Section 20.191 Trusted Operating Systems

Question 1

Trusted Operating System (TOS)

Answer 1

An operating system that is designed to provide a secure computing environment by enforcing stringent security policies that usually rely on mandatory access controls

Used where Confidentiality, Integrity, and Availability is essential

Question 2

Evaluation Assurance Level (EAL)

Answer 2

A predefined security standard and certification from the Common Criteria for Information Technology Security Evaluation

Common criteria standards are used to assess the effectiveness of the security controls in an operating system:

● EAL 1 is the lowest level of assurance
● EAL 7 is the highest level of assurance

Question 3

Trusted operating systems often include

Mandatory Access Control

Answer 3

Access permissions are determined by a policy defined by the system administrators and enforced by the operating system

■ Security Auditing
■ Role-based Access Control

Question 4

Trusted operating systems example

SELinux (Security-Enhanced Linux)

Answer 4

Set of controls that are installed on top of another Linux distribution like CentOS or Red Hat Linux

When using SELinux, these systems are rated as an EAL4+. SELinux is used as an implementation of MAC in the Linux kernel to ensure that applications and users only have the minimum necessary access
to your resources. SELinux uses policies to enforce security properties and can confine potentially harmful processes to limit the impact of the vulnerabilities.

Question 5

Trusted Solaris

Answer 5

Offers secure, multi-level operations with MAC, detailed system audits, and data/process compartmentalisation

○ Trusted OS enhances security with microkernels by minimizing the trusted base and reducing attack surface and vulnerabilities

○ Choosing an operating system requires balancing security with usability, performance, and functional requirements