Skip to main content
SpringerLink
Log in

From a Generic Framework for Expressing Integrity Properties to a Dynamic mac Enforcement for Operating Systems

  • Chapter
Transactions on Computational Science XI

Part of the book series: Lecture Notes in Computer Science ((TCOMPUTATSCIE,volume 6480))

Abstract

Protection deals with the enforcement of integrity and confidentiality. Integrity violations often lead to confidentiality vulnerabilities. This paper proposes a novel approach of Mandatory Access Control enforcement for guaranteeing a large range of integrity properties. In the literature, many integrity models are proposed such as the Biba model, data integrity, subject integrity, domain integrity and Trusted Path Execution. There can be numerous integrity models. In practice, an administrator needs to combine various integrity models. The major limitations of existing solutions deal first with the support of indirect activities aiming at violating integrity and second with the impossibility to extend existing models or even define new ones.

This paper proposes a novel framework for expressing integrity requirements associated with direct or indirect activities, mostly in terms of information flows. It presents a formalization for the major integrity properties of the literature. The formalization of the required security is efficient and a straightforward enforcement is proposed. In contrast with our previous work, an information flow graph provides a dynamic analysis of the requested properties.

The paper also provides a MAC implementation that enforces every integrity property supported by our formalization. Thus, a system call fails if it could violate the required security properties.

A large scale experiment on high interaction honeypots shows the relevance, robustness and efficiency of our approach. This experimentation sets up two kinds of hosts. Hosts with our solution in IDS mode detect the violation of the requested properties. That IDS allows us to verify the completeness of our MAC protection. Hosts with our MAC protection guarantee all the required properties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Committee on National Security Systems. National Information Assurance Glossary, CNSS Instruction No. 4009, 23 (April 2010)

    Google Scholar 

  2. Biba, K.J.: Integrity considerations for secure computer systems, tech. rep., MITRE Corp., 04 (1977)

    Google Scholar 

  3. Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations, tech. rep., Technical Report MTR-2547 (1973)

    Google Scholar 

  4. Lee, T.: Using mandatory integrity to enforce ‘commercial’ security. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 140–146 (April 1988)

    Google Scholar 

  5. Ko, C., Redmond, T.: Noninterference and intrusion detection. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 177–187 (2002)

    Google Scholar 

  6. Goguen, J., Meseguer, J.: Security policies and security models. In: Proc. 1982 IEEE Symp. Security and Privacy, Oakland, CA, pp. 11–20. IEEE, Los Alamitos (1982)

    Google Scholar 

  7. Rahimi, N.A.: Trusted path execution for the linux 2.6 kernel as a linux security module. In: ATEC 2004: Proceedings of the Annual Conference on USENIX Annual Technical Conference, Berkeley, CA, USA, pp. 34–34. USENIX Association (2004)

    Google Scholar 

  8. Clark, D.D., Wilson, D.R.: A Comparison of Commercial and Military Computer Security Policies. In: IEEE Symposium on Security and Privacy, pp. 184–194. IEEE Computer Society Press, Los Alamitos (1987)

    Google Scholar 

  9. Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)

    Article  Google Scholar 

  10. Roscoe, A.W., Hoare, C.A.R., Bird, R.: The Theory and Practice of Concurrency. Prentice Hall PTR, Upper Saddle River (1997)

    Google Scholar 

  11. Clarkson, M.R., Schneider, F.B.: Hyperproperties. In: IEEE 21st Computer Security Foundations Symposium, CSF 2008, pp. 51–65 (June 2008)

    Google Scholar 

  12. Bauer, L., Ligatti, J., Walker, D.: More Enforceable Security Policies. Foundations of Computer Security, 95 (2002)

    Google Scholar 

  13. Terry, P., Wiseman, S.: A ‘new’ security policy model. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 215–228 (May 1989)

    Google Scholar 

  14. Briffaut, J., Lalande, J.-F., Toinard, C.: Formalization of security properties: enforcement for mac operating systems and verification of dynamic mac policies. International Journal on Advances in Security 2, 325–343 (2009)

    Google Scholar 

  15. Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making information flow explicit in histar. In: OSDI 2006: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, Berkeley, CA, USA, pp. 19–19. USENIX Association (2006)

    Google Scholar 

  16. Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information flow control for standard os abstractions. SIGOPS Oper. Syst. Rev. 41(6), 321–334 (2007)

    Article  Google Scholar 

  17. Efstathopoulos, P., Kohler, E.: Manageable fine-grained information flow. SIGOPS Oper. Syst. Rev. 42(4), 301–313 (2008)

    Article  Google Scholar 

  18. TRESYS., Setools–policy analysis tools for selinux (2010)

    Google Scholar 

  19. Briffaut, J., Rouzaud-Cornabas, J., Toinard, C., Zemali, Y.: A new approach to enforce the security properties of a clustered high-interaction honeypot. In: Guha, R.K., Spalazzi, L. (eds.) Workshop on Security and High Performance Computing Systems, Leipzig, Germany, June 2009, pp. 184–192. IEEE Computer Society, Los Alamitos (2009)

    Google Scholar 

  20. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  21. Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The flask security architecture: system support for diverse security policies. In: SSYM 1999: Proceedings of the 8th Conference on USENIX Security Symposium, Berkeley, CA, USA, pp. 11–11. USENIX Association (1999)

    Google Scholar 

  22. Mao, Z., Li, N., Chen, H., Jiang, X.: Trojan horse resistant discretionary access control. In: SACMAT 2009: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, New York, NY, USA, pp. 237–246. ACM, New York (2009)

    Chapter  Google Scholar 

  23. Liang, H., Sun, Y.: Enforcing mandatory integrity protection in operating system. In: ICCNMC 2001: Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing (ICCNMC 2001), Washington, DC, USA, p. 435. IEEE Computer Society, Los Alamitos (2001)

    Chapter  Google Scholar 

  24. Li, N., Mao, Z., Chen, H.: Usable mandatory integrity protection for operating systems. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 164–178 (May 2007)

    Google Scholar 

  25. Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21, 5–19 (2003)

    Article  Google Scholar 

  26. Mohay, G., Zellers, J.: Kernel and shell based applications integrity assurance. In: Proceedings of 13th Annual Computer Security Applications Conference, pp. 34–43 (December 1997)

    Google Scholar 

  27. Iglio, P.: Trustedbox: a kernel-level integrity checker. In: 15th Annual Proceedings of Computer Security Applications Conference (ACSAC 1999), pp. 189–198 (1999)

    Google Scholar 

  28. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: SSYM 2004: Proceedings of the 13th Conference on USENIX Security Symposium, Berkeley, CA, USA, pp. 16–16. USENIX Association (2004)

    Google Scholar 

  29. Quynh, N.A., Takefuji, Y.: A real-time integrity monitor for xen virtual machine. In: ICNS 2006: Proceedings of the International Conference on Networking and Services, Washington, DC, USA, p. 90. IEEE Computer Society, Los Alamitos (2006)

    Chapter  Google Scholar 

  30. Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: virtualizing the trusted platform module. In: USENIX-SS 2006: Proceedings of the 15th Conference on USENIX Security Symposium, Berkeley, CA, USA, USENIX Association (2006)

    Google Scholar 

  31. Xu, M., Jiang, X., Sandhu, R., Zhang, X.: Towards a VMM-based usage control framework for OS kernel integrity protection. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, p. 80. ACM, New York (2007)

    Google Scholar 

  32. Rouzaud Cornabas, J., Clemente, P., Toinard, C.: An Information Flow Approach for Preventing Race Conditions: Dynamic Protection of the Linux OS (best paper award). In: Fourth International Conference on Emerging Security Information, Systems and Technologies SECURWARE 2010, Venise Italy (July 2010)

    Google Scholar 

  33. Uppuluri, P., Joshi, U., Ray, A.: Preventing race condition attacks on file-systems. In: SAC 2005: Proceedings of the 2005 ACM Symposium on Applied Computing, pp. 346–353. ACM, New York (2005)

    Google Scholar 

  34. McVoy, L., Staelin, C.: lmbench: portable tools for performance analysis. In: ATEC 1996: Proceedings of the 1996 Annual Conference on USENIX Annual Technical Conference, Berkeley, CA, USA, pp. 23–23. USENIX Association (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ensi de Bourges – LIFO, Université d’Orléans, 88 bd Lahitolle, 18020, Bourges Cédex, France

    Patrice Clemente, Jonathan Rouzaud-Cornabas & Christian Toinard

Authors
  1. Patrice Clemente
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jonathan Rouzaud-Cornabas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christian Toinard
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary , 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  2. Exascala Ltd. , Unit 9, 97 Rickman Drive, B15 2AL, Birmingham, UK

    C. J. Kenneth Tan

  3. DCOMP/UFS - Federal University of Sergipe , Aracaju, SE, Brazil

    Edward David Moreno

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Clemente, P., Rouzaud-Cornabas, J., Toinard, C. (2010). From a Generic Framework for Expressing Integrity Properties to a Dynamic mac Enforcement for Operating Systems. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science XI. Lecture Notes in Computer Science, vol 6480. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17697-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17697-5_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17696-8

  • Online ISBN: 978-3-642-17697-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation