Linux Kernel Analysis

Much has been written in praise of the Linux (Crandall, Wu, Chong, 359),

(Parnas, 112), (Baliga, Iftode, Chen, 323), and its use of preemptive multitasking memory architectures to manage process control, file management, device management, information maintenance and communications subsystems securely and effectively. The Linux modular design, lack of reliance on Remote Procedure Calls (RPC), and use of UNIX-based system administration all are often cited as factors in how it is significantly more secure than Microsoft Windows for example. Linux relies on a dedicated memory partition architecture more comparable to Microsoft Windows than UNIX and also has a specific API calls for each of the subsystems as well. The combination of modularity and preemptive multitasking through dedicated memory structures is also an architectural argument that Linux supporters site when defending the inherent security of this operating system. In fact the KDE and GNOME components of the operating system are monolithic, not modular in design and therefore pose a security risk from the standpoint of being accessible through the kernel. Figure 3, Linux Kernel Structure, provides a graphical representation.

Figure 3: Linux Kernel Structure

Source: (Jaeger, Edwards, Zhang, 7)

What is immediately apparent from analyzing the Linux kernel is that when you take into account its wide variation in interpretation between Linux distributions from Debian, Red Hat, MandrakeSoft and SUSE it is clear that coordination and collaboration to resolve severe security risks can be challenging. In fact the highly fragmented nature of the Linux kernel and the distributed ownership of it across all those companies who are offering unique distributions make response time to severe alerts (as defined by CERT's methodology) challenging. Further exacerbating this shared ownership of security on the Linux platform is the integration of only Crypto functions, IPSec, SSL Tunnel and firewall functions. All other functions critical for operating system security are in fact supported through 3rd party partners including Directory Support, PKI integration, Cryptography at the hardware level, Kerberos support and a security management framework. As a result of the Linux kernel structure and operating system infrastructure being so balkanized the days of risk associated with any attack and the response time to resolve them is significantly longer than any Microsoft operating system included in the analysis (Massel, et.al.). This is a function of the lack of concerted, focused collaboration on the part of companies who are creating and marketing Linux distributions. Unlike the Apple operating system and its QuickTime and Java Virtual Machine (JVM) security liabilities, Linux has more complex security threats. At the operating system, kernel and the threat of days of risk growing rapidly due to a lack of shared knowledge (despite the myth of the open source community being egalitarian) Linux has significant security vulnerabilities (Massel, et.al.).

Microsoft Windows Operating System Architecture Analysis

The Microsoft Windows architecture has evolved to support pre-emptive multitasking and also the support of up to four concurrent application environments including Win!6, Win32, POSIX and UNIX emulations on the Windows XP Server architecture, which is the processor to Windows 7. As can be seen from Figure 4, Microsoft Windows Operating System Structure the Windows API Layer includes Win16 (16 bit Windows Subsystem) and Win32 (Windows 32 Bit Subsystem) support both with their own kernels (KRNL386.EXE and KERNEL32.DLL) in addition to their own GID and user components. These two subsystems in the API layer are completely separated from the Kernel Mode. Microsoft initially made this design decision from a security standpoint. There is also a Hardware Abstraction Layer (HAL) within the architecture which supports cryptography customization to MIL-STD specifications.

Figure 4: Microsoft Windows Operating System Structure

Source: (Shone, et.al.)

The Windows Operating Structure integrated directory support, PKI, cryptography functions at the kernel and hardware levels through the hardware Abstraction Layer, while also having legacy support for Kerberos authentication and security technologies. IPSec, SSL and remote access have over time been integrated into a common subsystem which runs in its own memory space. The System Virtual Machine also has its own memory partition and is an emulation of a full Win32 runtime environment instead of making calls directly into the kernel of the operation system. Win16 and Win32-based applications therefore are not integrated to the kernel; therefore applications cannot be used to launch security attacks. Vulnerabilities within the Microsoft architecture emanate from device driver layer (Hartley, 4) and the lack of consistency on firewall definitions and methodologies over the lifecycle of the operating system (Mogull, Pepper, 1). Microsoft has also been negligent in defining common platform integration for third party systems, databases and architectures as well (Parnas, 112). These have all combined to create security liabilities for the operating system over time. In previous generations of the Microsoft architecture,...

RPC threat analysis based on CERT entries showed that there was the potential to gain access to the kernel layer of the operating system. There is also the factor of how Microsoft originally chose to interpret TCP/IP and specifically how the development of the telnet and FTP commands were completed. These both have been configured as UNIX equivalents, where administrators can only grant access via these commands to an entire system. There are also authentication processes in place to alleviate the risk of RPC-based calls when SQL Serer is being used, significantly reducing a previous threat when both of these system components were used in conjunction with each other (Bradley, 34). The multithreaded environment of Windows NT/XP/7 is now managed through the Virtual Memory manager, a development originally in XP that continues in Windows 7 to alleviate individual program threads from being impersonated or otherwise used to launch attacks to the kernel level of the operating system.
Analysis and Recommendation/Conclusion

Based on the analysis of each operating system's structure, inherent design strengths and weaknesses with regard to security it is apparent that the design criteria for security vary significantly. For the Apple OS X operating system the entry points of QuickTime and JVMs has been well documented in the CERT database. Apple has been relatively fast to respond to these concerns and has yet to define a management framework which makes the operating system secure in heterogeneous integration use. The second operating system evaluated, Linux, has far more security vulnerabilities due to its lack of preemptive memory management and use of actual calls through a virtualization layer from the applications to the kernel. Compounding this is the variation in approach each distribution takes when completing an interpretation of the operating system. All of these factors add up to significant increases in days of risk when a security threat is found.

When all of these factors are taken into account from an operating system design perspective and then the CERT data is analyzed from the standpoint of days of risk exposure, it is clear Microsoft, while has the highest percentage of flaws with high severity also have the highest percentage of flaws fixed. Table 1: CERT Analysis provides an analysis High Severity Flaws based on Forrester Research methodology. The factors contributing to the lower scores for Linux include the lack of efficient collaboration across the open source community, exacerbated by the fact that each of the companies listed in the analysis have slight variations in how they have interpreted the Linux operating system.

TABLE 1: CERT Analysis

Platform

Number of Total Flaws

Number of High-Severity Flaws

(%) of flaws with High Severity

Number of Flaws Fixed

(%) of Flaws Fixed

Microsoft

86

67%

Red Hat (Linux)

56%

99.6%

Apple

65

47

72%

46

97.8%

Debian (Linux)

57%

96.2%

MandrakeSoft (Linux)

60%

99.0%

SUSE (Linux)

63%

97.7%

It is also evident from evaluating this data in the context of the operating system architectures that days of risk, over time, tends to correlate to the level of consistency and modularity of an operating system. Days of risk also are indicative of how effective the cross functional teams can quickly ascertain the root cause of the problem and respond with a patch or an update. Given the fact that Microsoft has the most complex of the operating system architectures, the level of internal coordination and collaboration to fixed fatal flaws shows that xecurity has become a strategic priority inside the company.