dynamic Communities.
**The Information Science Institute of the University of Southern California has also agreed to provide a downloadable version of this presentation.
Webcast Link
*Alternate Link, please copy and paste the following URL into your browser location bar http://www.ngi-supernet.org/conferences.html
In order to view this Webcast, you must have RealPlayer installed on your computer. For more information on Realplayer, check out Real.com or click on the links below to download the player.
You can download and install the FREE version of RealPlayer 8 Basic from Download.com: Macintosh | Windows (All versions)
Abstract
Operating system security is usually considered the foundation of computer security. In practice, there are only two mainstream operating systems today: Unix (pick your flavor) and Windows. The steady stream of flaw reports and patch releases to these systems ought to motivate us to understand the reasons for this situation and also to determine how much of this situation is created by changing technologies and programming paradigms and the significant increase of new function.
This talk will describe security features and assurances found in IBM's Secure Locus/Secure Xenix, developed over a decade ago and successfully evaluated at Orange Book B2 level, and those found in today's Microsoft Windows XP and .Net server, currently undergoing Common Criteria evaluation at the EAL 4 level. The talk will compare and contrast these systems from many points of view, including system functionality, domain functionality, networking aspects, target of evaluation functionality (TOE), structuring, least privilege, assurance gathering and others.
Locus was a distributed Unix system that was enhanced to run on a large number (up to a few hundred) PC and mainframe systems connected via a local area network. This distributed OS was developed by IBM between 1984 and 1987. It provided complete transparency to all console users and was considerably enhanced to meet all 'Orange Book' B3 requirements with the exception of modularity requirements. However, IBM decided not to introduce Locus as a commercial product and the OS evaluation was shifted to a single Unix system (Secure Xenix) which successfully completed B2 evaluation in 1989 and was marketed commercially.
About the Lecturer:
Dr. Chandersekaran has spent much of his career leading efforts that have resulted in marketable security products. His achievements encompass work on security kernel designs for Multics, design of key portions of software supporting military packet switched networks in both Canada and the US, and more recently on public key infrastructure support at both IBM and Microsoft. He led the IBM efforts to develop Secure Locus and Secure Xenix, and he recently completed two years with Microsoft working on the implementation of a variety of security-related projects in Microsoft's operating systems. He is currently with the Institute for Defense Analyses, where he is pursuing research on Dynamic Communities.
**The Information Science Institute of the University of Southern California has also agreed to provide a downloadable version of this presentation.
Webcast Link
*Alternate Link, please copy and paste the following URL into your browser location bar http://www.ngi-supernet.org/conferences.html
In order to view this Webcast, you must have RealPlayer installed on your computer. For more information on Realplayer, check out Real.com or click on the links below to download the player.
You can download and install the FREE version of RealPlayer 8 Basic from Download.com: Macintosh | Windows (All versions)
