32523 Operating Systems for Network Security Autumn 2012 Assessment 2

This assessment constitutes 40% of your total mark for the subject. There are three optional topics for this assessment One requires group work whilst the other two are require individual work. Choose only ONE of the topics outlined below. Students are required to present and/or hand in their assignment at the start of class in Week 14 (ie: 6PM 7th June 2012) Option 1 SELinux Implementation (GROUP WORK) Implement SELinux in a Linux distribution (Fedora is suggested) and configure SELinux to harden the operating system and its application as much as possible. In particular, consider how SELinux can be used to OS hardening and address for the seven standard security services: confidentiality, integrity, availability, authentication, authorisation/access control, auditing/logging, non-repudiation The scope of your implementation should cover file systems, network, users and common applications/utilities such as web servers (e.g. apache) and file servers (e.g. samba, ftp), etc. Do not try and lock the whole system down but demonstrate how specific services can be restricted using SELinux to manage access controls. Your implementations should be scenario-based, i.e., you should harden several OS/application components based on several scenarios you have created, where some of the examples must include: 1. Set up an administrators group. Assign each team member to that group. Through Rolebased access control (RBAC), give this group permission to stop and start certain services on your system, but deny root this privilege. 2. Explore how you can use SELinux techniques to limit access by network-based services to only a certain range of ports, e.g limit apache to only 80 and 443. 3. Explore how you can improve on native NFS security by means of SELinux. 4. Set up a special fsmounter account which must be used to mount/unmount USB filesystems, no other account can do this. 5. Whatever else you think is interesting and useful in a real world implementation. The scope of the assignment is open-ended. You need to demonstrate your implementation as a team to the lecturer in class. It is suggested that you use a virtualisation technology such as VMware or Virtualbox to run a Fedora guest OS for your implementation and demonstration. During the demonstration, each member of the team will be expected to show his/her own contribution and to be able to answer questions from the lecturer. The questions may include general knowledge of SELinux. You should also write a report describing what you have designed and implemented, and why. The report should show that you understand the workings of SELinux. It should include how you have modified the SELinux rules/policies and specifically, what problems you had along the way and how you worked through them. The assignment must be done in groups of at most four people.

Option 2 Operating Systems Comparison (INDIVIDUAL ASSIGNMENT) Objective: You are required to make a comparative assessment of the OS implementation and security mechanisms of two operating systems. Task: Choose TWO operating systems that you want to assess from the list below -one each from the two separate groups. Have your choice approved by the lecturer. Write a document of about 5000 words. The document should describe and compare the OS design (including: memory management, process scheduling, I/O and file systems) and security mechanisms that you have identified in each of the operating systems. It also should include a guide to securing the operating systems when used in various parts of a network. Ensure that all sources are properly acknowledged and referenced. List of Operating Systems Group 1 MS-DOS Windows 98 Windows2000 WindowsXP Windows Server 2003 Windows Server 2008 WindowsVista Cisco IOS AmigaOS Android Group 2 Solaris FreeBSD OpenBSD HP/UX AIX OS X Linux (Choose a specific flavor) ScreenOS JunOS Symbion Apple iOS The report should follow a normal report layout standard: heading, introduction, management summary, ToC, references, appendices (if any), and label all the diagrams. It is important to be aware of and adhere to the UTS guidelines in relation to copyright violation and TurnItIn will be used to ensure authenticity of authorship.

Option 3 Operating System Requirements Analysis (INDIVIDUAL ASSIGNMENT) Objective: Operating systems come in various forms to serve specific or multi-functional purposes. The design of an operating system is highly dependant on the function/s for which it has been designed to serve. Imagine you have been asked by a software engineering company to provide some high-level design principles for a new operating system on ONE of the devices in the list below: Proprietary Share Trading Platform Supervisory control and data acquisition (SCADA) industrial control system. IP Telephony Switch

(or you may elect a different device however such approval MUST to be granted by the end of class in Week 11) There are two research themes on which you need to respond: 1) From an operating system perspective, you should keep in mind the design issues involved in your chosen device including: memory management, process scheduling, I/O and file systems particularly with regard to the resource constraints and the tasks it prioritises. 2) From a network security perspective, in your response, you must address the mechanisms on the basis of the security services we have discussed and design considerations around them: confidentiality, integrity, availability, authentication, authorisation/access control, auditing/logging, non-repudiation as well as any considerations around remote access/management or monitoring of the device. You need to think about the resource limitations and capabilities within your chosen platform which may impact on the requirements above. In addition, you must consider the possible threats which may arise. Also you should discuss which security mechanism/s is most important on the chosen device, and explain why. Write a document of 5000 words maximum. The document should contain high level discussion on both the operating system design and network security aspects for the device. The document should contain your own opinion and discussions, and be explained in a professional manner using references where appropriate. Note that you must keep your discussion relevant to your chosen device. A generic discussion on the operation system design and/or security services will result in a very low and possibly zero marks. Note also, there is NO NEED to list or explain the definitions of the well-known security goals in your research document. You should instead focus on providing more of your own discussions. The report should follow a normal report layout standard: heading, introduction, management summary, ToC, references, appendices (if any), and label all the diagrams. It is important to be aware of and adhere to the UTS guidelines in relation to copyright violation and TurnItIn will be used to ensure authenticity of authorship.