Abstract
Host compromise is a serious security problem for operating systems. Most previous solutions based on integrity protection models are difficult to use; on the other hand, usable integrity protection models can only provide limited protection. This paper presents SecGuard, a secure and practical integrity protection model. To ensure the security of systems, SecGuard provides provable guarantees for operating systems to defend against three categories of threats: network-based threat, IPC communication threat and contaminative file threat. To ensure practicability, SecGuard introduces several novel techniques. For example, SecGuard leverages the information of existing discretionary access control information to initialize integrity labels for subjects and objects in the system. We developed the prototype system of SecGuard based on Linux Security Modules framework (LSM), and evaluated the security and practicability of SecGuard.
The first three authors of this paper are alphabetically ordered according to first names.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Li, N., Mao, Z., Chen, H.: Usable mandatory integrity protection for operating systems. In: IEEE Symposium on Security and Privacy, pp. 164–178 (2007)
Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M.: A domain and type enforcement unix prototype. Computing Systems 9(1), 47–83 (1996)
Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M., Haghighat, S.A.: Practical domain and type enforcement for UNIX. In: IEEE Symposium on Security and Privacy (1995)
NSA: Security enhanced linux, http://www.nsa.gov/selinux/
Apparmor application security for Linux, http://www.novell.com/linux/security/apparmor/
Cowan, C., Beattie, S., Kroah-Hartman, G., Pu, C., Wagle, P., Gligor, V.D.: Subdomain: Parsimonious server security. In: LISA, pp. 355–368 (2000)
LIDS: Linux intrusion detection system, http://www.lids.org/
Fraser, T.: Lomac: Low water-mark integrity protection for cots environments. In: IEEE Symposium on Security and Privacy, pp. 230–245 (2000)
Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux security modules: General security support for the linux kernel. In: USENIX Security Symposium, pp. 17–31 (2002)
Zhai, E., Shen, Q., Wang, Y., Yang, T., Ding, L., Qing, S.: Secguard: Secure and practical integrity protection model for operating systems. Technical Report PKU-TR-08-710, Peking University School of Software and Microelectronics (March 2010), http://infosec.pku.edu.cn/~zhaien/TRSecGuard.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhai, E., Shen, Q., Wang, Y., Yang, T., Ding, L., Qing, S. (2011). SecGuard: Secure and Practical Integrity Protection Model for Operating Systems. In: Du, X., Fan, W., Wang, J., Peng, Z., Sharaf, M.A. (eds) Web Technologies and Applications. APWeb 2011. Lecture Notes in Computer Science, vol 6612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20291-9_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-20291-9_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20290-2
Online ISBN: 978-3-642-20291-9
eBook Packages: Computer ScienceComputer Science (R0)