Dynamic mandatory access control for multiple stakeholders
作者: Vikhyath Rao , Trent Jaeger
关键词: Computer security 、 Download 、 Access control 、 Computer science 、 Role-based access control 、 Mandatory access control 、 System administrator 、 Service provider 、 Computer access control 、 Sandbox (computer security)
摘要: In this paper, we present a mandatory access control system that uses input from multiple stakeholders to compose policies based on runtime information. the emerging open cell phone environment, many devices run software whose permissions depends stakeholders, such as device owner, service provider, application etc., rather than single administrator. However, current administration remains either discretionary, allowing running and perhaps compromised process administer permissions, or mandatory, requiring administrator know all for possible legal runs. A key problem is users may download arbitrary programs their devices, contain while some reasonable functionality. need in combination with other conflicting lead an attack, voice-over-IP calls. our approach, use "soft" sand-boxing mechanism first processes, request stakeholder authorize operations outside sandbox are not prohibited by policy, maintain execution role identify its state stakeholders. We define proxy policy server caches combines make decisions. Our framework was implemented modifying SELinux module using remote server, although local also possible. incur 0.288 ts performance overhead only when be consulted, new cached.
core.ac.uk
acm.org
elsevier.com
sci-hub.se 参考文章(11)
Terry White, Scott Kelby, The iphone book: how to do the things you want to do with your iphone Peachpit Press. ,(2007)
Abdelilah Essiari, William Johnston, Gary Hoo, Keith Jackson, Mary Thompson, Srilekha Mudumbai, Certificate-based access control for widely distributed resources usenix security symposium. pp. 17- 17 ,(1999)
Wenwu Zhu, Helen J. Wang, Chuanxiong Guo, Smart-Phone Attacks and Defenses ,(2004)
D. Elliott Bell, Leonard J. La Padula, Secure Computer System: Unified Exposition and Multics Interpretation Defense Technical Information Center. ,(1976) , 10.21236/ADA023588
Trent Jaeger, Xiaolan Zhang, Antony Edwards, Policy management using access control spaces ACM Transactions on Information and System Security. ,vol. 6, pp. 327- 364 ,(2003) , 10.1145/937527.937528
Piero Bonatti, Sabrina De Capitani di Vimercati, Pierangela Samarati, An algebra for composing access control policies ACM Transactions on Information and System Security. ,vol. 5, pp. 1- 35 ,(2002) , 10.1145/504909.504910
Jaehong Park, Ravi Sandhu, The UCON
ABC
usage control model ACM Transactions on Information and System Security. ,vol. 7, pp. 128- 174 ,(2004) , 10.1145/984334.984339
David F. Ferraiolo, D. Richard Kuhn, Ramaswamy Chandramouli, Role-Based Access Control ,(2003)
Patrick Traynor, Chaitrali Amrutkar, Vikhyath Rao, Trent Jaeger, Patrick McDaniel, Thomas La Porta, From mobile phones to responsible devices Security and Communication Networks. ,vol. 4, pp. 719- 726 ,(2011) , 10.1002/SEC.218
D.F.C. Brewer, M.J. Nash, The Chinese Wall security policy ieee symposium on security and privacy. pp. 206- 214 ,(1989) , 10.1109/SECPRI.1989.36295