Abstract
As the fundamental software to guarantee information security, operating system is desired to support various security policies flexibly and to control the propagation and revocation of access rights efficiently. This paper presents a design and implementation of Policy Flexible Architecture (PFA) for secure operating system to achieve the coordination, extensibility, consistency and dynamic configuration of security policies. Through a thorough analysis of all related facilities, PFA classifies policy constructions into several levels according to their effects on security status; PFA emphasizes on centralized management of security policy as well as on centralized maintainability of security attributes; for the first time PFA gives revocation rules to specify how and when to revoke permissions. PFA has been applied to our Secure Enhanced Linux Operating System, and the experiment shows that the system holds at least three advantages. First, it helps users to choose intended security policies flexibly. Besides it supports users to add new security policies according to specific security requirements easily. Finally it sets permission revocations immediately and gets no significant performance penalty.
- D. Mazieres, M. Kaashoek. Secure Applications Need Flexible Operating Systems. The 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), pp. 56--61, 1997.]] Google ScholarDigital Library
- R. Spencer, The Flask Security Architecture: System Support for Diverse Security Policies. The 8th USENIX Security Symposium, 1999.]] Google ScholarDigital Library
- M. D. Abrams, L. LaPadula, et.al. Generalized Framework for Access Control: An Informal Description. Proc. of the 13th National Computer Security Conference, pp. 135--143, Oct. 1990.]]Google Scholar
- A. Ott, The Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension. Proc. of the 8th International Linux Congress, November, 2001.]]Google Scholar
- R. S. Sandhu, Role-Based Access Control Models. IEEE Computer 29(2): 38--47, IEEE Press, 1996.]] Google ScholarDigital Library
- N. Damianou, The Ponder Policy Specification Language. Proc. Policy 2001: Workshop on Policies for Distributed Systems and Networks, Bristol, UK, pp. 29--31, Jan. 2001.]] Google ScholarDigital Library
- C. Ribeiro. SPL: An access control language for security policies with complex constraints. Proc. Of Network and Distributed System Security Symposium, 2001.]]Google Scholar
- America Department of Defense, Trusted Computer System Evaluation Criteria, CSC-STD-001-83, Aug 1983.]]Google Scholar
- K. M. Walker, Confining Root Programs with Domain and Type Enforcement. The 6th USENIX Security Symposium, August 1996]] Google ScholarDigital Library
- L. LaPadula, A Rule-Set Approach to Formal Modeling of a Trusted Computer System. Computing Systems Journal, Vol 7, No 1, pp. 113--167, 1994.]] Google ScholarDigital Library
- P. Bonatti, A modular approach to composing access control policies. Proc. of the 7th ACM Conference on Computer and Communications Security, 2000.]] Google ScholarDigital Library
- P. A. Karger, New Methods for Immediate Revocation. Proc. of the 1989 IEEE Symposium on Security and Privacy, pp. 48--55, May 1989.]]Google ScholarCross Ref
- M. Bernaschi, Operating system enhancements to prevent the misuse of system calls. Proc. of the 7th ACM Conference on Computer and Communications Security, pp. 174--183, 2000.]] Google ScholarDigital Library
- P. Loscocco, S. Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System. Proc. of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX'01), pp. 29--42, June 2001.]] Google ScholarDigital Library
- J. Fassino, J. B. Stefani, J. L. Lawall, G. Muller, Think: A Software Framework for Component-based Operating System Kernels, Proc. of the General Track: 2002 USENIX Annual Technical Conference, p. 73--86, June 10-15, 2002]] Google ScholarDigital Library
- C. Rippert: Protection in flexible operating system architectures, ACM SIGOPS Operating Systems Review, Volume 37, 2003]] Google ScholarDigital Library
Index Terms
- A policy flexible architecture for secure operating system
Recommendations
Simplifying security policy descriptions for internet servers in secure operating systems
SAC '09: Proceedings of the 2009 ACM symposium on Applied ComputingSecure operating systems (secure OSes) are widely used to limit the damage caused by unauthorized access to Internet servers. However, writing a security policy based on the principle of least privilege for a secure OS is a challenge for an ...
Protection in flexible operating system architectures
This paper presents our work concerning flexibility and protection in operating system kernels. In most existing operating systems, security is enforced at the price of flexibility by imposing protection models on the system programmer when building his ...
Comments