### Lessons 1. Revisiting the Security Mindset  2. What does an operating system do?  3. TCB as a Reference Monitor  4. Role of an Operating System in Protecting Resources  5. What is needed for Trustworthiness?  6. [[TCSEC - Trusted Computer System Evaluation Criteria|TCSEC: Revisiting the Orange Book]] 7. Secure Boot and Trust Policy Module ([[TPM - Trust Policy Module]])  ## Why do we have an OS? - Makes it easier to use/share physical resources - Manages/controls physical resources to efficiently utilize them - Must have access to all physical resources ![[attachments/Screenshot 2023-05-18 at 5.11.14 PM.png]] - The operting system typically serves as the [[TCB - Trusted Computing Base]] - The [[Reference Monitor]] maintains the [[gold (Au) standard of security]] ## Trust Trust comes from: - What [[TCB - Trusted Computing Base]] does - What core functions must [[TCB - Trusted Computing Base |TCB]] include? - How well it does what it is supposed to do? - Structuring, testing, formal models/verification? - What questions can I ask (and check the answers) to determine how much to trust a system? - Who develops the [[TCB - Trusted Computing Base |TCB]]? - Can you trust the code that you have not written? ---- ### Sources 1. Georgia Tech Module Lectures from Secure Computer Systems 2. [OMSCS Lecture Notes](https://www.omscs-notes.com/secure-computer-systems/02-design-principles/)