Operating System Security and Host Vulnerability

Evaluation
Jihong Song, Guiying Hu,QuanSheng Xu
School of Information Science and Engineering
Shenyang University of Technology, SUT
Shenyang, China
hgy_0429@126.com, stuky_2005@126.com
AbstractIn todays information society, the information
security is more and more regarded. It is mainly divided into five
parts: physical security, network security, host security,
application security and data security. Among them, the host
security is in the first floor of the whole information system.
However, the host security depended on operating system (OS)
security necessarily. It is obvious that the OS security is the
essential precondition and foundation of the whole computer
information system security. In this article, firstly, it discussed
the importance of the OS security; secondly, it further
introduced the OS security mechanism, security demand,
security policy and security model; finally, it discussed the host
vulnerability evaluation, and put forward the function that a
testing all-around host evaluation tool ought to carry out.
Keywords-host security; OS security; host vulnerability evaluation

. INTRODUCTION
At present, information systems are more and more
important in this informational society, whether they are
secure or not much more relate to our nations polity, military
affairs, economy and civilization, etc. However, OS security is
the most elementary factor for the information system security.
Any security vulnerabilities of OS must result in the host
security or even the whole information systems
vulnerabilities. Therefore, the most important thing to make
sure the host security is that we must guarantee the OS
security.
Now, there are a lot of host evaluation tools at home and
overseas, and some of them are fairish. But some aspects
testing made by these tools are not comprehensive, or even
the tool itself exists some questions. Thus, it gives a handle to
certain vulnerabilities. This is a prodigious threat to computer
system.
In this paper, we will describe the function that a testing
all-around host evaluation tool ought to carry out. This
method can carry out the comprehensive evaluation of host
preferably.
. OPERATING SYSTEM (OS) SECURITY
The main targets of the OS security are as the following
aspects: users operations should be controlled according
system security policy to avoid illegal access computer
resource. The users in system should be identified and identity
authentication. The security of system running is supervised.

The security and integrality of system itself should be

guaranteed [1].
A. Security mechanism
OS security mechanism consists of hardware security
mechanism and software security mechanism. Hardware
security mechanism relates to storage protection, running
protection and I/O protection, and so on [2].
Software security mechanism mainly consists of the
following aspects:
1) User identification and authentication: Identification
and authentication is a course relates to system and user.
Identification is that system wants to identify users identity,
and entitles for every user, namely user identifier. The action
that user identifier connects with user is called authentication.
2) Access control: In computer system, security
mechanisms primary content is access control. It contains 3
tasks: authorization (make certain which subject should be
given right to access object), make certain access permission,
enforce access permission.
3) The least privilege management: Super users privileges
are divided into a group tiny granularity privilege, and given
to different system operators/managers. Make all kinds of
system operators/managers only have the privileges needed
for completing their tasks. Then, that can reduce the losing
that result from missing privilege users password, wrong
software, malicious software and inaccurate operation, etc.
4) Trusted path: In computer system, users interact with
OS through untrustworthy middle application layer. OS must
make sure that Trojan horse cannot capture information when
users and security kernel are communicating, and provide a
trusted path.
5) Covert channel: The covert channel is the
communication channel that process are allowed to transmit
information with a manner of harming system security policy.
Covert channel should be analysed when design system, adopt
measure to restrict or eliminate covert channel at a certain
extent.
6) Security audit: The audit is to record, check the
activities concerning security in system.
7) Virus defense: Generally speaking, it is very difficult
to prevent computer virus completely. But it could have a

978-1-4244-4639-1/09/$25.00 2009 IEEE

certain protection function through security mandatory access

control mechanism of security OS.
B.

Security demand
The security demand is security guarantee that we expect
to obtain when we design a security system. Generally
speaking, the security demand includes the following aspects
[3]:
1) Confidentiality demand: Prevent from information
being revealed to unauthorized user.
2) Integrality demand: Prevent from the unauthorized
user modifying information illegally.
3) Accountability (audit) demand: Prevent from user
denying that he has accessed some information or he has
executed some operation.
4) Availability demand: Guarantee authorized user could
access the system information.
C.

Security policy
The security policy is the countermeasure which we adopt
when we face some security threats. Security policy is divided
into access control policy and access supporting policy
Access control policy reflects systems confidentiality and
integrality demand. And access control policy is divided into
discretionary access control policy and mandatory access
control policy.
Access supporting policy reflects systems accountability
(audit) and availability demand. And access supporting policy
is divided into 6 types: identification and authentication,
accountability (audit), accurate guarantee, continuous
protection, object reuse and covert channel.
D. Security model
For defining security demand of system accurately, and
providing policy for designment and development security
system. So we must make use of security model to describe
systems and users security characteristic. Simply, abstractly
and accurately describe the security demand expressed by
security policy.
Security model describes that a certain security policy
requires which mechanism to satisfy. Whereas, security
models actualization rule describes how to apply a particular
mechanism to system, then carries out the target that security
protection needed by a special security mechanism.
Security model include state-machine, information-flow,
noninterference, not deducible, integrity, etc. Among them,
state-machine model ---Bell-La Padula (BLP) model is the
most prevalent and classical security model. BLP model
defines the relations between subject and object. If the
subjects level superier or equal to objects, and subjects
category include all subordinative category of object, then this
subject has eminent domain to this object.

. HOST VULNERABILITY EVALUATION

SUMMARY
Vulnerability evaluation of computer system developed by
hacker attack technique initially, and now it is still a new
study area.
It is impossible that there is a completely secure
complicated system, so the final aim of vulnerability
evaluation is not to eliminate vulnerabilities completely, but to
offer a solution for security. That can help system manager to
find out balance between provide service and guarantee
security [4].
Theoretically
speaking,
host-based
vulnerability
evaluation treats a particular computer as the whole system to
be evaluated [5]. Host-based Vulnerability evaluation is to
check the improper setting in system, the vulnerable password
and other objects that conflict with security rules. And it has
the following characteristics:
Do run at a single host, the aim to scan is native host.
Scanners designing and carrying out are closely related
with OS.

It could establish process on system at will.

Scanning items mainly include: user account file,

group file, system permission, system configuration file, key
file, log file, user password, network interface state, system
service, software vulnerability, etc [6].
. HOST VULNERABILITY EVALUATION TOOL
Along with the peoples security consciousness raise
continuously, the design of host vulnerability evaluation tool
is also more and more regarded. At present, the problems of
host vulnerability evaluation to face are: the detail written
data of host running are scarce; the host security evaluation
tool is absent. Although there are various security evaluation
tools for system and network, there is still not a better tool
that can fully evaluate the host security.
A more comprehensive host security evaluation tool is not
only the tool that could evaluate the OS and audit analysis OS,
but also the tool that could detect the address information that
designated by inside and outside memorizer. Therefore, the
host security evaluation tool like that should evaluate the
following aspect detailedly.
TABLE I.

EVALUATION ASPECTS AND SUMMARY

Evaluation Aspects

Summary

Identity Authentication

Distinguish users identity

Access Control

Restrict users access

Security Audit

Audit relevant security act

Residual Information Protection

Test the content of released space

Invasion Defense

Check

the

information

relate

to

invasion defense software

Malicious Code Defense

About

the

software

malicious code
Resource Control

Control OS resource

of

defense

space wherever the information is on hard disk or in memory.

A. Identity authentication

E.

1) It logins the OS as an user, and checks the course of

identity identification and authentication.
2) It tests the accuracy of identity authentication
information and the complication of password, and tests the
environment of modifying password periodically.
3) It checks whether the OS has manipulation function
when we login unsuccessfully.
4) It checks which measures are adopted when remotely
manage server to prevent authentication information being
wiretapped during network transmission.
5) It tests the environment of user names allocation for
different users of OS.
6) It chooses many kinds of authentication technique for
manage user to authenticate identity when it logins OS.

1) It checks which invasion defense software is used in

system.
2) It checks the attack action overseed by invasion defense
software at network boundary.
3) It checks the recording content when invasion defense
software has detected attack action.

B.

G.

Access control

1) It logins system as an user, and accesses the designated

resource, and checks access control function.
2) It checks the role allotment permission of manage user,
and examine the permission separation environment of
privilege user and the least permission of manage user.
3) It tests the access permission of default account, and
checks the modification environment of system default
account and password.
4) It checks the accounts latest use time and the
environment of deleting superfluous and overdue accounts.
5) It checks accounts list and examine whether there are
overdue accounts and useless accounts in authorized users.
6) It checks whether there are sharing accounts in system.
7) It checks the sensitivity label environment setting for
important information resource.
8) It tests the environment of controlling users operation to
important information resource that have sensitivity label.
C.

Security audit

1) It checks log file in OS and database system.

2) It tests the users overcastted by audit record.
3) It tests the range of audit content.
4) It tests audit recording items.
5) Analysis according to recording data, and creates audit
reports.
6) It tests whether system could protect audit process, and
avoids unexpected interrupt.
7) It tests whether system has the function to protect the
audit record.
D.

Residual information protection

1) Release the storage space that is possessed by a users

authentication information, and test the content of primary
storage space whatever the information is on hard disk or in
memory.
2) Release the storage space that is possessed by file and
directory in system, and test the content of primary storage

F.

Invasion defense

Malicious code defense

1) It checks the software detecting and eliminating the

malicious code at network boundary.
2) It checks the circumstance of detection and elimination
to malicious code at network boundary.
3) It tests the upgrade circumstance of defense malicious
code software and malicious code library.
Resource control

1) It checks whether server OS has set terminal connect

method and network address range to restrict terminal login.
2) It checks the circumstance of login terminals overtime
locked which is set by security policy, and carries out
overtime testing.
3) It checks the detection software that oversees important
server.
4) It checks the circumstance that restrict single user uses
the maximum or minimum permission of system resource.
5) Reduces the service level of system to the minimum
value, and tests the systems reaction.
. CONCLUSIONS
Computer OS security is relative, it is very difficult to
obtain an absolutely secure system, so we must understand
and study the OS security and vulnerability, try our best to
prevent system security affairs occurring, reduce system
vulnerability being made use of by attacker. For obtaining a
relative much more secure system, this article discussed the
OS security mechanism, security demand, security policy,
security model, and host vulnerability evaluation summary,
and at last described the function that a testing all-around host
evaluation tool ought to carry out. Try hard to establish the
foundation for development method of security OS and host
security evaluation tool according technology advancement
and practice application demand.
ACKNOWLEDGEMENT
This work is supported by Liaoning Computer Network
Engineering and Software Test Center, China.
REFERENCES
There must have definite security mechanism and security
demand to ensure OS security. Meanwhile, the OS security
target, security mechanism, security demand have been
proposed in order to enhance the knowledge sharing and
reusing [1-3]. In computer security area, it is very important
that we should evaluate the computer vulnerability. And the
final target of vulnerability evaluation is to help system

manager to find out balance between provide service and

guarantee security.[4-5] have discussed some viewpoints
about vulnerability evaluation and testing. And [6] have
introduced the methods of vulnerability evaluation and the
characteristics of host vulnerability evaluation.
[1]

Sihan Qing, Wenqing Liu, and Hongzi Wen, OS Security, Tsinghua

University Publishing Company, Beijing, 2004.
[2] Anderson, J.P., et. Al., Computer Security Technology Planning Study,
Volume 2, NTIS: AD-772806, NTIS, October 1972.

[3]

Sihan Qing, Wenqing Liu, and Haifeng Liu, OS Security Theory,

Science Publishing Company, Beijing, 2003.
[4] Zerkle D.,Levitt K ,Net Kuang: A multi-host configuration vulnerability
checker. In: Proceedings of the 6th USENIX Security Symposium, San
Jose, CA, 1996.
[5] Beizer B. . Software Testing Techniques. 2nd edition. International
Thomson Computer Press, 1990.
[6]
Xujia Xing, Chuang Lin, and Yixin Jiang, Computer System
Vulnerability Evaluation Study, Computer Transactio n, 2004, 27(1):
1-11.