=Paper=
{{Paper
|id=Vol-3899/paper20
|storemode=property
|title=A model of a centralized security system, as an information technology for the synthesis of an OS architecture protected against the leakage of confidential information
|pdfUrl=https://ceur-ws.org/Vol-3899/paper20.pdf
|volume=Vol-3899
|authors=Yuriy Stetsyuk,Mykola Stetsyuk,Kyrylo Voznyi,Vadym Paiuk,Miroslav Kvassay
|dblpUrl=https://dblp.org/rec/conf/advait/StetsyukSVPK24
}}
==A model of a centralized security system, as an information technology for the synthesis of an OS architecture protected against the leakage of confidential information==
https://ceur-ws.org/Vol-3899/paper20.pdf
A model of a centralized security system, as an
information technology for the synthesis of an OS
architecture protected against the leakage of confidential
information ⋆
Yuriy Stetsyuk 1,∗,†, Mykola Stetsyuk 1,†, Kyrylo Voznyi 1,†, Vadym Paiuk 1,†,
Miroslav Kvassay 2,†
1
Khmelnitsky National University, Khmelnitsky, Instytutska street 11, 29016, Ukraine
2
Zilina University, Univerzitná 8215, 010 26 Žilina, Slovakia
Abstract
The construction of subsystem models of a decentralized and centralized OS security system designed to
work as part of a protected system for processing confidential information in a multi-machine network
computer system is considered. An analysis of publications related to the construction of OSs resistant to
the leakage of confidential information and, in general, the protection of the information processed in them,
was performed. Their protection mechanisms and methods of improving the efficiency of their work within
the framework of OS security systems are considered. The principles of building decentralized and
centralized OS security systems and the principles of organizing the operation of their security mechanisms
are considered. A comparative analysis of the effectiveness of centralized and decentralized security
systems was performed. A graphical model of a centralized security system for construction is presented.
The key aspect, according to the adopted approach, is to find a balanced OS security subsystem architecture
that can effectively ensure the OS's resilience to information leakage and its information protection in
general.
Keywords
operating system, information protection, centralized system, security mechanisms1
1. Introduction
The development of information technologies has led to the fact that almost all aspects of human
activity have become critically dependent on various achievements in computers, computing systems
and their mathematical support. The successful operation of computer systems, in turn, is a hostage
to their qualities, such as reliability, fault tolerance and, most importantly, information security.
Their work is based on operating systems of different types and purposes. The fundamental
nature of the OS is to abstract the hardware from the user of the information system, allowing the
user not to experience all the complexity of the multifaceted hardware platform of a modern
computer system, allowing him to focus on solving his application task. OS, managing the work of
the computer system, solves very important system-wide tasks related to the distribution of
hardware resources, multitasking, productivity and, most importantly, ensuring information
security.
AdvAIT-2024: 1st International Workshop on Advanced Applied Information Technologies, December 5, 2024, Khmelnytskyi,
Ukraine - Zilina, Slovakia
∗ Corresponding author.
†
These authors contributed equally.
yuriy.stetsuk@khmnu.edu.ua (Y. Stetsyuk); mykola.stetsiuk@khmnu.edu.ua (M. Stetsyuk); k.vozniy@gmail.com (K.
Voznyi); vadympaiuk@gmail.com (V. Paiuk); miroslav.kvassay@fri.uniza.sk (M. Kvassay)
0000-0003-0312-2276 (Y. Stetsyuk); 0000-0003-3875-0416 (M. Stetsyuk); 0009-0007-2545-565 (K. Voznyi);
0000-0002-9969-8239 (V. Paiuk); 0000-0002-6450-5417 (M. Kvassay);
© 2024 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR
ceur-ws.org
Workshop ISSN 1613-0073
Proceedings
�2. Analysis of known solutions
It immediately became clear that only the anticipatory development of OS protective mechanisms
will allow them to provide their functionality without significant information losses. The search for
models of OS architectures resistant to various types of destruction has become a constant process.
An important stage in the formation of the OS was the presentation of several abstract models of
protection systems, which became their fundamental bases. One of the first was the 1977 Biba model
[1]. According to it, all subjects and objects of some system are previously divided into several levels
of access, with the imposition of restrictions on their interaction [2].
The next step in the development of abstract models of OS security systems was the 1982 Goguen-
Meseguer model, based on the theory of automata [3]. In 1986, the Sutherland model of protection
was presented, which emphasizes the interaction of subjects and information flows. According to it,
as in the previous model, the system can only be in predefined states [4]. An important role in the
theory of information protection is played by the Clark-Wilson (Clark-Wilson) protection model of
1987 [5, 6], which is based on the use of transactions and on the balanced granting of access rights
of subjects to objects.
In addition to purely abstract models of building OS protection systems, there are many practical
developments [14] embodied in physical OSes. The process of development of operating systems, as
a class of software, began with universal OSes and led to the separation of subclasses in them based
on the principle of increasing the importance of some operational parameters. Thus, the advantage
of security parameters led to the emergence of a subclass of protected OSes, which must meet certain
standards and use specialized mechanisms to counter threats [9]. Today, this is not only a purely
scientific or technical concept, but also a legal one. Requirements for such systems are defined in
national standards [7, 8]. Thus, the US standard developed by the National Institute of Standards and
Technologies (NIST) defines a protected OS in the context of requirements for information systems
at the federal level [10].
Protected OS, unlike universal ones, includes more effective, mandatory protection mechanisms
against various threats and a wider range of them. The main ones are: mandatory access control
(MAC), minimization of privileges, auditing and security monitoring, OS kernel security, process
isolation, memory protection, encryption, backup, network control, and data integrity and
authenticity control. Many scientific works have been devoted to the development of methods for
increasing their efficiency and removing various kinds of vulnerabilities [11, 12].
Minimizing privileges allows you to significantly reduce the number of potentially vulnerable
system components [15]. New methods of authentication can use, in addition to a password, an
electronic key, a smart card, and biometric data [17].
Auditing plays a critical role in ensuring data security and system integrity. Its improvement in
terms of registration and analysis of actions of users who have access to system resources is
considered in [15, 16]. New mechanisms of combating ZPP are proposed [24].
As you know, the kernel is the central part of the OS and serves as an interface between the OS
hardware resources and applications. Improvement of the application switching mechanism,
loading/unloading of their contexts is considered in [18]. The organization of input-output processes,
file system operation, processing of processor interruptions, process dispatching is given in [19].
In [20], a process isolation method is proposed, which is a fundamental approach to ensuring the
safety, stability, and efficiency of protected OSes, which is based on the protection of the OS against
malicious or incorrect actions of user programs.
In [21], issues of centralization of encryption and the use of new cryptography tools for memory
protection are considered. In protected OS, the presence of a backup mechanism is mandatory, as it
significantly increases the OS's resistance to all types of failures. Implementation methods are given
in [22].
The mechanism of control of incoming and outgoing traffic according to the specified rules is
presented in [23, 25]. This is quite an important point in view of the significant increase in the
�number of services that actively use networks. Mechanisms for combating BOTNET are proposed
[26, 27, 28].
The analysis of the state of use of the mechanisms for ensuring the stability of the OS against the
leakage of confidential information and the protection of information in the OS in general covered
almost all levels of system construction - from their hardware platform to the OS core. He showed
that despite the presentation of a large number of fairly effective methods of ensuring OS resistance
to the leakage of confidential information and, in general, information protection, their application
is restrained by the ever-increasing complexity of implementation and the limitation of the
comprehensive application of protective mechanisms at all levels of the OS architecture.
3. Formulation of the problem
The continuous development of computer information technologies has led to the need for
widespread use of protected OSes designed for processing confidential data, which requires a new
approach in building their security subsystems. They must provide their functionality with
simultaneously high levels of fault tolerance, survivability and protection of the information
processed in them.
The task is to find such a model of the architecture of the OS protection subsystem, which would
integrate the most effective mechanisms for ensuring its resistance to leaks of confidential
information, information protection in general. In this way, the scientific problem solved can be
characterized as relevant and as one that has a fairly wide practical application.
4. The main part
4.1. Architecture model of the decentralized OS protection subsystem
The model of a decentralized OS security system is based on the principle of distributing security
functions between different components or segments of the system. In such an architecture, each
component independently manages its own security policies, protection mechanisms, monitoring,
and privilege management.
Figure 1: Model of the decentralized OS security system.
� Decentralized OS security systems are characterized by the presence of local access control
systems, where each system component (database server, application, or process) has its own access
policies implemented through local access control lists (ACLs).
Provision of access rights is carried out on the basis of roles or attributes using local
authentication mechanisms. An example can be various types of servers operating under OS
management and file systems of the same OS that use their own access policies for each user (Figure
1).
The main feature of the decentralized model is the absence of a single security management
center. The situation when each component is responsible for its own protection leads to an increase
in its vulnerabilities: security management is complicated, the probability of configuration errors is
increased, and coordination between protection mechanisms is limited.
4.2. Architecture model of the centralized OS protection subsystem
To overcome the above problems, we will introduce the central security management module CSMM
(central security management module) into the OS architecture, where we will concentrate OS
security management. Its functions include defining security policies, monitoring events in the
system, responding to incidents, and auditing. The model of such organization of the architecture of
the OS security system is presented in Figure 2. In order for the central CSMM security module to
receive information about the state of security from all important nodes of the OS, we will introduce
into their architecture the peripheral security modules PSM1 - PSMn, which are installed on each
node of the OS.
Figure 2: Graph model of the centralized security system of the abstract OS.
In the given centralized OS security model presented in the form of a graph, the vertices
correspond to the modules of the centralized OS security subsystem, and the directed edges of the
graph indicate the corresponding interaction between the modules, determining the algorithm of its
operation. Main interactions:
• CSMM sends security policies to peripheral security modules PSM1 - PSMn;
� • PSM1 - PSMn modules send monitoring data and reports to the CSMM central control
module.
The model can be extended by including other security mechanisms as needed.
4.3. Analysis of the effectiveness of architectures with regard to their resistance to
leakage of confidential information
A single center for managing access and security policies allows you to ensure consistency of all
access rules to confidential information. Policies can be easily applied to all users and resources,
reducing the chance of configuration errors that could lead to information leakage. Centralized
privilege management allows you to restrict access to confidential data based on roles, which
minimizes the risks of unauthorized access.
Architectures based on the use of centralized OS security systems show high efficiency of all
security mechanisms. Centralized management allows you to monitor all events in the system, which
facilitates the detection of potential information leaks. A monitoring system (for example, MaxPatrol
SIEM in Windows Server 2019) allows you to detect abnormal activity in real time and quickly
respond to threats. Centralized event and audit logging provides a more complete picture of access
to sensitive data. A single encryption standard allows you to ensure data protection at all levels of
the system.
The redundancy mechanism within the framework of the centralized security system allows to
ensure the protection of confidential data in case of failures or attacks of malicious software more
fully than in the decentralized system.
A centralized OS security system allows for a more prompt response to malware attacks and
lower administration costs.
The centralized OS security system allows for a more prompt response to malware attacks and
lower administration costs. However, centralized systems are vulnerable to their central node. and
centralized OS security systems, but it is always easier to protect a central node than several in
decentralized systems.
Therefore, regardless of the mentioned vulnerability, the centralized security systems of the OS
provide more effective protection of information in general and against leakage of confidential
information in particular.
5. Experiments
5.1. Access control testing
The purpose of the experiment: to test how effectively a centralized security system restricts access
to resources based on policies set by administrators.
As a laboratory installation, we will use a virtual machine with a centralized security system.
Setting up the OS for conducting the experiment consists in creating users test_user1 and test_user2
with different levels of access to resources in the OS, which will work from a computer with the
domain name winserver.test.ua.
We set centralized access policies through Active Directory of the resource with confidential data
1111.txt.
During the experiment, users try to access the file with confidential data 1111.txt, to check the
operation of the centralized security system.
� a)
b)
Figure 3: The reaction of the OS security system to an attempt to access a file system object without
the appropriate rights.
The result of the experiment. The user test_user1 with missing rights to the resource 1111.txt was
blocked when he tried to access it, as a result of which an entry was made in the audit log dated
10.2.2024 11:05:11 "An attempt was made to access the object." (Figure 3 a)), and its details are given
in figure. 3 b). This test confirmed the effectiveness of centralized access control policies.
5.2. Data encryption testing
The purpose of the experiment: to check the reliability of the centralized encryption system, namely
during transmission over the network.
1st stage. Let's try to intercept data by physically accessing network traffic. To do this, using the
Wireshark network analyzer, with the encryption system turned off, we will view the content of the
network data packet taken from the machine with IP 172.20.110.114. The result is shown in figure 4.
As you can see, in such a situation, the data are available, which means that their protection is absent.
2nd stage. Enable the data encryption system in the OS using BitLocker and configure encryption
policies for network connections (SSL/TLS). We will intercept the network packet from the same IP
address.
The result is shown in figure 5. As can be seen from it, analysis of the packet data is impossible
due to their encryption protection, which confirms the effectiveness of the centralized encryption
system.
�Figure 4: Network packet with the centralized encryption system disabled.
Figure 5: Network package with the centralized encryption system enabled.
5.3. Audit testing and logging
The purpose of the experiment. It is tested how effectively the central module stores and processes
event logs, according to the given security policies, and whether these logs can be used to detect
information leaks or suspicious activity.
Figure 6:. Security system audit log.
a)
� b)
Figure 7: Details of the event recorded in the audit log.
The result of the experiment. As can be seen from the audit log, all events, in accordance with
established security policies, are recorded in the system (Figure 6, 7). Each event can be detailed,
providing information about the event that includes all the main parameters. Such a high degree of
detailing of events allows detection of attempts of unauthorized access to resources, suspicious
activity of individual users, which increases the ability of the central module to prevent information
leakage.
6. Conclusions
A centralized OS security system is not an absolute solution, but when the operating system is
focused on preventing the leakage of sensitive information and generally protecting the information
processed by its applications, it is, as experiments have shown, a better solution. Its key role in
countering the leakage of confidential information is the use of integrated protection mechanisms
and centralized management of all aspects of security. This guarantees the coordination of security
measures, comprehensive, unlike decentralized systems, activity monitoring, access management
and control over user and process actions, which significantly reduces the risk of unauthorized access
to resources or data leakage.
The results of information technology research on the construction of a centralized OS security
system confirm the improved level of resistance to the leakage of confidential information, the
simplification of the management of mechanisms for assigning access rights to resources.
As an alternative approach for future research, developing a centralized OS security system can
be used, considering the analysis of its components' importance [29]. In reliability engineering, this
approach is known as importance analysis [30]. Machine learning based on the importance analysis
of systems can be effective for security systems too [31].
Acknowledgments
This work was partially supported by the Slovak Research and Development Agency under the grant
‘‘Development of a new approach for reliability analysis and risk assessment based on artificial
intelligence’’ (reg.no. APVV-23-0033).
Declaration on Generative AI
During the preparation of this work, the authors used Grammarly in order to: grammar and spelling
check; DeepL Translate in order to: some phrases translation into English. After using these
tools/services, the authors reviewed and edited the content as needed and take full responsibility for
the publication’s content.
�References
[1] S., Semenov, V., Zmiivska, A.V., Golubenko, Comparative studies of access delineation
technologies for data protection in a computer system. Information processing systems, 2015,
issue 3 (128) pp. 99 - 102
[2] VPN Unlimited part of MonoDefence. Biba Model.
https://www.vpnunlimited.com/ua/help/cybersecurity/biba-model
[3] J. A. Goguen and J. Meseguer, "Unwinding and Inference Control," 1984 IEEE Symposium on
Security and Privacy, Oakland, CA, USA, 1984, pp. 75-75, doi: 10.1109/SP.1984.10019
[4] M. A. Hahn, D. R. Oestreicher and R. J. Stevenson, "The Evans & Sutherland view of tomorrow's
supercomputing," Digest of Papers. COMPCON Spring 89. Thirty-Fourth IEEE Computer
Society International Conference: Intellectual Leverage, San Francisco, CA, USA, 1989, pp. 300-
303, doi: 10.1109/CMPCON.1989.301945
[5] H. Fatima, A. Messaoud, D. Rachid and B. M. Mounir, "Formal Modelling and Implementation
of Clark-Wilson Security Policy with FoCaLiZe," 2024 6th International Conference on Pattern
Analysis and Intelligent Systems (PAIS), EL OUED, Algeria, 2024, pp. 1-5, doi:
10.1109/PAIS62114.2024.10541223
[6] F. Avorgbedor, J. Liu, "Enhancing User Privacy Protection by Enforcing Clark-Wilson Security
Model on Facebook," 2020 IEEE International Conference on Electro Information Technology
(EIT), Chicago, IL, USA, 2020, pp. 155-161, doi: 10.1109/EIT48999.2020.9208279
[7] Law of Ukraine: On the Protection of Information in Information and Telecommunication
Systems No. 80 of 05.07.1994. Bulletin of the Verkhovna Rada of Ukraine. 1994, No. 31, as
amended and supplemented.
[8] DSTU EN ISO/IEC 15408-1:2022 Information technology. Method of protection. Evaluation
criteria. Part 1: Introduction and general model
[9] Anderson, R. Security Engineering: A Guide to Building Dependable Distributed Systems.
Wiley; 3rd edition, 2020; p 1232 ISBN-13 : 978-1119642787
[10] FIPS PUB 200, Minimum Security Requirements for Federal Information and Information
Systems/Federal Information Processing Standards. National Institute of Standarts and
Technology USA, 2006
[11] Cho, C.; Seong, Y.; Won, Y. Mandatory Access Control Method for Windows Embedded OS
Security \ Electronics, 10, 2021; p12 https://doi.org/10.3390/electronics10202478
[12] Penelova, М. Access Control Models. Bulgarian academy of sciences. Cybernetics and
information technologies, Sofia, vol 21, No 4, 2021; pp 77 - 104 http://dx.doi.org/10.2478/cait-
2021-0044
[13] Billoir, E.; Laborde, R.; Wazan, A.S.; Benzekri, A. Implementing the principle of least
administrative privilege on operating systems: challenges and perspectives, Ann. Telecommun.
2024; https://doi.org/10.1007/s12243-024-01033-5
[14] Devyanin, P.N.; Khoroshilov, A.V.; Kuliamin, V.V. Integrating RBAC, MIC, and MLS in Verified
Hierarchical Security Model for Operating System. Program Comput Soft 46, 2020; pp 443–453.
https://doi.org/10.1134/S0361768820070026
[15] Calcatinge, A.; Balog, J. Mastering Linux Administration - Second Edition: Take your sysadmin
skills to the next level by configuring and maintaining Linux systems 2nd ed. Edition, Packt
Publishing, 2024; p 764 ISBN 978-1837630691
[16] D.A. Tevault. Mastering Linux Security and Hardening: A practical guide to protecting your
Linux system from cyber attacks*, 3rd Edition, Packt Publishing, 2023, p. 618.
[17] N. Jiang, Q. Zhou, X. Jia, J. Chen, Q. Huang, H. Du. LightArmor: A Lightweight Trusted
Operating System Isolation Approach for Mobile Systems. In: N. Pitropakis, S. Katsikas, S.
Furnell, K. Markantonakis (eds.), *ICT Systems Security and Privacy Protection*, SEC 2024, IFIP
Advances in Information and Communication Technology, vol. 710, Springer, Cham, July 2024,
pp. 206–220. https://doi.org/10.1007/978-3-031-65175-5_15.
�[18] M.L. Scott, T. Brown. Shared-Memory Synchronization*, Springer, Cham, 2024, p. 243.
https://doi.org/10.1007/978-3-031-38684-8 .
[19] H.C. Kuo, J. Chen, S. Mohan, T. Xu. Set the Configuration for the Heart of the OS: On the
Practicality of Operating System Kernel Debloating. *Communications of the ACM*, vol. 65, no.
5, May 2022, pp. 101–109. http://dx.doi.org/10.1145/3524301.
[20] L. Gerhorst, B. Herzog, S. Reif, W. Schröder-Preikschat, T. Höni. Fast and Flexible System-Call
Aggregation. *11th Workshop on Programming Languages and Operating Systems (PLOS ’21)*,
October 25, 2021, Virtual Event, Germany, vol. 3487267, 2021, p. 6.
https://doi.org/10.1145/3477113.
[21] da Rocha, M.; Valadares, D.C.G.; Perkusich, A.; Gorgonio, K.C.; Pagno, R.T.; Will, N.C. Trusted
Client-Side Encryption for Cloud Storage. In: Ferguson, D., Pahl, C., Helfert, M. (eds) Cloud
Computing and Services Science. CLOSER 2020. Communications in Computer and Information
Science, vol 1399, Springer, Cham, March 2021; pp 1-24 https://doi.org/10.1007/978-3-030-72369-
9_1.
[22] M. Seddigh, M. Esfahani, S. Bhattacharya, M.R. Aref, H. Soleimany. Breaking KASLR on mobile
devices without any use of cache memory (extended version). *Journal of Cryptographic
Engineering*, vol. 14, pp. 281–294, January 2024. https://doi.org/10.1007/s13389-023-00344-y.
[23] De Oliveira, D.B.; Casini, D.; Cucinotta, T. Operating System Noise in the Linux Kernel. IEEE
Transactions on Computers, № 1, 2023; pp 196-207 https://doi.org/10.1109/tc.2022.3187351.
[24] S. Lysenko, O. Pomorova, O. Savenko, A. Kryshchuk, K. Bobrovnikova. DNS-based Anti-evasion
Technique for Botnets Detection. Proceedings of the 8-th IEEE International Conference on
Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications,
Warsaw (Poland), September 24–26, 2015. Warsaw, 2015. Pp. 453–458.
[25] O. Savenko, A. Sachenko, S. Lysenko, G.N. Markowsky, N. Vasylkiv. Botnet detection approach
based on the distributed systems. International Journal of Computing, 19(2), 190-198, 2020.
https://doi.org/10.47839/ijc.19.2.1761.
[26] O. Savenko, S. Lysenko, A. Kryshchuk, Y. Klots / Proceedings of the 7-th IEEE International
Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and
Applications, Berlin (Germany), September 12–14, 2013. Berlin, 2013. Pp. 363–368. ISBN 978-1-
4799-1426-5.
[27] O. Pomorova, O. Savenko, S. Lysenko, A. Kryshchuk, A. Nicheporuk. A Technique for detection
of bots which are using polymorphic code. Communications in Computer and Information
Science. 2014. Vol. 431. PP.265-276, ISSN: 1865-0929.
[28] O. Pomorova, O. Savenko, S. Lysenko, A. Kryshchuk. Multi-Agent Based Approach for Botnet
Detection in a Corporate Area Network Using Fuzzy Logic. Communications in Computer and
Information Science. 2013. Vol. 370. PP.243-254, ISSN: 1865-0929.
[29] E. Zaitseva, V. Levashenko, Investigation multi-state system reliability by structure function,
Proc. of Int. Conf. on Dependability of Computer Systems, DepCoS – RELCOMEX, Poland, 2007,
pp. 81 – 90, https://doi.org/10.1109/DEPCOS-RELCOMEX.2007.28.
[30] E. Zaitseva, V. Levashenko, Importance analysis by logical differential calculus, Automation and
Remote Control, 74, 2013, pp. 171 - 182, doi:10.1134/S000511791302001X.
[31] E. Zaitseva, V. Levashenko, J.Rabcan, A new method for analysis of Multi-State systems based
on Multi-valued decision diagram under epistemic uncertainty, Reliability Engineering and
System Safety, 229, 2023, article number 108868.
�