Spf: Security Performance Flexibility Framework for Trusted Operating Systems

The rapid growth of networking, data sharing, and the Internet has made computer security an important part of computer research and development. A number of highly secure operating systems have been developed to handle the increasing need for security. These operating systems, typically called Trusted Operating Systems, offer a number of security mechanisms that can help protect information, make a system difficult to break into, and confine attacks far better than traditional operating systems. However, this security will come at a cost, since it can degrade the performance of an operating system. This performance loss is one of the reasons why Trusted Operating Systems have not become popular. While Trusted Operating Systems offer an incredible amount of security, observations about computing workloads suggest that only some parts of the operating system security are actually necessary. Web servers are the best example. For many web servers, the majority of the information on the server is publicly readable and available on the Internet. Therefore, if a Trusted Operating System is used on a web server, any security used to secure the confidentiality of the server's information is not necessary. Any security used to protect the confidentiality of web server data can be considered a waste of computational resources. The security needed in web servers is the security to protect the integrity of data, not the confidentiality of data. Other workloads such as multimedia or database workloads may also only need parts of the operating system security. Based on this observation, this thesis proposes the Security Performance Flexibility (SPF) framework for Trusted Operating Systems. SPF recognizes that not all computing workloads require all the security in Trusted Operating Systems. SPF allows system administrators to selectively disable parts of the security in Trusted Operating Systems. By disabling parts of the Trusted Operating System security, performance of the system can potentially be increased. The SPF framework allows system administrators to balance the security and performance needs in their particular computing environment. iv To my parents.