Your search keyword '"Mandatory access control"' showing total 414 results

1. Approaches to Enforce Privacy in Databases: Classical to Information Flow-Based Models

Author

Aniket Kuiri, Pratiksha Chaudhary, R. K. Shyamasundar, and Arushi Jaiswal

Subjects

Database, Computer Networks and Communications, Computer science, business.industry, Privacy policy, Covert channel, Access control, computer.software_genre, Security policy, Mandatory access control, Theoretical Computer Science, Differential privacy, Information flow (information theory), Declassification, business, computer, Software, Information Systems

Abstract

Ever since databases became an ubiquitous part of enterprises or businesses, security and privacy became a requirement. Traditionally, privacy was realized through various methods of database access control and relied much on the use of statically defined views, which are essentially logical constructs imposed over database tables that can alter or restrict the data that can be viewed by an user. Privacy is about the responsible maintenance of private information. This responsibility is hard to define, which is why laws are necessary. With a vast accumulation of personal data in databases, there has been a heightened awareness and concern about the storage and use of private information leading to privacy-related guidelines, regulations and legislations, Compliance with these regulations has become one of the major concerns for organizations and companies. Traditionally, privacy in databases (DBs) have been addressed through access control techniques including multi-level security (MLS) based on mandatory access control (MAC), and restricted views to the users. As view definitions to comply with regulations became quite complex for accommodating all the restrictions in one view, explicit constructs for specifying privacy policies were introduced for complying with medical regulations like HIPAA (Health Insurance Portability and Accountability Act) from USA, in relational database systems. These enabled fine grained access control (FGAC) capable of enforcing disclosure control enunciated databases. Application of information flow control that is needed for multi-level security (MLS) databases to preserve privacy among multiple users but have their challenges like new abstractions for managing information flow in a relational database system, handling transactions and integrity constraints without introducing covert channels etc. As the DBs need to work alongside information flow controlled programming languages and operating systems for tracking flows, there is a need to enforce the security policy not only on the DBMS but also on the application platform. Due to the underlying requirement of decentralization, it calls for declassification/endorsement and santization requirements on the DB. In this paper, we shall first review some of the major privacy enhancing techniques used traditionally for DBs including MLS DBs, and then explore application of decentralized information flow control models for realizing information flow secure DBs in a robust manner. Towards the end, we shall also touch upon some of the roles of anonymization and psuedonymization including inference control and differential privacy in realizing privacy in practice.

Published

2021

2. Mitigation of Kernel Memory Corruption Using Multiple Kernel Memory Mechanism

Author

Hiroki Kuzuno and Toshihiro Yamauchi

Subjects

Software_OPERATINGSYSTEMS, Address space layout randomization, Theoretical computer science, General Computer Science, Address space, Computer science, Memory corruption, General Engineering, Security kernel, Mandatory access control, TK1-9971, Memory management, System call, Kernel (statistics), operating system, kernel vulnerability, system security, General Materials Science, Electrical engineering. Electronics. Nuclear engineering

Abstract

Operating systems adopt kernel protection methods (e.g., mandatory access control, kernel address space layout randomization, control flow integrity, and kernel page table isolation) as essential countermeasures to reduce the likelihood of kernel vulnerability attacks. However, kernel memory corruption can still occur via the execution of malicious kernel code at the kernel layer. This is because the vulnerable kernel code and the attack target kernel code or kernel data are located in the same kernel address space. To gain complete control of a host, adversaries focus on kernel code invocations, such as function pointers that rely on the starting points of the kernel protection methods. To mitigate such subversion attacks, this paper presents multiple kernel memory (MKM), which employs an alternative design for kernel address space separation. The MKM mechanism focuses on the isolation granularity of the kernel address space during each execution of the kernel code. MKM provides two kernel address spaces, namely, i) the trampoline kernel address space, which acts as the gateway feature between user and kernel modes and ii) the security kernel address space, which utilizes the localization of the kernel protection methods (i.e., kernel observation). Additionally, MKM achieves the encapsulation of the vulnerable kernel code to prevent access to the kernel code invocations of the separated kernel address space. The evaluation results demonstrated that MKM can protect the kernel code and kernel data from a proof-of-concept kernel vulnerability that could lead to kernel memory corruption. In addition, the performance results of MKM indicate that the system call overhead latency ranges from $0.020~\mu \text{s}$ to $0.5445~\mu \text{s}$ , while the web application benchmark ranges from $196.27~\mu \text{s}$ to 6, $685.73~\mu \text{s}$ for each download access of 100,000 Hypertext Transfer Protocol sessions. MKM attained a 97.65% system benchmark score and a 99.76% kernel compilation time.

Published

2021

3. SLR-SELinux: Enhancing the Security Footstone of SEAndroid with Security Label Randomization

Author

Tan Yusong, Zuo Yudan, Dong Pan, Ding Yan, Wei Lifeng, Zhipeng Li, and Huang Chenlin

Subjects

Technology, Software_OPERATINGSYSTEMS, Article Subject, Exploit, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, Vulnerability, Linux kernel, TK5101-6720, 02 engineering and technology, Security policy, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Android (operating system), 021110 strategic, defence & security studies, Mandatory access control, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Kernel (image processing), Telecommunication, 020201 artificial intelligence & image processing, Privilege escalation, computer, Information Systems

Abstract

The root privilege escalation attack is extremely destructive to the security of the Android system. SEAndroid implements mandatory access control to the system through the SELinux security policy at the kernel mode, making the general root privilege escalation attacks unenforceable. However, malicious attackers can exploit the Linux kernel vulnerability of privilege escalation to modify the SELinux security labels of the process arbitrarily to obtain the desired permissions and undermine system security. Therefore, investigating the protection method of the security labels in the SELinux kernel is urgent. And the impact on the existing security configuration of the system must also be reduced. This paper proposes an optimization scheme of the SELinux mechanism based on security label randomization to solve the aforementioned problem. At the system runtime, the system randomizes the mapping of the security labels inside and outside the kernel to protect the privileged security labels of the system from illegal obtainment and tampering by attackers. This method is transparent to users; therefore, users do not need to modify the existing system security configuration. A tamper-proof detection method of SELinux security label is also proposed to further improve the security of the method. It detects and corrects the malicious tampering behaviors of the security label in the critical process of the system timely. The above methods are implemented in the Linux system, and the effectiveness of security defense is proven through theoretical analysis and experimental verification. Numerous experiments show that the effect of this method on system performance is less than 1%, and the success probability of root privilege escalation attack is less than 10−9.

Published

2020

4. iFlask: Isolate flask security system from dangerous execution environment by using ARM TrustZone

Author

Shaodi You and Diming Zhang

Subjects

Computer Networks and Communications, Computer science, business.industry, Mobile computing, Vulnerability, 020206 networking & telecommunications, Access control, 02 engineering and technology, Enterprise information security architecture, Object manager, Computer security, computer.software_genre, Mandatory access control, Supplicant, Trap (computing), Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Isolation (database systems), business, computer, Software

Abstract

Security is essential in mobile computing. And, therefore, various access control modules have been introduced. However, the complicated mobile runtime environment may directly impact on the integrity of these security modules, or even compels them to make wrong access control decisions. Therefore, for a trusted Flask based security system, it needs to be isolated from the dangerous mobile execution environment at runtime. In this paper, we propose an isolated Flask security architecture called iFlask to solve this problem for the Flask-based mandatory access control (MAC) system. iFlask puts its security server subsystem into the enclave provided by the ARM TrustZone so as to avert the negative impacts of the malicious environment. In the meanwhile, iFlask’s object manager subsystems which run in the mobile system kernel use a built-in supplicant proxy to effectively lookup policy decisions made by the back-end security server residing in the enclave, and to enforce these rules on the system with trustworthy behaviors. Moreover, to protect iFlask’s components which are not protected by the enclave, we not only provide an exception trap mechanism that enables TrustZone to enlarge its protection scope to protect selected memory regions from the malicious system, but also establish a secure communication channel to the enclave as well. The prototype is implemented on SELinux, which is the widely used Flask-based MAC system, and the base of SEAndroid. The experimental results show that SELinux receives reliable protection, because it resists all known vulnerabilities (e.g., CVE-2015-1815) and remains unaffected by the attacks in the test set. The propose architecture have very slight impact on the performance, it shows a performance degradation ranges between 0.53% to 6.49% compared to the naked system.

Published

2020

5. THE FEATURES OF MANDATORY ACCESS CONTROL MODEL IN MODERN UNAUTHORIZED ACCESS DATA PROTECTION TOOLS

Author

S. V. Porshnev and D. V. Kuts

Subjects

Computer science, Data Protection Act 1998, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Computer security, computer.software_genre, computer, Mandatory access control

Abstract

This article describes the features of mandatory access control model in unauthorized ac-cess data protection tools, which can affect its efficiency. Also, some flaws of unauthorized ac-cess data protection tools and possible scenarios of unauthorized access bypassing these tools are analyzed. The countermeasures and methods of its application, eliminating detected flaws are offered. The conclusions about necessarity of analyze of unauthorized access data protec-tion tools policies and revision of its severeness, if it is necessary, were made.

Published

2020

6. A Design of MAC Model Based on the Separation of Duties and Data Coloring: DSDC-MAC

Author

Chee-Yang Song, Soon-Book Lee, Jin-Woo Kim, and Yoohwan Kim

Subjects

Computer Networks and Communications, business.industry, Separation of duties, Computer science, Access control, Computer security, computer.software_genre, Security policy, Security controls, Mandatory access control, Biba Model, Artificial Intelligence, Confidentiality, Security level, business, Database security, computer, Software

Abstract

Among the access control methods for database security, there is Mandatory Access Control (MAC) model in which the security level is set to both the subject and the object to enhance the security control. Legacy MAC models have focused only on one thing, either confidentiality or integrity. Thus, it can cause collisions between security policies in supporting confidentiality and integrity simultaneously. In addition, they do not provide a granular security class policy of subjects and objects in terms of subjects' roles or tasks. In this paper, we present the security policy of Bell_LaPadula Model (BLP) model and Biba model as one complemented policy. In addition, Duties Separation and Data Coloring (DSDC)-MAC model applying new data coloring security method is proposed to enable granular access control from the viewpoint of Segregation of Duty (SoD). The case study demonstrated that the proposed modeling work maintains the practicality through the design of Human Resources management System. The proposed model in this study is suitable for organizations like military forces or intelligence agencies where confidential information should be carefully handled. Furthermore, this model is expected to protect systems against malicious insiders and improve the confidentiality and integrity of data

Published

2020

7. Examining Security for Different Data Models*

Author

Vartika Puri and Shelly Sachdeva

Subjects

Database, Computer science, business.industry, computer.software_genre, Mandatory access control, Data modeling, Entity–attribute–value model, SQL injection, Computer data storage, Relational model, Table (database), Confidentiality, business, computer

Abstract

Efficient data storage and retrieval in many sectors led to the development of various modeling techniques such as relational model, Entity Attribute Value model and dynamic tables. The aim of this study is to classify the standard threats of the database according to the violation of security properties followed by the examination of different data models from their security viewpoint. A system is said to be secure if it follows three basic pillars of security i.e. confidentiality, integrity and availability. The current research analyses the security threats in database according to violation of basic pillars of security with detailed analysis of SQL injection attack for three data modeling techniques, namely relational model, Entity Attribute Value (EAV) model and dynamic tables. It presents a comparison of achieving security parameters by performing various experiments on the database stored in MySQL and proposes techniques for the application of mandatory access control in EAV model and dynamic table. After the rigorous survey and experiments performed, it has been found that EAV model is still not a completely secured model. The data leakage in EAV model is more and the application of security properties is relatively more complex than relational model and dynamic tables. Researches have been conducted in the past on these models but very few of them have discussed the security concerns of EAV model and dynamic tables. This paper tries to compare various data models based on security concerns and highlights the security issues in EAV model.

Published

2021

8. A service-based RBAC & MAC approach incorporated into the FHIR standard

Author

Mohammed S. Baihan, Yaira K. Rivera Sánchez, and Steven A. Demurjian

Subjects

lcsh:T58.5-58.64, lcsh:Information technology, Computer Networks and Communications, Computer science, business.industry, Health information technology, 020206 networking & telecommunications, Access control, Health information exchange, Cloud computing, 02 engineering and technology, Mandatory access control, World Wide Web, 020210 optoelectronics & photonics, Hardware and Architecture, Data exchange, 0202 electrical engineering, electronic engineering, information engineering, Role-based access control, business, mHealth

Abstract

Health Information Exchange (HIE) provides a more complete health record with the aim to improve patient care with relevant data gathered from multiple Health Information Technology (HIT) systems. In support of HIE, the Health Level Seven (HL7) XML standard was developed to manage, exchange, integrate, and retrieve electronic health information. In 2011, the Fast Healthcare Interoperable Resources (FHIR) standard, based on HL7, was proposed to facilitate the development of mobile Health (mHealth) apps with HIT data sharing via a common modeling format. FHIR utilizes RESTful APIs enabled with a FHIR server for information usage and exchange in the cloud. FHIR has a security specification, but does not define actual security mechanisms for secure data exchange via service invocations. If services are the primary means of access, there must be a way to control who can invoke which service at which time. This paper proposes the use of Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) to define permissions based on role and/or the sensitivity level of services. This is accomplished by evolving RBAC and MAC to support permissions on services (as opposed to the usual object view) at a model level applied to a setting where a mobile application is using RESTful APIs. The resulting service-based model is incorporated into the FHIR standard to control the access of who can invoke which services of FHIR RESTful APIs that manage the sensitive healthcare data; work is demonstrated via an mHealth application that interacts with the OpenEMR HIT system via the HAPI FHIR server. Keywords: Access control, FHIR, Healthcare systems, MAC, Mobile applications, RBAC

Published

2019

9. Domain Isolation in FPGA-Accelerated Cloud and Data Center Applications

Author

Christophe Bobda, Joel Mandebi Mbongue, and Sujan Kumar Saha

Subjects

business.industry, Computer science, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Virtualization, computer.software_genre, Security policy, Mandatory access control, Software, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Hardware acceleration, 020201 artificial intelligence & image processing, Data center, business, Software architecture, computer

Abstract

Cloud and data center applications increasingly leverage FPGAs because of their performance/watt benefits and flexibility advantages over traditional processing cores such as CPUs and GPUs. As the rising demand for hardware acceleration gradually leads to FPGA multi-tenancy in the cloud, there are rising concerns about the security challenges posed by FPGA virtualization. Exposing space-shared FPGAs to multiple cloud tenants may compromise the confidentiality, integrity, and availability of FPGA-accelerated applications. In this work, we present a hardware/software architecture for domain isolation in FPGA-accelerated clouds and data centers with a focus on software-based attacks aiming at unauthorized access and information leakage. Our proposed architecture implements Mandatory Access Control security policies from software down to the hardware accelerators on FPGA. Our experiments demonstrate that the proposed architecture protects against such attacks with minimal area and communication overhead.

Published

2021

10. The Concept of Allocating Access Rights to Virtual Memory Area in Linux-based Operating Systems

Author

Liliya Galimzyanova, Sergey V. Porshnev, and Roman Gilmiyarov

Subjects

business.industry, Computer science, Process (computing), Access control, Permission, computer.software_genre, Object (computer science), Security controls, Mandatory access control, Memory management, Virtual memory, Operating system, business, computer

Abstract

The paper presents the concept of a model for managing access to virtual memory in a Linux-based operating system (OS). The concept is developed based on the analysis of approaches to memory management in the Linux-based OS. The model of process access control to virtual memory areas is justified and is based on the consideration of the process as the subject of access, and the area of virtual memory used by this process as the object of access (accordingly, the virtual memory of the process is a set of virtual memory areas). To implement this model in practice, it is proposed to use the permission flags of virtual memory areas. The proposed model can be an addition to the mandatory entity-role model of access and information flows security control in Linux-based OS or other standard models, where the subject is a user or process, and the object is a file.

Published

2021

11. SEPAL: Towards a Large-scale Analysis of SEAndroid Policy Customization

Author

Guozhu Meng, Guangliang Yang, Wei Zou, Xiaorui Gong, Yue Jiang, Kai Chen, Xiaoyu Wang, Xiaobo Xiang, Wenchang Shi, Dongsong Yu, Xiu Zhang, and Wenke Lee

Subjects

FOS: Computer and information sciences, 021110 strategic, defence & security studies, Computer Science - Cryptography and Security, Computer science, Firmware, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, Security policy, Mandatory access control, Task (project management), Personalization, Software Engineering (cs.SE), Computer Science - Software Engineering, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Android (operating system), Cryptography and Security (cs.CR), computer, Mobile device

Abstract

To investigate the status quo of SEAndroid policy customization, we propose SEPAL, a universal tool to automatically retrieve and examine the customized policy rules. SEPAL applies the NLP technique and employs and trains a wide&deep model to quickly and precisely predict whether one rule is unregulated or not.Our evaluation shows SEPAL is effective, practical and scalable. We verify SEPAL outperforms the state of the art approach (i.e., EASEAndroid) by 15% accuracy rate on average. In our experiments, SEPAL successfully identifies 7,111 unregulated policy rules with a low false positive rate from 595,236 customized rules (extracted from 774 Android firmware images of 72 manufacturers). We further discover the policy customization problem is getting worse in newer Android versions (e.g., around 8% for Android 7 and nearly 20% for Android 9), even though more and more efforts are made. Then, we conduct a deep study and discuss why the unregulated rules are introduced and how they can compromise user devices. Last, we report some unregulated rules to seven vendors and so far four of them confirm our findings., 12 pages, 9 figures, accepted by WWW'21

Published

2021

12. FPGA Accelerated Embedded System Security Through Hardware Isolation

Author

Christophe Bobda and Sujan Kumar Saha

Subjects

021110 strategic, defence & security studies, Authentication, business.industry, Computer science, 020208 electrical & electronic engineering, Overhead (engineering), 0211 other engineering and technologies, 02 engineering and technology, Mandatory access control, Information sensitivity, Software, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, System on a chip, Isolation (database systems), business, Field-programmable gate array, Computer hardware

Abstract

Modern embedded systems include on-chip FPGA along with processors to meet the high computation demand by providing flexibility to users to add custom hardware accelerators. Any confidential or sensitive information may be processed by those custom accelerators or hardware Intellectual Properties (IPs). Existing accelerator usage models in embedded systems do not prevent illegal access to the IPs, which can be a severe security breach. In this paper, we present a hardware-software co-design approach for secured FPGA accelerated embedded system design. Our proposed security framework inherits Mandatory Access Control (MAC) based authentication policies running at software down to hardware accelerators in FPGA. It ensures secured processing of confidential data in the hardware to prevent software originated attacks at hardware IPs and information leaks. We have implemented a prototype of our proposed framework, which shows that it can be easily integrated while designing an embedded system with custom accelerator IPs. The experimental results show that the proposed framework establishes secured hardware execution with a negligible amount of area and performance overhead.

Published

2020

13. AppArmor For Health Data Access Control: Assessing Risks and Benefits

Author

Thibaud Ecarot, Jean-François Ethier, Luc Lavoie, Samuel Dussault, and Ameni Souid

Subjects

021110 strategic, defence & security studies, Information privacy, Computer science, business.industry, 0211 other engineering and technologies, 020206 networking & telecommunications, Access control, Static program analysis, 02 engineering and technology, Computer security, computer.software_genre, Mandatory access control, Application security, 0202 electrical engineering, electronic engineering, information engineering, Confidentiality, Isolation (database systems), business, Enforcement, computer

Abstract

The AppArmor Linux Security Module (LSM) is widely used on Linux operating systems as it, among other things, provides mandatory access control (MAC) and isolates processes. This isolation helps meet the privacy requirements for critical applications. These application security policies are defined with profiles loaded into the Linux system kernel. However, these access control mechanisms are far from covering all the rising demands for confidentiality enforcement regarding critical applications. This paper conducts a risks and benefits analysis to assess whether a healthcare infrastructure can safely rely on the AppArmor LSM to protect its sensitive data. Thus, the general architecture of AppAmor comes to be detailed. Then, a static code analysis is performed to study the data structures found in the LSM. Finally, the outbreak of would-be side-channel attacks from userspace is discussed while offering mitigation methods. The result of this analysis shows that the AppArmor LSM is susceptible to side-channel attacks and should be used as part of a more comprehensive defense-in-depth strategy.

Published

2020

14. CONVERSION OF DOMAIN TYPE ENFORCEMENT LANGUAGE TO THE JAVA SECURITY MANAGER

Author

James Walker

Subjects

Java, Real time Java, Computer science, Workaround, Multitude, Compiler, computer.software_genre, Computer security, Enforcement, computer, Java security, Mandatory access control, computer.programming_language

Abstract

With today's prevalence of Internet-connected systems storing sensitive data and the omnipresent threat of technically skilled malicious users, computer security remains a critically important field. Because of today's multitude of vulnerable systems and security threats, it is vital that computer science students be taught techniques for programming secure systems, especially since many of them will work on systems with sensitive data after graduation. Teaching computer science students proper design, implementation, and maintenance of secure systems is a challenging task that calls for the use of novel pedagogical tools. This report describes the implementation of a compiler that converts mandatory access control specification Domain-Type Enforcement Language to the Java Security Manager, primarily for pedagogical purposes. The implementation of the Java Security Manager was explored in depth, and various techniques to work around its inherent limitations were explored and partially implemented, although some of these workarounds do not appear in the current version of the compiler because they would have compromised cross-platform compatibility. The current version of the compiler and implementation details of the Java Security Manager are discussed in depth.

Published

2020

15. Ways of Unauthorized Access to Medical Data and Approach to Organize Secure Access using Blockchain Technology

Author

Taras Maksymiv and Roman Chaplinskyi

Subjects

Password, Authentication, business.industry, Computer science, media_common.quotation_subject, Cryptography, Information security, Encryption, Computer security, computer.software_genre, Mandatory access control, Secrecy, business, Function (engineering), computer, media_common

Abstract

The introduction of digital technologies into medical institutions promises great prospects, allowing of improving the quality of treatment and radically changing the approach to early diagnosis of dangerous diseases. However, this progress has a dangerous side effect - the risk of information security. The system of differentiation of access in many systems of medical establishments is not reliable due to the lack of active ways of cryptographic protection of information. In addition, most systems do not provide mandatory access control, and accordingly do not allow you to differentiate computer resources by secrecy and category. In some cases, it is not possible to set passwords to access some of the most important computer resources. Cryptographic protection is the basis for protecting information from theft. The disadvantage of modern diagnostic center systems is the high speed of cryptographic transformations, which forces users to abandon the encryption function.

Published

2020

16. Developing and Assessing an Educational Game for Teaching Access Control

Author

Xiaohong Yuan, Patrickson Weanquoi, Jinsheng Xu, Elva J. Jones, and Jinghua Zhang

Subjects

Multimedia, Video game development, business.industry, Computer science, ComputingMilieux_PERSONALCOMPUTING, Access control, computer.software_genre, Adventure, Mandatory access control, Discretionary access control, Information sensitivity, Game design, business, computer, Access control list

Abstract

The protection of sensitive information in computer systems and networks from malicious manipulation is critical. As a key component in cybersecurity, access control is used to mitigate malicious access to sensitive information. To help students master the access control concepts, we developed a 2D educational game titled "Temple of Treasures" that aims to teach Discretionary Access Control (DAC), Access Control List (ACL) and Mandatory Access Control (MAC) in Unix/Linux Systems via a fun and interactive environment. The Unity3D game engine is used for game development and the game can be deployed to multiple platforms such as Windows, macOS, and web. Player information and in-game assessment data are saved on the cloud through GameSparks for analysis. The game story is centered around a group of adventurers in search of gold. The player is stuck in a temple and has to explore the temple for escape routes. The game has three levels, where level one focuses on DAC, level two focuses on ACL and the last level is for MAC. The player has to explore the temple and gain knowledge on targeted concepts to unlock the gate to the next level. Three in-game assessments have been implemented to provide immediate feedback for students. The UI Accessibility Plugin (UAP) is used to make the game accessible to visually impaired players. To scientifically measure the effectiveness of the game, we developed pre-test, post-test, survey, and focus group protocols. The game has been used in the Operating Systems class as a homework assignment at North Carolina A&T State University in spring 2020. This poster will present the game design and development process, the detailed evaluation plan, and our initial classroom experience. This portable and self-contained game will make it easy to share with other faculty engaged in cyber security teaching and research.

Published

2020

17. Covert Channels of Data Communication

Author

Pavel Ivanov, Elena Dymova, and Valentin Baklanov

Subjects

Software_OPERATINGSYSTEMS, Computer science, business.industry, Covert channel, Access control, Linux kernel, Data_CODINGANDINFORMATIONTHEORY, Computer security, computer.software_genre, Security policy, Login, Mandatory access control, Covert, Secrecy, business, computer

Abstract

The article is dedicated to covert channels of data communication in the protected operating system based on the Linux kernel with mandatory access control. The channel which is not intended by developers violates security policy and can lead to disclosure of confidential information. In this paper the covert storage channels are considered. Authors show opportunities to violate the secrecy policy in the protected operating system based on the Linux kernel experimentally. The first scenario uses time stamps of the last access to the files (“atime” stamp), the second scenario uses unreliable mechanism of the automatic login to the user session with another level of secrecy. Then, there are some recommendations to prevent these violations. The goal of this work is to analyze the methods of using covert channels, both previously known and new. The result of the article is recommendations allowing to eliminate security threats which can be embodied through covert channels.

Published

2020

18. Reflection on Building Hybrid Access Control by Configuring RBAC and MAC Features

Author

Dae-Kyoo Kim, Lunjin Lu, and Hua Ming

Subjects

Reflection (computer programming), business.industry, Computer science, Authorization, Access control, Mandatory access control, World Wide Web, Unified Modeling Language, Role-based access control, Feature modeling, State (computer science), business, computer, computer.programming_language

Abstract

This paper reflects on the paper titled Building Hybrid Access Control by Configuring RBAC and MAC Features which was published in Information and System Technology, 2014. The publication presents an approach for building a hybrid access control model of Role-Based Access Control and Mandatory Access Control by defining and configuring them in terms of features. The publication has been cited three times, which shows limited impact. We review the citing papers as to how the publication is cited and discuss possible reasons for the limited impact. We also discuss its position in the current state of the arts since the publication. Then, we describe an ongoing effort for a new approach to address the weaknesses of the publication with expected impact.

Published

2020

19. Privaros: A Framework for Privacy-Compliant Delivery Drones

Author

Rakesh Rajan Beck, Vinod Ganapathy, and Abhishek Vijeev

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer science, Operating Systems (cs.OS), Privacy policy, 020207 software engineering, 02 engineering and technology, Trusted Computing, Computer security, computer.software_genre, Drone, Mandatory access control, Computer Science - Operating Systems, Core (game theory), Power consumption, 020204 information systems, Middleware, 0202 electrical engineering, electronic engineering, information engineering, Host (network), computer, Cryptography and Security (cs.CR)

Abstract

We present Privaros, a framework to enforce privacy policies on drones. Privaros is designed for commercial delivery drones, such as the ones that will likely be used by Amazon Prime Air. Such drones visit a number of host airspaces, each of which may have different privacy requirements. Privaros provides an information flow control framework to enforce the policies of these hosts on the guest delivery drones. The mechanisms in Privaros are built on top of ROS, a middleware popular in many drone platforms. This paper presents the design and implementation of these mechanisms, describes how policies are specified, and shows that Privaros's policy specification can be integrated with India's Digital Sky portal. Our evaluation shows that a drone running Privaros can robustly enforce various privacy policies specified by hosts, and that its core mechanisms only marginally increase communication latency and power consumption.

Published

2020

20. An Adaptation of Context and Trust Aware Workflow Oriented Access Control for Remote Healthcare

Author

Tapalina Bhattasali, Nabendu Chaki, Khalid Saeed, and Rituparna Chaki

Subjects

Process management, Computer Networks and Communications, business.industry, Computer science, 020207 software engineering, Context (language use), Access control, 02 engineering and technology, Computer Graphics and Computer-Aided Design, Mandatory access control, Discretionary access control, Workflow, Artificial Intelligence, Remote healthcare, 0202 electrical engineering, electronic engineering, information engineering, Role-based access control, 020201 artificial intelligence & image processing, business, Adaptation (computer science), Software

Abstract

Traditional discretionary access control (DAC) or mandatory access control (MAC) is not quite effective for remote environment. General role-based access control (RBAC) also has its limitations to control access for applications like remote healthcare due to its static nature. Design of effective access control model is indeed a big challenge for such applications. Fine-grained access control logic capable of adapting changes based on run-time information needs to be considered to meet the requirements of remote healthcare scenarios. In this work, an adaptive access control model is proposed keeping in compliance with state–of-the-art scenario towards ensuring quality of context and trust relationship between owners and users. It focuses on inter-component relationship, where phases are executed either in online or in offline mode to avoid performance bottleneck. Adaptive binding is integrated with application specific workflows. Workflow net models for different scenarios of medical kiosk-based rural healthcare are analyzed to validate proposed access control logic at design time that can reduce the possibility of major faults at run time. Our proposed work supports formal analysis and verification using Workflow Petri Net Designer (WoPeD) tool. Comparative analysis shows how proposed access control model advances the state of art.

Published

2018

21. Active Defense Technology of Power Monitoring System With Adaptive Features

Author

Qi Longyun, Liu Wei, Yao Yiyang, Xiaoliang Lv, Baohua Zhao, and Weiyong Yang

Subjects

Master station, General Computer Science, Power station, Computer science, active defense, Access control, 02 engineering and technology, Computer security, computer.software_genre, Electric power system, Intelligent agent, Immune system, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, operating system ontology security, Hacker, Power monitoring system, business.industry, 020208 electrical & electronic engineering, security immunity, General Engineering, 020207 software engineering, Computer security model, Mandatory access control, Trojan, International security, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, lcsh:TK1-9971, computer

Abstract

Internet of Things has found a lot of applications in power systems. However, with the increased the sensing, networking, and control capabilities, the security issues have become even more urgent at the same time. In this paper, a TMAC model based on trusted mandatory access control is proposed by studying the security situation of a power monitoring system. The model has self-learning characteristic and can realize the automatic escalation of the global security strategy based on intelligent agent, so as to build the safe immune ability and active defense system for the power monitoring. This paper introduces the key technology of the TMAC security model, formalizes some of the work, and finally tests its credibility and effectiveness for the typical application scenario of the power monitoring system. Through the study of this technology, the power monitoring system is further equipped with an immune ability against virus Trojan and hacker attacks, especially for application scenarios, such as substation, power plant, and master station.

Published

2018

22. Taming the Costs of Trustworthy Provenance through Policy Reduction

Author

Adam Bates, Kevin R. B. Butler, Dave (Jing) Tian, Thomas Moyer, Trent Jaeger, and Grant Hernandez

Subjects

Provenance, Computer Networks and Communications, business.industry, Computer science, Tracking system, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Mandatory access control, Metadata, Trusted computing base, 020204 information systems, Obstacle, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Perpetuity, business, computer

Abstract

Provenance is an increasingly important tool for understanding and even actively preventing system intrusion, but the excessive storage burden imposed by automatic provenance collection threatens to undermine its value in practice. This situation is made worse by the fact that the majority of this metadata is unlikely to be of interest to an administrator, instead describing system noise or other background activities that are not germane to the forensic investigation. To date, storing data provenance in perpetuity was a necessary concession in even the most advanced provenance tracking systems in order to ensure the completeness of the provenance record for future analyses. In this work, we overcome this obstacle by proposing a policy-based approach to provenance filtering , leveraging the confinement properties provided by Mandatory Access Control (MAC) systems in order to identify and isolate subdomains of system activity for which to collect provenance. We introduce the notion of minimal completeness for provenance graphs, and design and implement a system that provides this property by exclusively collecting provenance for the trusted computing base of a target application. In evaluation, we discover that, while the efficacy of our approach is domain dependent, storage costs can be reduced by as much as 89% in critical scenarios such as provenance tracking in cloud computing data centers. To the best of our knowledge, this is the first policy-based provenance monitor to appear in the literature.

Published

2017

23. Hails: Protecting data privacy in untrusted web applications

Author

John C. Mitchell, David Mazières, Amit Levy, David Terei, Daniel B. Giffin, Deian Stefan, and Alejandro Russo

Subjects

Flexibility (engineering), Information privacy, Computer Networks and Communications, business.industry, Computer science, Privacy policy, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, Mandatory access control, World Wide Web, Data access, Hardware and Architecture, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), Web application, Haskell, Safety, Risk, Reliability and Quality, business, computer, Software, computer.programming_language

Abstract

Many modern web-platforms are no longer written by a single entity, such as a company or individual, but consist of a trusted core that can be extended by untrusted third-party authors. Examples of this approach include Facebook, Yammer, and Salesforce. Unfortunately, users running third-party "apps" have little control over what the apps can do with their private data. Today's platforms offer only ad hoc constraints on app behavior, leaving users an unfortunate trade-off between convenience and privacy. A principled approach to code confinement could allow the integration of untrusted code while enforcing flexible, end-to-end policies on data access. This paper presents a new framework, Hails, for building web platforms, that adds mandatory access control and a declarative policy language to the familiar MVC architecture. We demonstrate the flexibility of Hails by building several platforms, including GitStar, a code-hosting website that enforces robust privacy policies on user data even while allowing untrusted apps to deliver extended features to users.

Published

2017

24. vmOS: A virtualization-based, secure desktop system

Author

Hongliang Liang, Xiaoxiao Pei, Wenying Hu, Xiaodong Jia, Mingyu Li, Jian Xu, and Yan Song

Subjects

General Computer Science, Exploit, Computer science, business.industry, Hardware virtualization, 020207 software engineering, 02 engineering and technology, Attack surface, Virtualization, computer.software_genre, Application software, Mandatory access control, VMOS, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Operating system, 020201 artificial intelligence & image processing, business, Law, computer, Vulnerability (computing)

Abstract

Centralized management is typically applied in modern operating system (OS) architecture; however, such systems are prone to crash when any certain component of the OS is explicitly damaged. The basic reason is that these OSes can rarely support a thoroughly secure or isolated environment either between OS kernel-mode components or between user-mode softwares. To mitigate this issue, we propose vmOS, an operating system that aims at improving the security of desktop computing environment. vmOS applies isolation technique to reduce attack surface, virtualization and mandatory access control to provide isolated environment among system components, application software and user privacy. We implement vmOS by adopting hardware-supported virtualization technology and modifying several well-known open source softwares, which aim to provide run-time efficiency of integrated system. Finally, we evaluate the security and performance by some vulnerability exploits and benchmark tools, showing that vmOS is capable of assuring the overall security of users' desktop computing with less overhead.

Published

2017

25. AndroidBLP for Confidentiality Management in Android Environments

Author

Sandra Rueda and Jorge Luis Corchuelo

Subjects

User information, Engineering, General Computer Science, business.industry, Internet privacy, Bring your own device, Access control, Computer security, computer.software_genre, Mandatory access control, Information leakage, Confidentiality, Electrical and Electronic Engineering, Android (operating system), business, Personally identifiable information, computer

Abstract

Users employ smartphones and tablets to manage and store personal information as well as corporate information. However, storing different types of information in the same device may lead to information leakage. Users need tools to define different confidentiality requirements over their data, and to enforce different access policies according to those requirements. Android is the most used mobile operating system, and although it implements various mechanisms to protect user information, it does not have any tool to meet the mentioned needs. This paper presents AndroidBLP, a tool based on the Bell-LaPadula confidentiality model that implements a predefined mandatory access control policy, enables users to define confidentiality requirements, and enforces a confidentiality policy based on those requirements.

Published

2017

26. Current Research and Open Problems in Attribute-Based Access Control

Author

Sylvia L. Osborn and Daniel Servos

Subjects

General Computer Science, Delegation, business.industry, Computer science, media_common.quotation_subject, 020206 networking & telecommunications, Access control, 02 engineering and technology, Computer security, computer.software_genre, Data science, Mandatory access control, Theoretical Computer Science, Discretionary access control, Taxonomy (general), Scale (social sciences), Scalability, 0202 electrical engineering, electronic engineering, information engineering, Role-based access control, 020201 artificial intelligence & image processing, business, computer, media_common

Abstract

Attribute-based access control (ABAC) is a promising alternative to traditional models of access control (i.e., discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC)) that is drawing attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large scale adoption is still in its infancy. The relatively recent emergence of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, and the like, have been largely ignored or left to future work. This article provides a basic introduction to ABAC and a comprehensive review of recent research efforts toward developing formal models of ABAC. A taxonomy of ABAC research is presented and used to categorize and evaluate surveyed articles. Open problems are identified based on the shortcomings of the reviewed works and potential solutions discussed.

Published

2017

27. Implementation of Mandatory Access Control in Distributed Systems

Author

Sergey V. Belim and S. Yu. Belim

Subjects

Scheme (programming language), 021110 strategic, defence & security studies, Hierarchy, Computer science, business.industry, Distributed computing, 0211 other engineering and technologies, Key distribution, Access control, 02 engineering and technology, Mandatory access control, Control and Systems Engineering, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Family of sets, business, computer, Software, computer.programming_language

Abstract

The implementation of mandatory distribution of access in distributed systems taking into account a user hierarchy is considered. The access control is based on the scheme of preliminary key distribution similar to KDP-scheme. The algorithm of building a family of subsets taking into account a user hierarchy was developed.

Published

2018

28. An E-ABAC-Based SDN Access Control Method

Author

Wanzhong Sun, Tingting Wang, Yingjie Yang, and Dexian Chang

Subjects

business.industry, Computer science, Process (computing), Response time, Particle swarm optimization, 020206 networking & telecommunications, Access control, 02 engineering and technology, Mandatory access control, Data flow diagram, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Confidentiality, Motion planning, business, Computer network

Abstract

In order to solve the problem of resource security access control in SDN (Software Define Network), the idea of mandatory access control is introduced, and E-ABAC (Extended Attributes Based Access Control) model based on security level is designed to realize confidentiality and integrity in the access process. SDN switch security level is regarded as the attribute of access control environment, and a secure path planning method based on PSO (Particle Swarm Optimization) algorithm is designed to ensure the security of access data flow. The experimental results show that the proposed method can implement fine-grained mandatory access control in SDN, and has little effect on the response time of concurrent requests.

Published

2019

29. Towards Integrating Attribute-Based Access Control into Ontologies

Author

Besik Dundua and Mikheil Rukhaia

Subjects

Discretionary access control, World Wide Web, Focus (computing), business.industry, Computer science, Role-based access control, Access control, Ontology language, Ontology (information science), business, Semantic Web, Mandatory access control

Abstract

Access control is a security technique that specifies which users can access particular resources in a computing environment. Over the years, numerous access control models have been developed to address various aspects of computer security. In this paper, we focus on a modern approach, attribute-based access control (ABAC), which has been proposed in order to overcome limitations of traditional models: discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC). The work on integrating access control mechanisms in semantic web technologies is developing into two directions: (1) to use semantic web technologies for modeling and analyzing access control policies and (2) to protect knowledge encoded in an ontology. In this paper we focus on the first issue and investigate how ABAC can be integrated into ontology languages.

Published

2019

30. A Light-weight Kernel-level Mandatory Access Control Framework for Android

Author

Ziang Lu, Wei Lin, Fei Wu, Chen Kuosong, and Fucai Luo

Subjects

business.industry, Computer science, Kernel level, Access control, Verifiable secret sharing, Mobile telephony, Electric power industry, Android (operating system), business, Security policy, Mandatory access control, Computer network

Abstract

With the rapid development of mobile communication technology and mobile Internet technology, mobile terminals are becoming more and more irreplaceable in people's life and work. In the present power industry, Android-based smart mobile terminals are widely used to carry out various kinds of operations. Compared with traditional desktop computers, smart mobile terminals provide users with convenience and are more vulnerable to attack and control. Considering the security protection of the core layer of smart mobile terminal, this paper designs an Android lightweight kernel layer mandatory access control framework, deeply analyses and discusses the necessity of terminal kernel layer security protection, proposes a verifiable lightweight kernel layer access control model, and formalizes the model. This paper describes and uses FVT method to discuss security policy conflict detection technology. Finally, the availability and shortcomings of the model on three typical smart mobile terminals are verified by experiments.

Published

2019

31. Research of Access Control System Based on Attribute Encryption Technology that Suitable for Dispatching and Control Cloud

Author

Liang Ye, Zhai Haibao, Zhaoqiang Ge, Jin Haochun, Jing Wang, Zhang Liang, and Ge Minhui

Subjects

Revocation, business.industry, Computer science, 020207 software engineering, Access control, Cloud computing, 02 engineering and technology, Virtualization, computer.software_genre, Encryption, Mandatory access control, Data modeling, Shared resource, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Computer network

Abstract

The dispatching and control cloud (referred to as dCloud) with virtualization technology, which has the characteristics of resource sharing and dynamic deployment, leads to serious challenges for the security protection system of the current power monitoring system. The mandatory access control model selected by the security protection system is not suitable for the situation that user data hosted in the cloud. This paper studies the attribute-based encryption technology, and proposes an optimization method that uses the characteristics of the dCloud itself, to improve encryption efficiency and attribute revocation, and then implements an access control system based on attribute encryption model which suitable for dCloud. The experimental results show that the access control system designed in this paper solves the security problems introduced by super-privilege and resource sharing in the dCloud, which can effectively protect the user data and enhance the security to dCloud.

Published

2019

32. From Access Control Models to Access Control Metamodels: A Survey

Author

Nadine Kashmar, Mirna Atieh, and Mehdi Adda

Subjects

Discretionary access control, Computer science, business.industry, Distributed computing, Data integrity, Role-based access control, Information technology, Access control, business, Mandatory access control, Abstraction (linguistics), Metamodeling

Abstract

Access control (AC) is a computer security requirement used to control, in a computing environment, what the user can access, when and how. Policy administration is an essential feature of an AC system. As the number of computers are in hundreds of millions, and due to the different organization requirements, applications and needs, various AC models are presented in literature, such as: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role Based Access Control (RBAC), etc. These models are used to implement organizational policies that prevent the unauthorized disclosure of sensitive data, protecting the data integrity, and enabling secure access and sharing of information. Each AC model has its own methods for making AC decisions and policy enforcement. However, due to the diversity of AC models and the various concerns and restrictions, its essential to find AC metamodels with higher level of abstraction. Access control metamodels serve as a unifying framework for specifying any AC policy and should ease the migration from an AC model to another. This study reviews existing works on metamodels descriptions and representations. But, are the presented metamodels sufficient to handle the needed target of controlling access especially in the presence of the current information technologies? Do they encompass all features of other AC models? In this paper we are presenting a survey on AC metamodels.

Published

2019

33. Arbiter: a lightweight, secured and enhanced access control mechanism for cloud computing

Author

Khalid Almarhabi

Subjects

business.industry, Computer science, Cost effectiveness, Information technology, Arbiter, Access control, Cloud computing, 02 engineering and technology, 010402 general chemistry, Trusted system, Computer security, computer.software_genre, 01 natural sciences, Mandatory access control, 0104 chemical sciences, Server, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer

Abstract

The demand for Cloud computing has been increasing for the past few years due to its significance in the IT industry, cost effectiveness and on demand services. To benefit from this technology, access control mechanism need to be applied to restrict the access to legitimate users and prevent the system from unauthorized access whether coming from people or malicious programs. The increase in the number of unauthorized access recently required more work to reduce it. The main problem is that most of the cloud access control is already built based on weak access control mechanism comparing to other mechanisms. In addition to this weakness, the process of changing it to trust mechanism is complex, expensive and takes a great deal of decision-making. This paper investigates the status of existing access control mechanism in the cloud and provides lightweight, secured, and a new approach based on Mandatory Access Control (MAC) mechanism called Arbiter. The proposed architecture aims to reduce the cost and effort of change the entire operating system to meet the requirement of a trusted system. This paper uses design science methodology to design a technical tool for those who are involved in planning, designing and managing access control in the cloud.

Published

2019

34. Lightweight Information Flow

Author

Hanne Riis Nielson and Flemming Nielson

Subjects

Lattice (module), Computer science, Confidentiality, Information flow (information theory), Type (model theory), Security policy, Computer security, computer.software_genre, computer, Mandatory access control

Abstract

We develop a type system for identifying the information flow between variables in a program in the Guarded Commands language. First we characterise the types of information flow that may arise between variables in a non-deterministic program: explicit, implicit, bypassing, correlated or sanitised. Next we allow to specify security policies in a number of traditional ways based on mandatory access control: defining a security lattice, working with components or decentralised labels, both as pertains to confidentiality and integrity. Offending information flows are those identified by the type system and that violate the security policy; a program is sufficiently secure if it contains only acceptable information flows.

Published

2019

35. Effective Security and Access Control Framework for Multilevel Organizations

Author

Ei Ei Moe and Mie Mie Su Thwin

Subjects

Computer science, business.industry, Data security, Access control, Computer security, computer.software_genre, Security controls, Mandatory access control, Discretionary access control, Need to know, Role-based access control, Multilevel security, business, computer

Abstract

In many organizations, it is vital to protect sensitive and confidential data in today’s digital world. For this case such information is made as an open database system; businesses can face legal or financial ramifications. According to the various nature and structures of the organizations, they may not have the same defense and interrelated communities which consist of military services, bank, and other intelligence organizations. All kinds of organizations must set policies to systematically and consistently categorize their data security from theft and threats. There are many types of access control mechanisms depending on the nature of organization such as mandatory access control (MAC), role-based access control (RBAC), and discretionary access control (DAC). This proposed framework focuses on the common threats that can face in the multilevel organizations, the security mechanisms to be considered, and how to secure a database. Multilevel security system allows users with different clearance levels, authorization, and need to know ability to process information in the same system. Moreover, the technical security controls such as user authentication, file access authorization, data encryption, and privacy controls for each user are applied for this framework. The proposed system will present the implementation of effective security framework for multilevel organizations using Strict Integrity Policy by labeling clearances levels to system’s users and classification levels to system’s stored data.

Published

2019

36. A Solution to 'Confused Deputy' Problem Using RWFM Labels

Author

R. K. Shyamasundar and Sandip Ghosal

Subjects

Confused deputy problem, Computer science, Process (engineering), business.industry, Access control, Reference monitor, Computer security model, Object (computer science), Computer security, computer.software_genre, Mandatory access control, Confidentiality, business, computer

Abstract

A client-server architecture mapped to a multi-level security (MLS) system maintain independent access restrictions for various system resources. Traditional access control mechanisms e.g., discretionary access matrix often lead to indirect access, therefore are incapable to enforce confidentiality and integrity at process-level. The confused deputy problem is well known in this regard where an unauthorized process may influence an authorized process to manipulate a protected object. In this paper, we propose a solution to confused deputy problem using a recently proposed novel mandatory access control (MAC) based security model RWFM. We demonstrate our approach through a reference monitor that adapts the proposed solution while performing process-level security check, and prevents indirect access to isolated sensitive objects. Further, we compare our solution with the existing literature towards the end of this paper.

Published

2019

37. Real-time Mandatory Access Control on SELinux for Internet of Things

Author

Cheol-Hoon Lee, Sang-Gil Lee, and Jae-Yong Ko

Subjects

Computer science, Home automation, business.industry, Access control, business, Internet of Things, Computer security, computer.software_genre, Private information retrieval, computer, Mandatory access control

Abstract

IoT devices such as an IoT smart home Server require the real-time processing and SELinux to ensure periodicity through fast response and protect private information using fine-grained access control. However, these two technologies have a conflict of interest regarding time management. SELinux has a latency due to the fine-grained access control, and the real-time process must reduce latency to ensure a periodicity. The alternative is real-time mandatory access control. Proposed Real-time Mandatory Access Control in this paper reduces the overhead of SELinux and secure the periodicity of the real-time process.

Published

2019

38. Kepatuhan Functional Requrements Hak Akses pada Electronic Records Management System Arteri

Author

Achmad Fachmi and Nina Mayesti

Subjects

Database, business.industry, Computer science, Records management, Access control, Functional requirement, computer.software_genre, Mandatory access control, Electronic records, Management system, Literature study, business, computer, Security system

Abstract

This Research discusses the compliance of the Electronic Records Management System (ERMS) on the Principles and Functional Requirements for Records in Electronic office environments (ICA-REQ) Module Two related to access control functions in one of the main categories is maintain. One of the ERMS management records, namely Arsip Elektronik Terintegrasi (Arteri ) is based on open-source. Arteri is the ERMS for managing web-based electronic records to facilitate records management. Therefore, this research aims to determine whether the arteries meet the ERMS standard on the ICA-REQ regarding access control. So, the results of the analysis can be used as input for developers and users to conduct further evaluation and improvement. This research used a qualitative approach with literature study and made observations on Arteri as the object. On analysis it was found that Arteri only fulfilled 12 of the 17 mandatory access control function requirements .

Published

2021

39. A protective mechanism for the access control system in the virtual domain

Author

Hai Jin, Bin Yuan, Kai Yang, Jinan Shen, Weiming Li, and Deqing Zou

Subjects

010302 applied physics, Software_OPERATINGSYSTEMS, Computer Networks and Communications, business.industry, Computer science, Security domain, 020206 networking & telecommunications, Hypervisor, Access control, 02 engineering and technology, computer.software_genre, Security policy, 01 natural sciences, Mandatory access control, Virtual machine, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Operating system, Malware, Electrical and Electronic Engineering, business, computer, Computer network, Memory protection

Abstract

Intraditional framework, mandatory access control (MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved under the traditional framework if the operating system (OS) is comprised since malwares are running in ring0 level. In this paper, we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems. We separate the access control system into three parts: policy management (PM), security server (SS) and policy enforcement (PE). Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks. We add an access vector cache (AVC) between SS and PE in the guest OS, in order to speed up communication between the guest OS and the security domain. The policy enforcement module is retained in the guest OS for performance. The security of AVC and PE can be ensured by using a memory protection mechanism. The goal of protecting the OS kernel is to ensure the security of the execution path. We implement the system by a modified Xen hypervisor. The result shows that we can secure the security of the access control system in the guest OS with no overhead compared with modules in the latter. Our system offers a centralized security policy for virtual domains in virtual machine environments.

Published

2016

40. TripleMon: A multi-layer security framework for mediating inter-process communication on Android

Author

Hongxin Hu, Ziming Zhao, Haehyun Cho, Gail-Joon Ahn, and Yiming Jing

Subjects

021110 strategic, defence & security studies, Security framework, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Reference monitor, computer.software_genre, Computer security, Mandatory access control, Inter-process communication, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, Malware, Android (operating system), Safety, Risk, Reliability and Quality, Personally identifiable information, Mobile device, computer, Software

Abstract

As smartphones have become an indispensable part of daily life, mobile users are increasingly relying on them to process personal information with feature-rich applications. This situation requires robust security mechanisms for protecting sensitive applications and data on mobile devices. Android, as one the most popular smartphone operating systems, provides two core security mechanisms, application sandboxing and a permission system. However, recent studies show that these mech- anisms are vulnerable to be passed by a variety of attacks. In this paper, we argue for the need of designing and implementing more comprehensive security mechanisms for Android. We realize that mediating Inter-Process Communication (IPC) channels used by Android applications can mitigate prominent attacks effectively and efficiently. Based on this observation, we propose a practical multi-layer security framework called TRIPLEMON to support policy-based mediation on Android IPC. We also dis- cuss and evaluate a proof-of-concept prototype of TRIPLEMON along with the experimental results derived from real malware samples and synthetic attacks.

Published

2016

41. Convergence Interaction for Communication

Author

Joong-Kyung Ryu and Yu-Keum Jeong

Subjects

business.industry, Computer science, 020206 networking & telecommunications, Access control, Cloud computing, 02 engineering and technology, Communications system, Computer security, computer.software_genre, Change management (ITSM), Mandatory access control, Computer Science Applications, 0202 electrical engineering, electronic engineering, information engineering, Role-based access control, Resource allocation, 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, business, computer, Personally identifiable information

Abstract

Welcome to this special issue of Wireless Personal Communications. This issue contains a collection of the best papers out of various authors who have been submitted to this issue. The main goal for this issue is to be a timely vehicle for publishing selected research papers from practitioners and academia in convergence industries on this emerging topic. This issue covers some of the hottest topics in Convergence Interaction for Communication, including: convergence; interactive applications; cloud service; P2P architectures and wireless protocols; data and index structures; motion recognition; future communication system; hybrid networking system; spectrum resource allocation; personal networking and architectures; multiple access techniques; multicasting and computer communications. The paper by Mun et al. [1] proposes the injecting of a subject policy into access control to strengthen the protection of personal information. This study provides two confidential access control models that apply individually established policies to the role-based access control model (RBAC) and the mandatory access control model (MAC) technologies. In the SpRBAC model, a user’s right to access would follow organizational policy, and accessing personal information would be restricted by the subject policy. In the SpMAC model, users would have to satisfy the subject policy established by the provider of the information, in addition to the requirements of the normal MAC policy. The paper by Lee et al. [2] presents variability change management using orthogonal variability model-based traceability. The proposed method is an approach to tracing variability based on explicit

Published

2016

42. Mandatory Access Control for Android Application Security

Author

Young-June Choi, Do-yun Kim, Wooguil Pak, and June-sung Na

Subjects

Engineering, Cloud computing security, business.industry, Computer security model, Permission, Computer security, computer.software_genre, Mandatory access control, Security service, Android application, Android (operating system), business, computer, Mobile device

Abstract

In this paper, we investigate the security issues of the Android platform which dominates the global market of smart mobile devices. The current permission model for Android security is not powerful and has two problems. One is the coarse-grained relationship between permissions and methods which require them. The other is that mobile users do not have rights to control the permissions of the application. To solve these problems, we propose MacDroid which can control the platform's resources for accessing installed applications. Users can control the application's behavior via MacDroid's policy. We have divided the permission set into method units. The results of the performance test using a pure Android platform show that our proposed scheme can improve security within a short time.

Published

2016

43. Access Control Mechanism based on MAC for Cloud Convergence

Author

Sang-Joon Lee and Eun-Bok Choi

Subjects

Cloud computing security, Computer access control, business.industry, Computer science, Distributed computing, 0211 other engineering and technologies, 020101 civil engineering, Access control, Cloud computing, 02 engineering and technology, Mandatory access control, 0201 civil engineering, Network Access Control, 021105 building & construction, Role-based access control, business, Secure state, Computer network

Abstract

Cloud computing technology offers function that share each other computer resource, software and infra structure based on network. Virtualization is a very useful technology for operation efficiency of enterprise`s server and reducing cost, but it can be target of new security threat when it is used without considering security. This paper proposes access control mechanism based on MAC(Mandatory Access Control) for cloud convergence that solve various problem that can occur in cloud environment. This mechanism is composed of set of state rules, security characteristics and algorithm. Also, we prove that the machine system with access control mechanism and an initial secure state is a secure system. This policy module of mechanism is expected to not only provide the maintenance but also provide secure resource sharing between virtual machines.

Published

2016

44. Towards a secure and lightweight network function virtualisation environment

Author

Marco De Benedictis, Paolo Smiraglia, and Antonio Lioy

Subjects

Lightweight Virtualisation, Computer science, Distributed computing, Overhead (engineering), Cloud computing, Network Function Virtualisation, computer.software_genre, SELinux, Management Information Systems, NFV, Security, Container, Mandatory Access Control, Docker, Virtual network, Flexibility (engineering), business.industry, Applied Mathematics, Virtualization, Mandatory access control, Computer Science Applications, Virtual machine, business, Host (network), computer

Abstract

Cloud computing has deeply affected the structure of modern ICT infrastructures. It represents an enabling technology for novel paradigms such as Network Function Virtualisation (NFV), which proposes the virtualisation of network functions to enhance the flexibility of networks and to reduce the costs of infrastructure management. Besides potential benefits, NFV inherits the limitations of traditional virtualisation where the isolation of resources comes at the cost of a performance overhead. Lightweight forms of virtualisation, like containers, aim to mitigate this limitation. Furthermore, they allow the agile composition of complex services. These characteristics make containers a suitable technology for NFV environment. A major concern towards the exploitation of containers is security. Since containers provide less isolation than virtual machines, they can expose the whole host to vulnerabilities. In this work, we investigate container-related threats and propose a secure design for a Virtual Network Function deployed in a lightweight NFV environment.

Published

2020

45. Attribute-Based Access Control in Web Applications

Author

Ayesha Rahman, Tameem Ahmad, Asad Mohammed Khan, and Sadia Kauser

Subjects

Flexibility (engineering), business.industry, Computer science, Access control, Computer security, computer.software_genre, Object (computer science), Security policy, Mandatory access control, Discretionary access control, Role-based access control, Web application, business, computer

Abstract

Nowadays, controlling access to resources is a challenge and the security policies are also needed to be flexible. For providing access control, many access control models can be implemented like Discretionary Access control (DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC) but there are certain limitations in them. Attribute-Based Access Control (ABAC) is the general model which could comprehend the benefits of these models while surpassing their demerits. In this work, we have explained how ABAC can be implemented on Web Application. For implementing ABAC, we have developed a sample web application for an organization to provide users and members access to different resources like course materials and project files. We have defined subject’s attributes, object’s attributes, and policies for it. In conclusion, ABAC can provide dynamic access permissions and flexibility to the access control mechanism in comparison to RBAC and is more secure than Trust-Based Access Control (TrustBAC).

Published

2018

46. Android Escalation Paths

Author

Kevin R. B. Butler and Grant Hernandez

Subjects

021110 strategic, defence & security studies, Exploit, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Audit, Attack graph, Computer security, computer.software_genre, Mandatory access control, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Android (operating system), Privilege level, computer

Abstract

Smartphones are a critical device in modern society. With the amount of personal data present on many smartphones, protecting their integrity is crucial. The Android operating system employs multiple layers of security to ensure that the system is resistant to local and remote threats. To achieve this it uses a combination of discretionary and mandatory access control policies. Attackers when attempting to escalate to a higher privilege level must operate within these policies and potentially exploit their flaws. The flow an attacker (and conversely a defender) follows can be modeled as attack graph. In this paper, we explore how attack graphs could be automatically generated from SEAndroid policy files to aid defenders and attackers with auditing system security posture.

Published

2018

47. Inheriting Software Security Policies within Hardware IP Components

Author

Joel Mandebi Mbongue, Christophe Bobda, Festus Hategekimana, and Jubaer Hossain Pantho

Subjects

business.industry, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, Hypervisor, Cloud computing, 02 engineering and technology, Enterprise information security architecture, Security kernel, Security policy, Mandatory access control, Software security assurance, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), business, Computer hardware, 021106 design practice & management

Abstract

Domain isolation enforcement is one of the challenging issues in software environments. To address this problem, NSA, in conjunction with the Secure Computing Corporation and the University of Utah, developed the open-source Flux Advanced Security Kernel (Flask), the mandatory access control (MAC) security architecture underlying major Operating Systems/Hypervisors widely deployed in cloud/desktop environments. In this work, we extend this security architecture to FPGA-based heterogeneous systems. Specifically, we explore the design and implementation of a security framework for controlled sharing of FPGA hardware modules in MAC-based OS/Hypervisor environments. The proposed design guarantees that hardware modules execute in the same security context as of the processes calling them by propagating the latter security policies expressed at the software level, down to the hardware. We prototype the proposed framework with SELinux and demonstrate its utility by evaluating trade-offs between security performance and execution overhead incurred by example applications. The preliminary results show our proposed framework provides isolation with an average of 0.6% worst case performance overhead.

Published

2018

48. Ensuring Security in Cloud Computing Using Access Control: A Survey

Author

Fatima Sifou, Ali Kartit, and Ahmed Hammouch

Subjects

Cloud computing security, business.industry, Computer science, Data management, Access control, Cloud computing, Computer security, computer.software_genre, Mandatory access control, Discretionary access control, Scalability, Role-based access control, business, computer

Abstract

Currently, cloud computing has widely been implemented in several organizations. This is due to the fact that this new model delivers cost-efficient, flexibility and scalability computing resources to the clients. This has led to a growing demand of cloud implementations in different sectors. Although cloud computing facilitates data management, it still faces various security problems. So, it is important to examine cloud security issues before moving to this model. In particular, we focus on existing access control mechanisms in cloud computing. Actually, there exist multiple schemes that ensure data protection, such as DAC (Discretionary Access Control), MAC (Mandatory Access Control), RBAC (Role Base Access Control), ORBAC (Organizational Role Based Access Control) and ABAC (Attributes Based Access Control). The main contribution of this paper is to select the appropriate access control model that meets cloud constraints. Based on these considerations, ABAC model is more suitable to cloud environments compared to other models. In this regard, we provide a comprehensive taxonomy of different ABAC schemes.

Published

2018

49. An Historical Analysis of the SEAndroid Policy Evolution

Author

Ang Chen, Dan S. Wallach, and Bum-Jin Im

Subjects

FOS: Computer and information sciences, 021110 strategic, defence & security studies, Computer Science - Cryptography and Security, Computer science, 0211 other engineering and technologies, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, Security policy, Mandatory access control, 0202 electrical engineering, electronic engineering, information engineering, Android (operating system), computer, Cryptography and Security (cs.CR)

Abstract

Android adopted SELinux's mandatory access control (MAC) mechanisms in 2013. Since then, billions of Android devices have benefited from mandatory access control security policies. These policies are expressed in a variety of rules, maintained by Google and extended by Android OEMs. Over the years, the rules have grown to be quite complex, making it challenging to properly understand or configure these policies. In this paper, we perform a measurement study on the SEAndroid repository to understand the evolution of these policies. We propose a new metric to measure the complexity of the policy by expanding policy rules, with their abstraction features such as macros and groups, into primitive "boxes", which we then use to show that the complexity of the SEAndroid policies has been growing exponentially over time. By analyzing the Git commits, snapshot by snapshot, we are also able to analyze the "age" of policy rules, the trend of changes, and the contributor composition. We also look at hallmark events in Android's history, such as the "Stagefright" vulnerability in Android's media facilities, pointing out how these events led to changes in the MAC policies. The growing complexity of Android's mandatory policies suggests that we will eventually hit the limits of our ability to understand these policies, requiring new tools and techniques., Comment: 16 pages, 11 figures, published in ACSAC '18

Published

2018

50. Access Control Model for Modern Virtual e-Government Services: Saudi Arabian Case Study

Author

Hessah A. Alsalamah, Rand Albrahim, Mehmet Aksoy, and Shada Alsalamah

Subjects

Government, General Computer Science, business.industry, Computer science, 05 social sciences, Control (management), Principle of least privilege, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Access control, Cloud computing, Computer security, computer.software_genre, Security controls, Mandatory access control, 050501 criminology, Confidentiality, business, computer, Information exchange, 0505 law

Abstract

e-Government services require intensive information exchange and interconnection among governmental agencies to provide specialized online services and allow informed decision-making. This could compromise the integrity, confidentiality, and/or availability of the information being exchanged. Government agencies are accountable and liable for the protection of information they possess and use on a least privilege security principle basis even after dissemination. However, traditional access control models are short of achieving this as they do not allow dynamic access to unknown users to the system, they do not provide security controls at a fine-grained level, and they do not provide persistent control over this information. This paper proposes a novel secure access control model for cross-governmental agencies. The secure model deploys a Role-centric Mandatory Access Control MAC (R-MAC) model, suggests a classification scheme for e-Government information, and enforces its application using XML security technologies. By using the proposed model, privacy could be preserved by having dynamic, persistent, and fine-grained control over their shared information.

Published

2018