Operating System Security Policy Hardening via Capability Dependency Graphs

  • Zhihui HanEmail author
  • Liang Cheng
  • Yang Zhang
  • Dengguo Feng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9065)


An operating system relies heavily on its access control mechanism to defend against various attacks. The complexities of modern access control mechanisms and the scale of possible configurations are often overwhelming to system administrators and software developers. Therefore, misconfigurations are very common and the security consequences are serious. It is very necessary to detect and eliminate these misconfigurations. We propose an automated and systematic approach to address how to correct the misconfigurations based on capability dependency graph generating and MaxSAT solving. Given the attacker’s initial capabilities, we first automatically generate a capability dependency graph to describe attacker’s potential capabilities and the dependency relationships among these capabilities. Based on the capability dependency graph, we then develop a solution to automate the task of hardening operating system security policy against multi-step attacks resulting from misconfigurations. In this solution, we first represent each capability obtained by an attacker as a propositional logic formula of initial conditions, and then transfer the policy hardening problem to a MaxSAT problem. Finally, we present a notation called normal capability loss to aid an administrator to select an optimal hardening solution leading to minimum system usability loss. We apply our approach to analyze misconfigurations in Ubuntu10.04 shipped with SELinux and study an attack case to evaluate the effectiveness of our approach.


Operating System Access Control Security Policy Misconfigurations Capability Dependency Graph MaxSAT 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chen, H., Li, N., Gates, C.S., Mao, Z.: Towards analyzing complex operating system access control configurations. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, pp. 13–22 (June 2010)Google Scholar
  2. 2.
    Chen, H., Li, N., Mao, Z.: Analyzing and comparing the protection quality of security enhanced operating systems. In: Proceedings of the 16th Network and Distributed System Security Symposium, NDSS 2009 (February 2009)Google Scholar
  3. 3.
    Cheng, L., Zhang, Y., Han, Z.: Quantitatively measure access control mechanisms across different operating systems. In: 2013 IEEE 7th International Conference on Software Security and Reliability (SERE), pp. 50–59. IEEE (2013)Google Scholar
  4. 4.
    Diamah, A., Mohammadian, M., Balachandran, B.M.: Network security evaluation method via attack graphs and fuzzy cognitive maps. In: Intelligent Decision Technologies, pp. 433–440. Springer (2012)Google Scholar
  5. 5.
    Govindavajhala, S., Appel, A.W.: Windows access control demystified. Technical report, Technical Report TR-744-06, Department of Computer Science, Princeton University (January 2006)Google Scholar
  6. 6.
    Govindavajhala, S., Appel, A.W.: Automatic configuration vulnerability analysis. Technical report, Technical Report TR-773-07, Department of Computer Science, Princeton University (February 2007)Google Scholar
  7. 7.
    Han, Z., Cheng, L., Zhang, Y., Feng, D.: Measuring and comparing the protection quality in different operating systems. In: Network and System Security, pp. 642–648. Springer (2013)Google Scholar
  8. 8.
    Heras, F., Morgado, A., Marques-Silva, J.: An empirical study of encodings for group maxsat. In: Advances in Artificial Intelligence, pp. 85–96. Springer (2012)Google Scholar
  9. 9.
    Homer, J., Ou, X.: Sat-solving approaches to context-aware enterprise network security management. IEEE Journal on Selected Areas in Communications 27(3), 315–322 (2009)CrossRefGoogle Scholar
  10. 10.
    Huang, H., Zhang, S., Ou, X., Prakash, A., Sakallah, K.: Distilling critical attack graph surface iteratively through minimum-cost sat solving. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 31–40. ACM (2011)Google Scholar
  11. 11.
    Huth, M., Ryan, M.: Logic in Computer Science: Modelling and reasoning about systems, 2nd edn. Cambridge University Press (2007)Google Scholar
  12. 12.
    Le Berre, D., Parrain, A., et al.: The sat4j library, release 2.2, system description. Journal on Satisfiability, Boolean Modeling and Computation 7, 59–64 (2010)Google Scholar
  13. 13.
    Naldurg, P., Raghavendra, K.R.: Seal: a logic programming framework for specifying and verifying access control models. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, pp. 83–92 (June 2011)Google Scholar
  14. 14.
    Naldurg, P., Schwoon, S., Rajamani, S.K., Lambert, J., Lambert, J.: Netra:seeing through access control. In: Proceedings of the 4th ACM Workshop on Formal Methods in Security Engineering, pp. 55–66 (2006)Google Scholar
  15. 15.
    Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: 2003 Proceedings of the 19th Annual Computer Security Applications Conference, pp. 86–95. IEEE (2003)Google Scholar
  16. 16.
    Ou, X., Appel, A.W.: A logic-programming approach to network security analysis. Phd, Princeton University Princeton (2005)Google Scholar
  17. 17.
    Ou, X., Govindavajhala, S., Appel, A.W.: Mulval: A logic-based network security analyzer. In: USENIX Security (2005)Google Scholar
  18. 18.
    Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Computer Communications 29(18), 3812–3824 (2006)CrossRefGoogle Scholar
  19. 19.
    Wang, S., Zhang, Z., Kadobayashi, Y.: Exploring attack graph for cost-benefit security hardening: A probabilistic approach. Computers and Security 32, 158–169 (2013)CrossRefGoogle Scholar
  20. 20.
    Zhu, Z., Li, C.-M., Manyà, F., Argelich, J.: A new encoding from minSAT into maxSAT. In: Milano, M. (ed.) CP 2012. LNCS, vol. 7514, pp. 455–463. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Zhihui Han
    • 1
    Email author
  • Liang Cheng
    • 1
  • Yang Zhang
    • 1
  • Dengguo Feng
    • 1
  1. 1.Institute of Software, Chinese Academy of SciencesBeijingChina

Personalised recommendations