SecGuard: Secure and Practical Integrity Protection Model for Operating Systems

Zhai, Ennan; Shen, Qingni; Wang, Yonggang; Yang, Tao; Ding, Liping; Qing, Sihan

doi:10.1007/978-3-642-20291-9_38

Ennan Zhai^21,22,
Qingni Shen^21,23,24,
Yonggang Wang^23,24,
Tao Yang^23,24,
Liping Ding²² &
…
Sihan Qing^21,22

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6612))

Included in the following conference series:

Asia-Pacific Web Conference

1076 Accesses

Abstract

Host compromise is a serious security problem for operating systems. Most previous solutions based on integrity protection models are difficult to use; on the other hand, usable integrity protection models can only provide limited protection. This paper presents SecGuard, a secure and practical integrity protection model. To ensure the security of systems, SecGuard provides provable guarantees for operating systems to defend against three categories of threats: network-based threat, IPC communication threat and contaminative file threat. To ensure practicability, SecGuard introduces several novel techniques. For example, SecGuard leverages the information of existing discretionary access control information to initialize integrity labels for subjects and objects in the system. We developed the prototype system of SecGuard based on Linux Security Modules framework (LSM), and evaluated the security and practicability of SecGuard.

The first three authors of this paper are alphabetically ordered according to first names.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Li, N., Mao, Z., Chen, H.: Usable mandatory integrity protection for operating systems. In: IEEE Symposium on Security and Privacy, pp. 164–178 (2007)
Google Scholar
Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M.: A domain and type enforcement unix prototype. Computing Systems 9(1), 47–83 (1996)
Google Scholar
Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M., Haghighat, S.A.: Practical domain and type enforcement for UNIX. In: IEEE Symposium on Security and Privacy (1995)
Google Scholar
NSA: Security enhanced linux, http://www.nsa.gov/selinux/
Apparmor application security for Linux, http://www.novell.com/linux/security/apparmor/
Cowan, C., Beattie, S., Kroah-Hartman, G., Pu, C., Wagle, P., Gligor, V.D.: Subdomain: Parsimonious server security. In: LISA, pp. 355–368 (2000)
Google Scholar
LIDS: Linux intrusion detection system, http://www.lids.org/
Fraser, T.: Lomac: Low water-mark integrity protection for cots environments. In: IEEE Symposium on Security and Privacy, pp. 230–245 (2000)
Google Scholar
Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux security modules: General security support for the linux kernel. In: USENIX Security Symposium, pp. 17–31 (2002)
Google Scholar
Zhai, E., Shen, Q., Wang, Y., Yang, T., Ding, L., Qing, S.: Secguard: Secure and practical integrity protection model for operating systems. Technical Report PKU-TR-08-710, Peking University School of Software and Microelectronics (March 2010), http://infosec.pku.edu.cn/~zhaien/TRSecGuard.pdf

Download references

Author information

Authors and Affiliations

School of Software and Microelectronics, Peking University, China
Ennan Zhai, Qingni Shen & Sihan Qing
Institute of Software, Chinese Academy of Sciences, China
Ennan Zhai, Liping Ding & Sihan Qing
MoE Key Lab of Network and Software Assurance, Peking University, China
Qingni Shen, Yonggang Wang & Tao Yang
Network & Information Security Lab, Institute of Software, Peking University, China
Qingni Shen, Yonggang Wang & Tao Yang

Authors

Ennan Zhai
View author publications
You can also search for this author in PubMed Google Scholar
Qingni Shen
View author publications
You can also search for this author in PubMed Google Scholar
Yonggang Wang
View author publications
You can also search for this author in PubMed Google Scholar
Tao Yang
View author publications
You can also search for this author in PubMed Google Scholar
Liping Ding
View author publications
You can also search for this author in PubMed Google Scholar
Sihan Qing
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Information, Renmin University of China, 100872, Beijing, China
Xiaoyong Du
LFCS, School of Informatics, University of Edinburgh, 10 Crichton Street, EH8 9AB, Edinburgh, Scotland, UK
Wenfei Fan
School of Software, Tsinghua University, Room 819, Main Building, 100084, Beijing, China
Jianmin Wang
Computer School, Wuhan University, Luojiashan Road, 430072, Wuhan, Hubei, China
Zhiyong Peng
School of Information Technology and Electrical Engineering, The University of Queensland, QLD 4072, St. Lucia, Australia
Mohamed A. Sharaf

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Zhai, E., Shen, Q., Wang, Y., Yang, T., Ding, L., Qing, S. (2011). SecGuard: Secure and Practical Integrity Protection Model for Operating Systems. In: Du, X., Fan, W., Wang, J., Peng, Z., Sharaf, M.A. (eds) Web Technologies and Applications. APWeb 2011. Lecture Notes in Computer Science, vol 6612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20291-9_38

Download citation

DOI: https://doi.org/10.1007/978-3-642-20291-9_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20290-2
Online ISBN: 978-3-642-20291-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics