Abstract
Trusted subjects are inevitably parts of multi-level security systems or trusted networks. They can introduce security risk into system, as they don’t comply with *-property in Bell LaPadula model. It’s an important work to determine which subjects are trusted from hundreds and thousands of applications, and what their security requirements are during the developing and deploying secure operating systems. In this paper, an approach is proposed to address these issues based on information flow and risk analysis. Type enforcement specification is used as a base for information flow analysis and then finding out trusted subjects and their security requirements:security label range and security assurance level.
Supported by the National Natural Science Foundation of China(No. 90818012), the Knowledge Innovation Program of the Chinese Academy of Sciences(No. KGCXZ-YW-125) and the National Program for Core Electronics, Advanced Chips and Fundamental Software(2009ZX01039-002-001).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
15408, I.: Common criteria for information technology security evaluation part 3: Security assurance components. Tech. Rep. CCMB-2009-07-003, Common Criteria (July 2009)
Bell, D.E.: Secure computer systems: A retrospective. In: Proceedings of the 1983 IEEE Symposium on Security and Privacy, pp. 161–162. IEEE Computer Society, Washington, DC, USA (1983)
Bell, D.E.: Secure computer systems: A network interpretation. In: 2nd Aerospace Computer Security Conference, pp. 32–39. IEEE Computer Society, Los Alamitos (1986)
Bell, D.E.: Security policy modeling for the next-generation packet switch. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 212–216. IEEE Computer Society, Washington, DC, USA (1988)
Bell, D.E., LaPadula, L.J.: Secure computer system: a mathematical model. Tech. Rep. ESD-TR-73-278, Electronic System Division, Air Force Systems Commond (November 1973)
Bell, D.E., LaPadula, L.J.: Secure computer system:unified exposition and multics interpretation. Tech. Rep. MTR-2997 Rev.1, Mitre Corporation (March 1976)
Chong, S., Myers, A.C.: Security policies for downgrading. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 198–209. ACM, New York (2004)
Department of Defense Trusted computer system evaluation criteria. Tech. Rep. DoD 5200.28-STD, Natioinal Computer Security Center (December 1985)
Foley, S.: A model for secure information flow. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 212–216. IEEE Computer Society, Washington, DC, USA (1989)
Gligor, V.D., Chandersekaran, C.S., Chapman, R.S., Dotterer, L.J., Hecht, M.S., Jiang, W.D., Johri, A., Luckenbaugh, G.L., Vasudevan, N.: Design and implementation of secure xenix. IEEE Trans. Softw. Eng. 13(2), 208–221 (1987)
Hicks, B., Rueda, S., St.Clair, L., Jaeger, T., McDaniel, P.: A logical specification and analysis for selinux mls policy. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, SACMAT 2007, pp. 91–100. ACM, New York (2007)
Janáček, J.: Two dimensional labelled security model with partially trusted subjects and its enforcement using sELinux DTE mechanism. In: Zavoral, F., Yaghob, J., Pichappan, P., El-Qawasmeh, E. (eds.) NDT 2010. Communications in Computer and Information Science, vol. 87, pp. 259–272. Springer, Heidelberg (2010)
Landauer, J., Redmond, T., Benzel, T.: Formal policies for trusted processes. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 31–40. IEEE Computer Society, Washington, DC, USA (1989)
Mayer, F.: An interpretation of a refined bell-la padula model for the tmach kernel. In: 4th Aerospace Computer Security Applications Conference, pp. 368–378. IEEE Computer Society Press, Los Alamitos (December 1988)
NCSC: Trusted network interpretation of the trusted computer system evaluation criteria. Tech. Rep. NCSC-TG-005, National Computer Security Center (July 1987)
Yan-Jun, W., Hong-Liang, L., Chen, Z.: A multi-level security model with least privilege support for trusted subject. Journal of Software 18(3), 730–738 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, S., He, Y. (2011). Trusted Subjects Configuration Based on TE Model in MLS Systems. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2010. Lecture Notes in Computer Science, vol 6802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25283-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-25283-9_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25282-2
Online ISBN: 978-3-642-25283-9
eBook Packages: Computer ScienceComputer Science (R0)