Client security architecture features and functionality

The aim of this effort is to review the three different different  client security architectures and then summarize the results and choose the best option for the design and application of the client security architecture.  We are going to review each different security measure towards the Confidentiality, Integrity and Availability elements of security.

Review

Don Poulton and  David Camardella in 2012 discussed the role of the Applocker in Windows and summarized the most important features and each role in the Windows security (Don Poulton, 2014). Richard Petersen explored the use of AppArmor security, including its utilities and configuration (Petersen, 2013). Ittai Anati and other authors have researched about the Intel Software Guard Extensions and «the technology components that allow provisioning of secrets to an enclave (I. Anati, 2013)». All of the mentioned authors have generated useful knowledge for our review.

Discussions

Windows 8/8.1 App Locker: The following security architecture can specify the apps that the users can run, prevent users from running unauthorized executables and also define rules that could be applied in a user or group.  The usage of this security feature could confirm the confidentiality of the information by limiting the users’ rights toward their access. The integrity of information is also ensured because this software defines rules based on files attributes in the digital signature such as the publisher. The availability of information is also secured because it allows users to run application, but only the administrator has the right to install new applications and perform updates. The design from the security’s side becomes easy by using this tool because  the system administrator is still above of all the activities but the users have many access rights as well. The only problem in the security design, is that Microsoft and Windows is the favorite toy for hackers and that is why the administrator has to be careful of new threats.

AppArmor: This software as a Linux product, it is based on an open source philosophy which means that when something goes wrong, it is easy for the administrator to find the problem. The software applies mandatory access control and it is used for servers like Samba and the CUPS print servers. Its open source philosophy confirms the CIA elements of information security, but regarding the client security design, the administrator will need a lot of experience to configure this program because it has to be less vulnerable towards internal attack from users who know to deal with a Linux product.

Intel Software Guard Extensions: These extensions will also contribute in the maintenance of the CIA in Information Security level because it enables the application developers to protect the data from unauthorized access or alteration. The problem with this security method from the client security’s perspective is that this method is vulnerable to botnet attacks because the attacker can create enclaves and apply remote attestation or set public private key encryption based on the SGX.

References

Don Poulton, D. C. (2014). MCSA 70-410 Cert Guide R2: Installing and Configuring Windows Server 2012. London: Pearson IT Certification.
I. Anati, S. G. (2013). Innovative Technology for CPU Based Attestation and Sealing. 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. HASP.
Petersen, R. (2013). AppArmor Security. In R. Petersen, Ubuntu 13.04 Server: Administration and Reference (pp. 164-166). New York: Surfing Turtle Press.

Author: Vasileios Yfantis