|
In search of a Secure Operating System
Saturday, July 05, 2008
Everyday we come across news about new vulnerabilities found in various
operating systems. Some of these vulnerabilities are used by malware writers to
create havoc on your network. These result in downtimes causing business losses
in millions. Can we ever dream about a day when software and especially
Operating System would be more secure and reliable? Can we ever get rid of the
reset button on our computers.
Why is it so difficult to develop an OS which has minimal bugs. We already
have computers in various electronic appliances like refrigerator, television
and others which work for years without giving us any trouble. Have we ever
patched these appliances. If we had these current operating systems running in
our cars which kept crashing and getting infected every now and then, we would
rather prefer walking or at best go back to the older forms of transportation.
One issue that operating systems like Linux or Windows have is that they are
monolithic in nature. A big fat piece of code running in privilege mode. All the
drivers, written by different individuals run in this mode. Any bug found in
this piece of code would cause the whole system to crash. In Windows XP, device
drivers cause 85% of reported failures. How would we then have secure operating
systems.
In monolithic kernels, processes can share data structures. To mutually
exclude processes from accessing the same data structure, efforts needs to be
taken to get it right. A secure operating system should provide protection to
data structures of various modules from each other. This could be possible if
these modules can provide interfaces to access their data structures and do not
share data structures as is currently done. We are looking at an operating
system which has the concepts of object oriented programming embedded in it.
An ideal operating system would be where minimum code runs in privilege mode and
does not affect the data structures or memory of other processes or
applications. Such Operating systems with 'microkernels' have been in news for
quite sometime, but have not seen the light because of lower performance and
less maturity. But with the increase in CPU performance and the shift towards a
need for a more reliable and secure OS, has brought them back into limelight.
Some of the operating systems which use microkernels are QNX, Integrity,
L4Linux, Minix 3. The reason why we still see a lot of monolithic kernels even
today is that microkernels based operating systems are not as mature as Linux or
Windows. We will start seeing these Oses in embedded devices, cell phones etc.
For example you can run L4linux in a user mode on top of a microkernel along
with the other micro kernel applications. This makes the OS less vulnerable to
attacks and malware. Microkernel moves many of the OS services into user space
that in the existing operating systems run in the kernel space.
Why is a microkernel more secure?
With the existing monolithic kernels all services like device drivers, run in
kernel space. If there is a problem with any of these services, it may crash the
system. In a microkernel, these service run in user space. If there is a
problem, the service can be restarted without having to reboot the kernel. In
fact the operating system itself can restart these services thus laying the
foundation for a self healing system.
Many applications in monolithic kernels have to be set with uid as root to
get access to devices. This has an unfortunate effect that allows a program to
have access to the complete system as root. In monolithic kernels, since all
applications run as normal users, they cannot affect the system and hence makes
the operating system more secure. As explained above, monolithic kernels share
memory amongst processes, which creates a possibility of corrupting it and thus
crashing the complete system. In microkernel all services run in their own
memory space which is independent of other services and hence there is very less
possibility of it corrupting the kernel and crashing the system.
Since most of the drivers are written in user space, programming them becomes
easier as they are not restricted by kernel routines.
Does that mean that microkernels will replace Linux or Windows? No, we will see
these operating systems adapting the idea of microkernels into their design to
make the existing operating systems more secure. For example, Micheal M. Swift
has presented a thesis on making Linux more secure, and presented the
architecture called Nooks, which isolates the Linux device drivers from the
kernel. It builds a new protection mechanism called a light weight kernel
protection domain. The device drivers are executed within a domain which
prevents them to corrupt the kernel and crash it.
Microsoft has started a research project called 'Singularity' which works
towards making an operating system more reliable. Singularity uses type-safe
languages and an abstract instruction set to create a software isolated process.
The device drivers, programs would run in their own software isolated process
making the operating system more reliable and secure.
In coming days, we will see operating system developed over microkernels that
are more stable and will receive wider support from the industry. When that
happens our search for a secure operating system will end and we there will be a
day when we shall spend many happy days before our system crashes!
Sonit Jain, Gajshield
Page(s) 1
|
