Abstract
Protection deals with the enforcement of integrity and confidentiality. Integrity violations often lead to confidentiality vulnerabilities. This paper proposes a novel approach of Mandatory Access Control enforcement for guaranteeing a large range of integrity properties. In the literature, many integrity models are proposed such as the Biba model, data integrity, subject integrity, domain integrity and Trusted Path Execution. There can be numerous integrity models. In practice, an administrator needs to combine various integrity models. The major limitations of existing solutions deal first with the support of indirect activities aiming at violating integrity and second with the impossibility to extend existing models or even define new ones.
This paper proposes a novel framework for expressing integrity requirements associated with direct or indirect activities, mostly in terms of information flows. It presents a formalization for the major integrity properties of the literature. The formalization of the required security is efficient and a straightforward enforcement is proposed. In contrast with our previous work, an information flow graph provides a dynamic analysis of the requested properties.
The paper also provides a MAC implementation that enforces every integrity property supported by our formalization. Thus, a system call fails if it could violate the required security properties.
A large scale experiment on high interaction honeypots shows the relevance, robustness and efficiency of our approach. This experimentation sets up two kinds of hosts. Hosts with our solution in IDS mode detect the violation of the requested properties. That IDS allows us to verify the completeness of our MAC protection. Hosts with our MAC protection guarantee all the required properties.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Committee on National Security Systems. National Information Assurance Glossary, CNSS Instruction No. 4009, 23 (April 2010)
Biba, K.J.: Integrity considerations for secure computer systems, tech. rep., MITRE Corp., 04 (1977)
Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations, tech. rep., Technical Report MTR-2547 (1973)
Lee, T.: Using mandatory integrity to enforce ‘commercial’ security. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 140–146 (April 1988)
Ko, C., Redmond, T.: Noninterference and intrusion detection. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 177–187 (2002)
Goguen, J., Meseguer, J.: Security policies and security models. In: Proc. 1982 IEEE Symp. Security and Privacy, Oakland, CA, pp. 11–20. IEEE, Los Alamitos (1982)
Rahimi, N.A.: Trusted path execution for the linux 2.6 kernel as a linux security module. In: ATEC 2004: Proceedings of the Annual Conference on USENIX Annual Technical Conference, Berkeley, CA, USA, pp. 34–34. USENIX Association (2004)
Clark, D.D., Wilson, D.R.: A Comparison of Commercial and Military Computer Security Policies. In: IEEE Symposium on Security and Privacy, pp. 184–194. IEEE Computer Society Press, Los Alamitos (1987)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Roscoe, A.W., Hoare, C.A.R., Bird, R.: The Theory and Practice of Concurrency. Prentice Hall PTR, Upper Saddle River (1997)
Clarkson, M.R., Schneider, F.B.: Hyperproperties. In: IEEE 21st Computer Security Foundations Symposium, CSF 2008, pp. 51–65 (June 2008)
Bauer, L., Ligatti, J., Walker, D.: More Enforceable Security Policies. Foundations of Computer Security, 95 (2002)
Terry, P., Wiseman, S.: A ‘new’ security policy model. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 215–228 (May 1989)
Briffaut, J., Lalande, J.-F., Toinard, C.: Formalization of security properties: enforcement for mac operating systems and verification of dynamic mac policies. International Journal on Advances in Security 2, 325–343 (2009)
Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making information flow explicit in histar. In: OSDI 2006: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, Berkeley, CA, USA, pp. 19–19. USENIX Association (2006)
Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information flow control for standard os abstractions. SIGOPS Oper. Syst. Rev. 41(6), 321–334 (2007)
Efstathopoulos, P., Kohler, E.: Manageable fine-grained information flow. SIGOPS Oper. Syst. Rev. 42(4), 301–313 (2008)
TRESYS., Setools–policy analysis tools for selinux (2010)
Briffaut, J., Rouzaud-Cornabas, J., Toinard, C., Zemali, Y.: A new approach to enforce the security properties of a clustered high-interaction honeypot. In: Guha, R.K., Spalazzi, L. (eds.) Workshop on Security and High Performance Computing Systems, Leipzig, Germany, June 2009, pp. 184–192. IEEE Computer Society, Los Alamitos (2009)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)
Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The flask security architecture: system support for diverse security policies. In: SSYM 1999: Proceedings of the 8th Conference on USENIX Security Symposium, Berkeley, CA, USA, pp. 11–11. USENIX Association (1999)
Mao, Z., Li, N., Chen, H., Jiang, X.: Trojan horse resistant discretionary access control. In: SACMAT 2009: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, New York, NY, USA, pp. 237–246. ACM, New York (2009)
Liang, H., Sun, Y.: Enforcing mandatory integrity protection in operating system. In: ICCNMC 2001: Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing (ICCNMC 2001), Washington, DC, USA, p. 435. IEEE Computer Society, Los Alamitos (2001)
Li, N., Mao, Z., Chen, H.: Usable mandatory integrity protection for operating systems. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 164–178 (May 2007)
Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21, 5–19 (2003)
Mohay, G., Zellers, J.: Kernel and shell based applications integrity assurance. In: Proceedings of 13th Annual Computer Security Applications Conference, pp. 34–43 (December 1997)
Iglio, P.: Trustedbox: a kernel-level integrity checker. In: 15th Annual Proceedings of Computer Security Applications Conference (ACSAC 1999), pp. 189–198 (1999)
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: SSYM 2004: Proceedings of the 13th Conference on USENIX Security Symposium, Berkeley, CA, USA, pp. 16–16. USENIX Association (2004)
Quynh, N.A., Takefuji, Y.: A real-time integrity monitor for xen virtual machine. In: ICNS 2006: Proceedings of the International Conference on Networking and Services, Washington, DC, USA, p. 90. IEEE Computer Society, Los Alamitos (2006)
Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: virtualizing the trusted platform module. In: USENIX-SS 2006: Proceedings of the 15th Conference on USENIX Security Symposium, Berkeley, CA, USA, USENIX Association (2006)
Xu, M., Jiang, X., Sandhu, R., Zhang, X.: Towards a VMM-based usage control framework for OS kernel integrity protection. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, p. 80. ACM, New York (2007)
Rouzaud Cornabas, J., Clemente, P., Toinard, C.: An Information Flow Approach for Preventing Race Conditions: Dynamic Protection of the Linux OS (best paper award). In: Fourth International Conference on Emerging Security Information, Systems and Technologies SECURWARE 2010, Venise Italy (July 2010)
Uppuluri, P., Joshi, U., Ray, A.: Preventing race condition attacks on file-systems. In: SAC 2005: Proceedings of the 2005 ACM Symposium on Applied Computing, pp. 346–353. ACM, New York (2005)
McVoy, L., Staelin, C.: lmbench: portable tools for performance analysis. In: ATEC 1996: Proceedings of the 1996 Annual Conference on USENIX Annual Technical Conference, Berkeley, CA, USA, pp. 23–23. USENIX Association (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Clemente, P., Rouzaud-Cornabas, J., Toinard, C. (2010). From a Generic Framework for Expressing Integrity Properties to a Dynamic mac Enforcement for Operating Systems. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science XI. Lecture Notes in Computer Science, vol 6480. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17697-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-17697-5_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17696-8
Online ISBN: 978-3-642-17697-5
eBook Packages: Computer ScienceComputer Science (R0)