Your search keyword '"Mandatory access control"' showing total 576 results

1. Automatic generation of AppArmor security policies based on large language models

Author

SHA Yitian, LIU Shaojun, QIAN Xin, WU Yue, CHEN Peng, and LIU Xing

Subjects

mandatory access control, AppArmor, security policy, static analysis, Electronic computers. Computer science, QA75.5-76.95

Abstract

Operating system (OS) security has been considered as a critical layer within the comprehensive security framework of computer information systems. Mandatory access control (MAC) mechanisms such as SELinux and AppArmor have been employed to strengthen OS security. However, significant challenges have been encountered in the application of MAC in practice, primarily involving the complexity of security policy configuration, which has demanded specialized expertise and often resulted in coarse-grained protection measures. Aimed at enhancing the process of generating security policies for AppArmor, an automated access control policy generation method was proposed based on large language models (LLM). The process began with a static analysis of the target application to extract preliminary security policy rules. Subsequently, the application was extensively executed to gather logs that achieved maximum code coverage. Large models, in conjunction with the gathered log information, static analysis outcomes, and few-shot learning, were utilized to autonomously generate security policies for applications. This approach significantly reduced the dependence on security experts, lowered manual labor costs, and diminished the subjectivity and complexity associated with manual security policy configurations. The efficacy of this methodology was demonstrated through a comparative analysis between the AppArmor security policies generated by this framework and the default policies, focusing on the policies’ correctness, completeness, and succinctness. The experimental findings reveal that the generated policies are not only comprehensive and succinct but also do not impede the normal operation of the application. These results underscore the effectiveness of the proposed method in streamlining the security policy generation process and enhancing the quality of the policies.

Published

2024

2. Automatic generation of AppArmor security policies based on large language models

Author

Yitian SHA, Shaojun LIU, Xin QIAN, Yue WU, Peng CHEN, Xing LIU

Subjects

mandatory access control, apparmor, security policy, static analysis, Electronic computers. Computer science, QA75.5-76.95

Abstract

Operating system (OS) security has been considered as a critical layer within the comprehensive security framework of computer information systems. Mandatory access control (MAC) mechanisms such as SELinux and AppArmor have been employed to strengthen OS security. However, significant challenges have been encountered in the application of MAC in practice, primarily involving the complexity of security policy configuration, which has demanded specialized expertise and often resulted in coarse-grained protection measures. Aimed at enhancing the process of generating security policies for AppArmor, an automated access control policy generation method was proposed based on large language models (LLM). The process began with a static analysis of the target application to extract preliminary security policy rules. Subsequently, the application was extensively executed to gather logs that achieved maximum code coverage. Large models, in conjunction with the gathered log information, static analysis outcomes, and few-shot learning, were utilized to autonomously generate security policies for applications. This approach significantly reduced the dependence on security experts, lowered manual labor costs, and diminished the subjectivity and complexity associated with manual security policy configurations. The efficacy of this methodology was demonstrated through a comparative analysis between the AppArmor security policies generated by this framework and the default policies, focusing on the policies’ correctness, completeness, and succinctness. The experimental findings reveal that the generated policies are not only comprehensive and succinct but also do not impede the normal operation of the application. These results underscore the effectiveness of the proposed method in streamlining the security policy generation process and enhancing the quality of the policies.

Published

2024

3. 基于大语言模型的AppArmor安全策略自动生成方法.

Author

沙倚天, 刘少君, 钱欣, 吴越, 陈鹏, and 刘行

Abstract

Copyright of Chinese Journal of Network & Information Security is the property of Beijing Xintong Media Co., Ltd. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

4. XFilter: An Extension of the Integrity Measurement Architecture Based on Fine-Grained Policies.

Author

Litchfield, Alan and Du, Weihua

Subjects

ACCESS control, INFORMATION measurement, VENDOR-managed inventory, QUALITY function deployment, MEASUREMENT

Abstract

The Integrity Measurement Architecture subsystem on the Linux platform is a critical security component in the kernel to ensure the integrity of the running system. However, the default Integrity Measurement Architecture policy mechanisms based on options such as file owner and FSMAGIC cannot achieve a file-level configuration. Although Integrity Measurement Architecture supports the Linux Security Module policy rules to be close to the goal of fine-grained configuration, it is not easy to be managed because the Linux Security Module was not originally designed for integrity measurement. Moreover, the Linux Security Module-based policy does not apply in some use cases considering the type of Mandatory Access Control tools chosen by users. This paper presents a new policy configuration option, named XFilter, that achieves a fine-grained policy configuration method. The XFilter includes two policy matching mechanisms, XLabel and XList, which share the same policy token created for XFilter exclusively. XLabel marks the files for measurement using a label in the file's extended attribute (xattr). By contrast, XList stores the measurement information in a list of file paths. To simplify the deployment, an automatic configuration process is implemented for integrating into the package management system. The evaluation results suggest that both mechanisms satisfy the requirements of file-level IMA policy control and create a performance burden for system operation in the acceptable range. They also reveal a positive correlation between the increment of the system latency and the growth of the length of file paths list for the XList mechanism. [ABSTRACT FROM AUTHOR]

Published

2023

5. XFilter: An Extension of the Integrity Measurement Architecture Based on Fine-Grained Policies

Author

Alan Litchfield and Weihua Du

Subjects

X-filter, integrity measurement architecture, linux security module, mandatory access control, XLabel, XList, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

The Integrity Measurement Architecture subsystem on the Linux platform is a critical security component in the kernel to ensure the integrity of the running system. However, the default Integrity Measurement Architecture policy mechanisms based on options such as file owner and FSMAGIC cannot achieve a file-level configuration. Although Integrity Measurement Architecture supports the Linux Security Module policy rules to be close to the goal of fine-grained configuration, it is not easy to be managed because the Linux Security Module was not originally designed for integrity measurement. Moreover, the Linux Security Module-based policy does not apply in some use cases considering the type of Mandatory Access Control tools chosen by users. This paper presents a new policy configuration option, named XFilter, that achieves a fine-grained policy configuration method. The XFilter includes two policy matching mechanisms, XLabel and XList, which share the same policy token created for XFilter exclusively. XLabel marks the files for measurement using a label in the file’s extended attribute (xattr). By contrast, XList stores the measurement information in a list of file paths. To simplify the deployment, an automatic configuration process is implemented for integrating into the package management system. The evaluation results suggest that both mechanisms satisfy the requirements of file-level IMA policy control and create a performance burden for system operation in the acceptable range. They also reveal a positive correlation between the increment of the system latency and the growth of the length of file paths list for the XList mechanism.

Published

2023

6. The Port-in-Use Covert Channel Attack

Author

Efanov, Dmitry, Roschin, Pavel, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Samsonovich, Alexei V., editor, and Klimov, Valentin V., editor

Published

2018

7. Multi-level Access Control, Directed Graphs and Partial Orders in Flow Control for Data Secrecy and Privacy

Author

Logrippo, Luigi, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Imine, Abdessamad, editor, Fernandez, José M., editor, Marion, Jean-Yves, editor, Logrippo, Luigi, editor, and Garcia-Alfaro, Joaquin, editor

Published

2018

8. Security Improvement of File System Filter Driver in Windows Embedded OS.

Author

Yeon Sang Seong, Chaeho Cho, Young Pyo Jun, and Yoojae Won

Abstract

IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method. [ABSTRACT FROM AUTHOR]

Published

2021

9. T-MAC: Protecting Mandatory Access Control System Integrity from Malicious Execution Environment on ARM-Based Mobile Devices

Author

Zhang, Diming, Chen, Liangqiang, Xue, Fei, Wu, Hao, Huang, Hao, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Nguyen, Phong Q., editor, and Zhou, Jianying, editor

Published

2017

10. A flexible fine-grained dynamic access control approach for cloud computing environment.

Author

Mehraj, Saima and Banday, M. Tariq

Subjects

*ACCESS control, *CLOUD computing, *ON-demand computing, *COMPUTER systems, *DYNAMICAL systems

Abstract

As a pioneering surge of ICT technologies, offering computing resources on-demand, the exceptional evolution of Cloud computing has not gone unnoticed by the IT world. At the same time, security stands as a most prior concern for this new progressive computing capability of on-demand services over the Internet. Hence, access control substantiates one of the fundamental conditions to fortify the information and Cloud system against illegitimate access among all the security requirements of Cloud computing. Although diverse access control models have been proposed and implemented for the Cloud computing paradigm, the models may fail to accomplish the dynamic and scalable requirements of the Cloud system adequately. Therefore, we propose a dynamic authorization system for a Cloud computing environment that employs the concept of role, task, and trustworthiness of the user. In this paper, a framework has been proposed that offers characteristics of both passive and active access control along with the trusted computing, thereby, blending the model into a more fine-grained and dynamic for the Cloud computing environment. Subsequently, the implementation of the propounded scheme is reported to provide the proof-of-concept. Additionally, the evaluation and use case scenario of the propounded system has been carried out to proclaim its effectiveness over other conventional models. [ABSTRACT FROM AUTHOR]

Published

2021

11. UI Tags: Confidentiality in Office Open XML

Author

Kerr, Lawrence, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Kotenko, Igor, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Barbosa, Simone Diniz Junqueira, Editorial Board Member, Chen, Phoebe, Editorial Board Member, Du, Xiaoyong, Editorial Board Member, Kara, Orhun, Editorial Board Member, Liu, Ting, Editorial Board Member, Sivalingam, Krishna M., Editorial Board Member, Washio, Takashi, Editorial Board Member, Yuan, Junsong, Editorial Board Member, Haltinner, Kristin, editor, Sarathchandra, Dilshani, editor, Alves-Foss, Jim, editor, Chang, Kevin, editor, Conte de Leon, Daniel, editor, and Song, Jia, editor

Published

2016

12. A Lightweight Security Isolation Approach for Virtual Machines Deployment

Author

Liang, Hongliang, Han, Changyao, Zhang, Daijie, Wu, Dongyang, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Lin, Dongdai, editor, Yung, Moti, editor, and Zhou, Jianying, editor

Published

2015

13. Securing the Root Through SELinux

Author

Chatterjee, Ananya, Mishra, Arun, Kacprzyk, Janusz, Series editor, Mohapatra, Durga Prasad, editor, and Patnaik, Srikanta, editor

Published

2014

14. Security of OS-Level Virtualization Technologies

Author

Reshetova, Elena, Karhunen, Janne, Nyman, Thomas, Asokan, N., Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Kobsa, Alfred, Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Bernsmed, Karin, editor, and Fischer-Hübner, Simone, editor

Published

2014

15. Attacks on Android Clipboard

Author

Zhang, Xiao, Du, Wenliang, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Kobsa, Alfred, editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Weikum, Gerhard, editor, and Dietrich, Sven, editor

Published

2014

16. Mandatory Access Control

Author

Thuraisingham, Bhavani, Ferrari, Elena, Section editor, Liu, Ling, editor, and Özsu, M. Tamer, editor

Published

2018

17. Design and Implementation of Linux File Mandatory Access Control

Author

Tian, Liye, Rong, Xing, Liu, Tingting, Lei, Jingsheng, editor, Wang, Fu Lee, editor, Li, Mo, editor, and Luo, Yuan, editor

Published

2012

18. Software Security: A Formal Perspective : (Notes for a Talk)

Author

Abadi, Martín, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Giannakopoulou, Dimitra, editor, and Méry, Dominique, editor

Published

2012

19. Towards a Trustworthy, Lightweight Cloud Computing Framework for Embedded Systems

Author

Dietrich, Kurt, Winter, Johannes, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, McCune, Jonathan M., editor, Balacheff, Boris, editor, Perrig, Adrian, editor, Sadeghi, Ahmad-Reza, editor, Sasse, Angela, editor, and Beres, Yolanta, editor

Published

2011

20. CFCC: A Covert Flows Confinement Mechanism for Virtual Machine Coalitions

Author

Cheng, Ge, Jin, Hai, Zou, Deqing, Shi, Lei, Ohoussou, Alex K., Boursas, Latifa, editor, Carlson, Mark, editor, Jin, Hai, editor, Sibilla, Michelle, editor, and Wold, Kes, editor

Published

2010

21. A Self-Adaptive Bell–LaPadula Model Based on Model Training With Historical Access Logs.

Author

Tang, Zhuo, Ding, Xiaofei, Zhong, Ying, Yang, Li, and Li, Keqin

Abstract

In currently popular access control models, the security policies and regulations never change in the running system process once they are identified, which makes it possible for attackers to find the vulnerabilities in a system, resulting in the lack of ability to perceive the system security status and risks in a dynamic manner and exposing the system to such risks. By introducing the maximum entropy (MaxENT) models into the rule optimization for the Bell–LaPadula (BLP) model, this paper proposes an improved BLP model with the self-learning function: MaxENT-BLP. This model first formalizes the security properties, system states, transformational rules, and a constraint model based on the states transition of the MaxENT. After handling the historical system access logs as the original data sets, this model extracts the user requests, current states, and decisions to act as the feature vectors. Second, we use $k$ -fold cross validation to divide all vectors into a training set and a testing set. In this paper, the model training process is based on the Broyden–Fletcher–Goldfarb–Shanno algorithm. And this model contains a strategy update algorithm to adjust the access control rules dynamically according to the access and decision records in a system. Third, we prove that MaxENT-BLP is secure through theoretical analysis. By estimating the precision, recall, and F1-score, the experiments show the availability and accuracy of this model. Finally, this paper provides the process of model training based on deep learning and discussions regarding adversarial samples from the malware classifiers. We demonstrate that MaxENT-BLP is an appropriate choice and has the ability to help running information systems to avoid more risks and losses. [ABSTRACT FROM PUBLISHER]

Published

2018

22. Study and Implementation of SELinux-Like Access Control Mechanism Based on Linux

Author

Zhai, Gaoshou, Li, Yaodong, Kim, Haeng-kon, editor, Kim, Tai-hoon, editor, and Kiumi, Akingbehin, editor

Published

2009

23. A Dynamic Mandatory Access Control Model

Author

Jafarian, Jafar Haadi, Amini, Morteza, Jalili, Rasool, Sarbazi-Azad, Hamid, editor, Parhami, Behrooz, editor, Miremadi, Seyed-Ghassem, editor, and Hessabi, Shaahin, editor

Published

2009

24. A Context-Aware Mandatory Access Control Model for Multilevel Security Environments

Author

Jafarian, Jafar Haadi, Amini, Morteza, Jalili, Rasool, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Harrison, Michael D., editor, and Sujan, Mark-Alexander, editor

Published

2008

25. Approaches to Enforce Privacy in Databases: Classical to Information Flow-Based Models

Author

Aniket Kuiri, Pratiksha Chaudhary, R. K. Shyamasundar, and Arushi Jaiswal

Subjects

Database, Computer Networks and Communications, Computer science, business.industry, Privacy policy, Covert channel, Access control, computer.software_genre, Security policy, Mandatory access control, Theoretical Computer Science, Differential privacy, Information flow (information theory), Declassification, business, computer, Software, Information Systems

Abstract

Ever since databases became an ubiquitous part of enterprises or businesses, security and privacy became a requirement. Traditionally, privacy was realized through various methods of database access control and relied much on the use of statically defined views, which are essentially logical constructs imposed over database tables that can alter or restrict the data that can be viewed by an user. Privacy is about the responsible maintenance of private information. This responsibility is hard to define, which is why laws are necessary. With a vast accumulation of personal data in databases, there has been a heightened awareness and concern about the storage and use of private information leading to privacy-related guidelines, regulations and legislations, Compliance with these regulations has become one of the major concerns for organizations and companies. Traditionally, privacy in databases (DBs) have been addressed through access control techniques including multi-level security (MLS) based on mandatory access control (MAC), and restricted views to the users. As view definitions to comply with regulations became quite complex for accommodating all the restrictions in one view, explicit constructs for specifying privacy policies were introduced for complying with medical regulations like HIPAA (Health Insurance Portability and Accountability Act) from USA, in relational database systems. These enabled fine grained access control (FGAC) capable of enforcing disclosure control enunciated databases. Application of information flow control that is needed for multi-level security (MLS) databases to preserve privacy among multiple users but have their challenges like new abstractions for managing information flow in a relational database system, handling transactions and integrity constraints without introducing covert channels etc. As the DBs need to work alongside information flow controlled programming languages and operating systems for tracking flows, there is a need to enforce the security policy not only on the DBMS but also on the application platform. Due to the underlying requirement of decentralization, it calls for declassification/endorsement and santization requirements on the DB. In this paper, we shall first review some of the major privacy enhancing techniques used traditionally for DBs including MLS DBs, and then explore application of decentralized information flow control models for realizing information flow secure DBs in a robust manner. Towards the end, we shall also touch upon some of the roles of anonymization and psuedonymization including inference control and differential privacy in realizing privacy in practice.

Published

2021

26. Application Security – Myth Or Reality?

Author

Caelli, William J., Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Rangan, C. Pandu, editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Dawson, Ed, editor, and Wong, Duncan S., editor

Published

2007

27. Mandatory Access Control applications to web hosting

Author

Prandini, Marco, Faldella, Eugenio, Laschi, Roberto, Blyth, Andrew, and Sutherland, Iain

Published

2007

28. Bridging the Gap Between Inter-communication Boundary and Internal Trusted Components

Author

Watanabe, Yuji, Yoshihama, Sachiko, Mishina, Takuya, Kudo, Michiharu, Maruyama, Hiroshi, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Gollmann, Dieter, editor, Meier, Jan, editor, and Sabelfeld, Andrei, editor

Published

2006

29. A Privacy Enhanced Role-Based Access Control Model for Enterprises

Author

Yang, Cungang, Zhang, Chang N., Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Lu, Xicheng, editor, and Zhao, Wei, editor

Published

2005

30. Using Parameterized UML to Specify and Compose Access Control Models

Author

Ray, Indrakshi, Li, Na, Kim, Dae-Kyoo, France, Robert, Jajodia, Sushil, editor, and Strous, Leon, editor

Published

2004

31. A Security Access Control Mechanism for a Multi-layer Heterogeneous Storage Structure

Author

Ju, Shiguang, Hernández, Héctor J., Zhang, Lan, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Li, Minglu, editor, Sun, Xian-He, editor, Deng, Qianni, editor, and Ni, Jun, editor

Published

2004

32. Information Flow Control Using Version in Object-Oriented Systems

Author

Fellah, A., Rahwan, I., Maamir, A., Kent, Robert D., editor, and Sands, Todd W., editor

Published

2003

33. A Novel Approach to Role-Based Access Control

Author

Chae, Song-hwa, Kim, Wonil, Kim, Dong-kyoo, Goos, G., editor, Hartmanis, J., editor, van Leeuwen, J., editor, Sloot, Peter M. A., editor, Abramson, David, editor, Bogdanov, Alexander V., editor, Gorbachev, Yuriy E., editor, Dongarra, Jack J., editor, and Zomaya, Albert Y., editor

Published

2003

34. Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card

Author

Scherzer, Helmut, Canetti, Ran, Karger, Paul A., Krawczyk, Hugo, Rabin, Tal, Toll, David C., Goos, Gerhard, editor, Hartmanis, Juris, editor, van Leeuwen, Jan, editor, Snekkenes, Einar, editor, and Gollmann, Dieter, editor

Published

2003

35. Mitigation of Kernel Memory Corruption Using Multiple Kernel Memory Mechanism

Author

Hiroki Kuzuno and Toshihiro Yamauchi

Subjects

Software_OPERATINGSYSTEMS, Address space layout randomization, Theoretical computer science, General Computer Science, Address space, Computer science, Memory corruption, General Engineering, Security kernel, Mandatory access control, TK1-9971, Memory management, System call, Kernel (statistics), operating system, kernel vulnerability, system security, General Materials Science, Electrical engineering. Electronics. Nuclear engineering

Abstract

Operating systems adopt kernel protection methods (e.g., mandatory access control, kernel address space layout randomization, control flow integrity, and kernel page table isolation) as essential countermeasures to reduce the likelihood of kernel vulnerability attacks. However, kernel memory corruption can still occur via the execution of malicious kernel code at the kernel layer. This is because the vulnerable kernel code and the attack target kernel code or kernel data are located in the same kernel address space. To gain complete control of a host, adversaries focus on kernel code invocations, such as function pointers that rely on the starting points of the kernel protection methods. To mitigate such subversion attacks, this paper presents multiple kernel memory (MKM), which employs an alternative design for kernel address space separation. The MKM mechanism focuses on the isolation granularity of the kernel address space during each execution of the kernel code. MKM provides two kernel address spaces, namely, i) the trampoline kernel address space, which acts as the gateway feature between user and kernel modes and ii) the security kernel address space, which utilizes the localization of the kernel protection methods (i.e., kernel observation). Additionally, MKM achieves the encapsulation of the vulnerable kernel code to prevent access to the kernel code invocations of the separated kernel address space. The evaluation results demonstrated that MKM can protect the kernel code and kernel data from a proof-of-concept kernel vulnerability that could lead to kernel memory corruption. In addition, the performance results of MKM indicate that the system call overhead latency ranges from $0.020~\mu \text{s}$ to $0.5445~\mu \text{s}$ , while the web application benchmark ranges from $196.27~\mu \text{s}$ to 6, $685.73~\mu \text{s}$ for each download access of 100,000 Hypertext Transfer Protocol sessions. MKM attained a 97.65% system benchmark score and a 99.76% kernel compilation time.

Published

2021

36. Mandatory Access Control

Author

Upadhyaya, Shambhu, van Tilborg, Henk C. A., editor, and Jajodia, Sushil, editor

Published

2011

37. Future Directions in Role-Based Access Control Models

Author

Sandhu, Ravi, Goos, Gerhard, editor, Hartmanis, Juris, editor, van Leeuwen, Jan, editor, Gorodetski, Vladimir I., editor, Skormin, Victor A., editor, and Popyack, Leonard J., editor

Published

2001

38. Providing Security and Interoperation of Heterogeneous Systems

Author

Dawson, Steven, Qian, Shelly, Samarati, Pierangela, Atluri, Vijay, editor, and Samarati, Pierangela, editor

Published

2000

39. SLR-SELinux: Enhancing the Security Footstone of SEAndroid with Security Label Randomization

Author

Tan Yusong, Zuo Yudan, Dong Pan, Ding Yan, Wei Lifeng, Zhipeng Li, and Huang Chenlin

Subjects

Technology, Software_OPERATINGSYSTEMS, Article Subject, Exploit, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, Vulnerability, Linux kernel, TK5101-6720, 02 engineering and technology, Security policy, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Android (operating system), 021110 strategic, defence & security studies, Mandatory access control, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Kernel (image processing), Telecommunication, 020201 artificial intelligence & image processing, Privilege escalation, computer, Information Systems

Abstract

The root privilege escalation attack is extremely destructive to the security of the Android system. SEAndroid implements mandatory access control to the system through the SELinux security policy at the kernel mode, making the general root privilege escalation attacks unenforceable. However, malicious attackers can exploit the Linux kernel vulnerability of privilege escalation to modify the SELinux security labels of the process arbitrarily to obtain the desired permissions and undermine system security. Therefore, investigating the protection method of the security labels in the SELinux kernel is urgent. And the impact on the existing security configuration of the system must also be reduced. This paper proposes an optimization scheme of the SELinux mechanism based on security label randomization to solve the aforementioned problem. At the system runtime, the system randomizes the mapping of the security labels inside and outside the kernel to protect the privileged security labels of the system from illegal obtainment and tampering by attackers. This method is transparent to users; therefore, users do not need to modify the existing system security configuration. A tamper-proof detection method of SELinux security label is also proposed to further improve the security of the method. It detects and corrects the malicious tampering behaviors of the security label in the critical process of the system timely. The above methods are implemented in the Linux system, and the effectiveness of security defense is proven through theoretical analysis and experimental verification. Numerous experiments show that the effect of this method on system performance is less than 1%, and the success probability of root privilege escalation attack is less than 10−9.

Published

2020

40. MKM: Multiple Kernel Memory for Protecting Page Table Switching Mechanism Against Memory Corruption

Author

Toshihiro Yamauchi and Hiroki Kuzuno

Subjects

Address space layout randomization, Software_OPERATINGSYSTEMS, Computer science, 020206 networking & telecommunications, Memory corruption, 02 engineering and technology, Attack surface, computer.software_genre, Mandatory access control, Virtual address space, System call, Kernel (statistics), 0202 electrical engineering, electronic engineering, information engineering, Operating system, 020201 artificial intelligence & image processing, Page table, computer

Abstract

Countermeasures against kernel vulnerability attacks on an operating system (OS) are highly important kernel features. Some kernels adopt several kernel protection methods such as mandatory access control, kernel address space layout randomization, control flow integrity, and kernel page table isolation; however, kernel vulnerabilities can still be exploited to execute attack codes and corrupt kernel memory. To accomplish this, adversaries subvert kernel protection methods and invoke these kernel codes to avoid administrator privileges restrictions and gain complete control of the target host. To prevent such subversion, we present Multiple Kernel Memory (MKM), which offers a novel security mechanism using an alternative design for kernel memory separation that was developed to reduce the kernel attack surface and mitigate the effects of illegal data manipulation in the kernel memory. The proposed MKM is capable of isolating kernel memory and dedicates the trampoline page table for a gateway of page table switching and the security page table for kernel protection methods. The MKM encloses the vulnerable kernel code in the kernel page table. The MKM mechanism achieves complete separation of the kernel code execution range of the virtual address space on each page table. It ensures that vulnerable kernel code does not interact with different page tables. Thus, the page table switching of the trampoline and the kernel protection methods of the security page tables are protected from vulnerable kernel code in other page tables. An evaluation of MKM indicates that it protects the kernel code and data on the trampoline and security page tables from an actual kernel vulnerabilities that lead to kernel memory corruption. In addition, the performance results show that the overhead is 0.020 \(\mu \)s to 0.5445 \(\mu \)s, in terms of the system call latency and the application overhead average is 196.27 \(\mu \)s to 6,685.73 \(\mu \)s , for each download access of 100,000 Hypertext Transfer Protocol sessions.

Published

2020

41. iFlask: Isolate flask security system from dangerous execution environment by using ARM TrustZone

Author

Shaodi You and Diming Zhang

Subjects

Computer Networks and Communications, Computer science, business.industry, Mobile computing, Vulnerability, 020206 networking & telecommunications, Access control, 02 engineering and technology, Enterprise information security architecture, Object manager, Computer security, computer.software_genre, Mandatory access control, Supplicant, Trap (computing), Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Isolation (database systems), business, computer, Software

Abstract

Security is essential in mobile computing. And, therefore, various access control modules have been introduced. However, the complicated mobile runtime environment may directly impact on the integrity of these security modules, or even compels them to make wrong access control decisions. Therefore, for a trusted Flask based security system, it needs to be isolated from the dangerous mobile execution environment at runtime. In this paper, we propose an isolated Flask security architecture called iFlask to solve this problem for the Flask-based mandatory access control (MAC) system. iFlask puts its security server subsystem into the enclave provided by the ARM TrustZone so as to avert the negative impacts of the malicious environment. In the meanwhile, iFlask’s object manager subsystems which run in the mobile system kernel use a built-in supplicant proxy to effectively lookup policy decisions made by the back-end security server residing in the enclave, and to enforce these rules on the system with trustworthy behaviors. Moreover, to protect iFlask’s components which are not protected by the enclave, we not only provide an exception trap mechanism that enables TrustZone to enlarge its protection scope to protect selected memory regions from the malicious system, but also establish a secure communication channel to the enclave as well. The prototype is implemented on SELinux, which is the widely used Flask-based MAC system, and the base of SEAndroid. The experimental results show that SELinux receives reliable protection, because it resists all known vulnerabilities (e.g., CVE-2015-1815) and remains unaffected by the attacks in the test set. The propose architecture have very slight impact on the performance, it shows a performance degradation ranges between 0.53% to 6.49% compared to the naked system.

Published

2020

42. THE FEATURES OF MANDATORY ACCESS CONTROL MODEL IN MODERN UNAUTHORIZED ACCESS DATA PROTECTION TOOLS

Author

S. V. Porshnev and D. V. Kuts

Subjects

Computer science, Data Protection Act 1998, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Computer security, computer.software_genre, computer, Mandatory access control

Abstract

This article describes the features of mandatory access control model in unauthorized ac-cess data protection tools, which can affect its efficiency. Also, some flaws of unauthorized ac-cess data protection tools and possible scenarios of unauthorized access bypassing these tools are analyzed. The countermeasures and methods of its application, eliminating detected flaws are offered. The conclusions about necessarity of analyze of unauthorized access data protec-tion tools policies and revision of its severeness, if it is necessary, were made.

Published

2020

43. A Design of MAC Model Based on the Separation of Duties and Data Coloring: DSDC-MAC

Author

Chee-Yang Song, Soon-Book Lee, Jin-Woo Kim, and Yoohwan Kim

Subjects

Computer Networks and Communications, business.industry, Separation of duties, Computer science, Access control, Computer security, computer.software_genre, Security policy, Security controls, Mandatory access control, Biba Model, Artificial Intelligence, Confidentiality, Security level, business, Database security, computer, Software

Abstract

Among the access control methods for database security, there is Mandatory Access Control (MAC) model in which the security level is set to both the subject and the object to enhance the security control. Legacy MAC models have focused only on one thing, either confidentiality or integrity. Thus, it can cause collisions between security policies in supporting confidentiality and integrity simultaneously. In addition, they do not provide a granular security class policy of subjects and objects in terms of subjects' roles or tasks. In this paper, we present the security policy of Bell_LaPadula Model (BLP) model and Biba model as one complemented policy. In addition, Duties Separation and Data Coloring (DSDC)-MAC model applying new data coloring security method is proposed to enable granular access control from the viewpoint of Segregation of Duty (SoD). The case study demonstrated that the proposed modeling work maintains the practicality through the design of Human Resources management System. The proposed model in this study is suitable for organizations like military forces or intelligence agencies where confidential information should be carefully handled. Furthermore, this model is expected to protect systems against malicious insiders and improve the confidentiality and integrity of data

Published

2020

44. Addressing Threats and Security Issues in World Wide Web Technology

Author

Gritzalis, Stefanos, Spinellis, Diomidis, and Katsikas, Sokratis, editor

Published

1997

45. Security Architecture

Author

Ince, A. Nejat, Evrendilek, Cem, Wilhelmsen, Dag, Gezer, Fadıl, Ince, A. Nejat, Evrendilek, Cem, Wilhelmsen, Dag, and Gezer, Fadıl

Published

1997

46. Toward a MAC policy framework

Author

Qian, Xiaolei, Lunt, Teresa F., Spooner, David L., editor, Demurjian, Steven A., editor, and Dobson, John E., editor

Published

1996

47. Modeling Mandatory Access Control in Role-Based Security Systems

Author

Nyanchama, Matunda, Osborn, Sylvia, Spooner, David L., editor, Demurjian, Steven A., editor, and Dobson, John E., editor

Published

1996

48. Report of discussion sessions following presentations

Author

Spooner, David L., Demurjian, Steven A., Dobson, John E., Spooner, David L., editor, Demurjian, Steven A., editor, and Dobson, John E., editor

Published

1996

49. Maintaining surrogate data for query acceleration in multilevel secure database systems

Author

Panda, Brajendra, Perrizo, William, Goos, Gerhard, editor, Hartmanis, Juris, editor, van Leeuwen, Jan, editor, and Bhalla, Subhash, editor

Published

1995

50. Security for Object-Oriented Systems: An Editorial Overview

Author

Thuraisingham, Bhavani, Sandhu, Ravi, Ting, T. C., van Rijsbergen, C. J., editor, Thuraisingham, B., editor, Sandhu, R., editor, and Ting, T. C., editor

Published

1994