As you observed in your readings in Pfleeger and on the Web, most operating systems are fraught with vulnerabilities. You are to discuss vulnerabilities for one of these operating systems.

Pre-assignment:

1. Review the readings from Chapters 4 and 5
2. Review ciac (http://www.ciac.org/ciac/), sans (http://www.sans.org/) and other websites concerning OS vulnerabilities

Assignment:

1. Select an operating system to analyze
2. Through your readings and/or experience with this operating system, identify five vulnerabilites (or as many as you can)
3. Discuss each of the vulnerabilities
4. Discuss how to address these vulnerabilities

Post-assignment: Answer the following questions -

• Is the OS you evaluated, D1, C1, or C2 compliant?
• What would it take for the OS to be certified at the next level?

Discussion Questions

1. (DUE February 28, 2003 by midnight EST) Select one of the following questions to discuss in detail through the threaded discussion.
   • Describe a situation in which you might want to allow the security kernel to violate one of the security properties of the Bell-La Padula model.
   • I/O appears as the sources of several methods of penetration. Discuss why I/O is hard to secure in a computing system.
   • Discuss the importance of an operating system being classified as C2 compliant, B1 compliant.
2. (DUE March 5, 2003 by midnight EST) Select a discussion from one or more of your classmates and respond to their comments.

Webliography Assignment
(DUE March 10, 2003 by midnight EST) Submit to the class Webliography 5 annotated links related to trusted operating systems, including assurance techniques, evaluation schemes and implementations of trusted OSs. These will be added to our Information Assurance E-library (http://csc.ColumbusState.edu/summers/e-library/security.html) You will receive 1 point if just a new link; 1 point if annotation for one of my links; or 2 points if a new annotated link.