One of the most significant issues related to operating systems for a computer system involves security. Security systems are designed to protect the confidentiality, the integrity, and the availability of an operating system. One aspect of a security system involves reducing opportunities for malicious computer instructions (e.g. a virus, a Trojan horse etc.) to affect the operating system. Operating systems such as UNIX or operating systems derived from UNIX (e.g. LINUX) incorporate a security system that can be vulnerable to malicious computer instructions.
There are several types of mechanisms that are presently used to secure operating systems such as a discretionary access control (DAC) or a mandatory access control (MAC). The DAC is unable to completely secure these operating systems for a variety of reasons. For example, the DAC restricts access to objects based solely on the identity of a subject. This makes the operating system vulnerable to Trojan horses.
Other operating systems use a MAC. A Biba low watermark mandatory access control mechanism (LOMAC) protects the operating system by dividing processes into different security areas such as HIGH and LOW integrity data. HIGH integrity data relates to highly sensitive data whereas the LOW integrity data relates to low sensitive data.
The LOMAC security rules require that a write-up not occur between objects and subjects. To illustrate, a LOW integrity subject cannot write to a HIGH integrity object. Additionally, if a HIGH integrity subject attempts to read a LOW integrity object, the HIGH integrity subject is automatically demoted to the same level as the LOW integrity object that it attempted to read. Accordingly, in this instance, the HIGH integrity subject is demoted to a LOW integrity subject.
In order to practically implement the LOMAC, the LOMAC requires that exceptions to the security rules be granted in order to overcome an access control mechanism that is too coarse grained. For example, certain computer programs are granted a trusted status with special hard-coded privileges. Trusted status means that the operating system automatically recognizes computer instructions without checking for security issues. Syslogd in Linux exemplifies the trusted status that is granted to a Linux system logging utility by the LOMAC. Syslogd is implemented as a trusted process because syslogd needs to access user profiles and also write to the system LOG files. In addition to granting trusted status to computer programs, the LOMAC performs poorly with respect to confining computer programs to their least required privileges. It is therefore desirable to have a system or a method that overcomes the disadvantages associated with conventional security systems.