The development of information technologies has led to the fact that almost all aspects of human activity have become critically dependent on various achievements in computers, computing systems and their mathematical support. The successful operation of computer systems, in turn, is a hostage to their qualities, such as reliability, fault tolerance and, most importantly, information security.
Their work is based on operating systems of different types and purposes. The fundamental nature of the OS is to abstract the hardware from the user of the information system, allowing the user not to experience all the complexity of the multifaceted hardware platform of a modern computer system, allowing him to focus on solving his application task. OS, managing the work of the computer system, solves very important system-wide tasks related to the distribution of hardware resources, multitasking, productivity and, most importantly, ensuring information security.
It immediately became clear that only the anticipatory development of OS protective mechanisms will allow them to provide their functionality without significant information losses. The search for models of OS architectures resistant to various types of destruction has become a constant process. An important stage in the formation of the OS was the presentation of several abstract models of protection systems, which became their fundamental bases. One of the first was the 1977 Biba model [1]. According to it, all subjects and objects of some system are previously divided into several levels of access, with the imposition of restrictions on their interaction [2].
The next step in the development of abstract models of OS security systems was the 1982 Goguen-Meseguer model, based on the theory of automata [3]. In 1986, the Sutherland model of protection was presented, which emphasizes the interaction of subjects and information flows. According to it, as in the previous model, the system can only be in predefined states [4]. An important role in the theory of information protection is played by the Clark-Wilson (Clark-Wilson) protection model of 1987 [5,6], which is based on the use of transactions and on the balanced granting of access rights of subjects to objects.
In addition to purely abstract models of building OS protection systems, there are many practical developments [14] embodied in physical OSes. The process of development of operating systems, as a class of software, began with universal OSes and led to the separation of subclasses in them based on the principle of increasing the importance of some operational parameters. Thus, the advantage of security parameters led to the emergence of a subclass of protected OSes, which must meet certain standards and use specialized mechanisms to counter threats [9]. Today, this is not only a purely scientific or technical concept, but also a legal one. Requirements for such systems are defined in national standards [7,8]. Thus, the US standard developed by the National Institute of Standards and Technologies (NIST) defines a protected OS in the context of requirements for information systems at the federal level [10].
Protected OS, unlike universal ones, includes more effective, mandatory protection mechanisms against various threats and a wider range of them. The main ones are: mandatory access control (MAC), minimization of privileges, auditing and security monitoring, OS kernel security, process isolation, memory protection, encryption, backup, network control, and data integrity and authenticity control. Many scientific works have been devoted to the development of methods for increasing their efficiency and removing various kinds of vulnerabilities [11,12].
Minimizing privileges allows you to significantly reduce the number of potentially vulnerable system components [15]. New methods of authentication can use, in addition to a password, an electronic key, a smart card, and biometric data [17].
Auditing plays a critical role in ensuring data security and system integrity. Its improvement in terms of registration and analysis of actions of users who have access to system resources is considered in [15,16]. New mechanisms of combating ZPP are proposed [24].
As you know, the kernel is the central part of the OS and serves as an interface between the OS hardware resources and applications. Improvement of the application switching mechanism, loading/unloading of their contexts is considered in [18]. The organization of input-output processes, file system operation, processing of processor interruptions, process dispatching is given in [19].
In [20], a process isolation method is proposed, which is a fundamental approach to ensuring the safety, stability, and efficiency of protected OSes, which is based on the protection of the OS against malicious or incorrect actions of user programs.
In [21], issues of centralization of encryption and the use of new cryptography tools for memory protection are considered. In protected OS, the presence of a backup mechanism is mandatory, as it significantly increases the OS's resistance to all types of failures. Implementation methods are given in [22].
The mechanism of control of incoming and outgoing traffic according to the specified rules is presented in [23,25]. This is quite an important point in view of the significant increase in the number of services that actively use networks. Mechanisms for combating BOTNET are proposed [26,27,28].
The analysis of the state of use of the mechanisms for ensuring the stability of the OS against the leakage of confidential information and the protection of information in the OS in general covered almost all levels of system construction -from their hardware platform to the OS core. He showed that despite the presentation of a large number of fairly effective methods of ensuring OS resistance to the leakage of confidential information and, in general, information protection, their application is restrained by the ever-increasing complexity of implementation and the limitation of the comprehensive application of protective mechanisms at all levels of the OS architecture.
The continuous development of computer information technologies has led to the need for widespread use of protected OSes designed for processing confidential data, which requires a new approach in building their security subsystems. They must provide their functionality with simultaneously high levels of fault tolerance, survivability and protection of the information processed in them.
The task is to find such a model of the architecture of the OS protection subsystem, which would integrate the most effective mechanisms for ensuring its resistance to leaks of confidential information, information protection in general. In this way, the scientific problem solved can be characterized as relevant and as one that has a fairly wide practical application.
The model of a decentralized OS security system is based on the principle of distributing security functions between different components or segments of the system. In such an architecture, each component independently manages its own security policies, protection mechanisms, monitoring, and privilege management. Decentralized OS security systems are characterized by the presence of local access control systems, where each system component (database server, application, or process) has its own access policies implemented through local access control lists (ACLs).
Provision of access rights is carried out on the basis of roles or attributes using local authentication mechanisms. An example can be various types of servers operating under OS management and file systems of the same OS that use their own access policies for each user (Figure 1).
The main feature of the decentralized model is the absence of a single security management center. The situation when each component is responsible for its own protection leads to an increase in its vulnerabilities: security management is complicated, the probability of configuration errors is increased, and coordination between protection mechanisms is limited.
To overcome the above problems, we will introduce the central security management module CSMM (central security management module) into the OS architecture, where we will concentrate OS security management. Its functions include defining security policies, monitoring events in the system, responding to incidents, and auditing. The model of such organization of the architecture of the OS security system is presented in Figure 2. In order for the central CSMM security module to receive information about the state of security from all important nodes of the OS, we will introduce into their architecture the peripheral security modules PSM1 -PSMn, which are installed on each node of the OS. In the given centralized OS security model presented in the form of a graph, the vertices correspond to the modules of the centralized OS security subsystem, and the directed edges of the graph indicate the corresponding interaction between the modules, determining the algorithm of its operation. Main interactions:
• CSMM sends security policies to peripheral security modules PSM1 -PSMn;
• PSM1 -PSMn modules send monitoring data and reports to the CSMM central control module.
The model can be extended by including other security mechanisms as needed.
A single center for managing access and security policies allows you to ensure consistency of all access rules to confidential information. Policies can be easily applied to all users and resources, reducing the chance of configuration errors that could lead to information leakage. Centralized privilege management allows you to restrict access to confidential data based on roles, which minimizes the risks of unauthorized access. Architectures based on the use of centralized OS security systems show high efficiency of all security mechanisms. Centralized management allows you to monitor all events in the system, which facilitates the detection of potential information leaks. A monitoring system (for example, MaxPatrol SIEM in Windows Server 2019) allows you to detect abnormal activity in real time and quickly respond to threats. Centralized event and audit logging provides a more complete picture of access to sensitive data. A single encryption standard allows you to ensure data protection at all levels of the system.
The redundancy mechanism within the framework of the centralized security system allows to ensure the protection of confidential data in case of failures or attacks of malicious software more fully than in the decentralized system.
A centralized OS security system allows for a more prompt response to malware attacks and lower administration costs.
The centralized OS security system allows for a more prompt response to malware attacks and lower administration costs. However, centralized systems are vulnerable to their central node. and centralized OS security systems, but it is always easier to protect a central node than several in decentralized systems.
Therefore, regardless of the mentioned vulnerability, the centralized security systems of the OS provide more effective protection of information in general and against leakage of confidential information in particular.
The purpose of the experiment: to test how effectively a centralized security system restricts access to resources based on policies set by administrators.
As a laboratory installation, we will use a virtual machine with a centralized security system. Setting up the OS for conducting the experiment consists in creating users test_user1 and test_user2 with different levels of access to resources in the OS, which will work from a computer with the domain name winserver.test.ua.
We set centralized access policies through Active Directory of the resource with confidential data 1111.txt.
During the experiment, users try to access the file with confidential data 1111.txt, to check the operation of the centralized security system.
The purpose of the experiment: to check the reliability of the centralized encryption system, namely during transmission over the network.
1 st stage. Let's try to intercept data by physically accessing network traffic. To do this, using the Wireshark network analyzer, with the encryption system turned off, we will view the content of the network data packet taken from the machine with IP 172.20.110.114. The result is shown in figure 4. As you can see, in such a situation, the data are available, which means that their protection is absent.
2 nd stage. Enable the data encryption system in the OS using BitLocker and configure encryption policies for network connections (SSL/TLS). We will intercept the network packet from the same IP address.
The result is shown in figure 5. As can be seen from it, analysis of the packet data is impossible due to their encryption protection, which confirms the effectiveness of the centralized encryption system.
The purpose of the experiment. It is tested how effectively the central module stores and processes event logs, according to the given security policies, and whether these logs can be used to detect information leaks or suspicious activity. The result of the experiment. As can be seen from the audit log, all events, in accordance with established security policies, are recorded in the system (Figure 6, 7). Each event can be detailed, providing information about the event that includes all the main parameters. Such a high degree of detailing of events allows detection of attempts of unauthorized access to resources, suspicious activity of individual users, which increases the ability of the central module to prevent information leakage.
A centralized OS security system is not an absolute solution, but when the operating system is focused on preventing the leakage of sensitive information and generally protecting the information processed by its applications, it is, as experiments have shown, a better solution. Its key role in countering the leakage of confidential information is the use of integrated protection mechanisms and centralized management of all aspects of security. This guarantees the coordination of security measures, comprehensive, unlike decentralized systems, activity monitoring, access management and control over user and process actions, which significantly reduces the risk of unauthorized access to resources or data leakage.
The results of information technology research on the construction of a centralized OS security system confirm the improved level of resistance to the leakage of confidential information, the simplification of the management of mechanisms for assigning access rights to resources.
As an alternative approach for future research, developing a centralized OS security system can be used, considering the analysis of its components' importance [29]. In reliability engineering, this approach is known as importance analysis [30]. Machine learning based on the importance analysis of systems can be effective for security systems too [31].
This work was partially supported by the Slovak Research and Development Agency under the grant ''Development of a new approach for reliability analysis and risk assessment based on artificial intelligence'' (reg.no. APVV-23-0033).
During the preparation of this work, the authors used Grammarly in order to: grammar and spelling check; DeepL Translate in order to: some phrases translation into English. After using these tools/services, the authors reviewed and edited the content as needed and take full responsibility for the publication's content.