A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
ACM SIGPLAN Notices
Cryptographic sealing for information secrecy and authentication
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
The Design and Implementation of a Transparent Cryptographic File System for UNIX
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Cryptographic access control in a distributed file system
Proceedings of the eighth ACM symposium on Access control models and technologies
Analyzing Security-Enhanced Linux Policy Specifications
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Towards a formal model for security policies specification and validation in the selinux system
Proceedings of the ninth ACM symposium on Access control models and technologies
Enhanced Security Models for Operating Systems: A Cryptographic Approach
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Volume 01
An overview of the Amoeba distributed operating system
ACM SIGOPS Operating Systems Review
DRM, trusted computing and operating system architecture
ACSW Frontiers '05 Proceedings of the 2005 Australasian workshop on Grid computing and e-research - Volume 44
Plutus: Scalable Secure File Sharing on Untrusted Storage
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Securing distributed storage: challenges, techniques, and systems
Proceedings of the 2005 ACM workshop on Storage security and survivability
Practical Unix & Internet Security, 3rd Edition
Practical Unix & Internet Security, 3rd Edition
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
| Hi-index | 0.00 |
The overwhelming majority of existing access control schemes use active protection mechanisms where a security kernel enforces policy based upon an identity label assigned to each process. However, this design is fragile as a result of widely-used but flawed privilege architectures where all special privileges are assigned to a single identity. As a result, this account is required for all administrative tasks and, in practice, is often compromised leading to system-wide security failure. This paper describes an alternative, `locks and keys' based access control architecture which leverages the passive nature of cryptography as a protection mechanism to limit the impact of this problem. This is more flexible than existing cryptographic file systems since it provides the same features as conventional access control schemes. Furthermore, it achieves its specified security objectives of confidentiality and verifiable integrity even in the face of an attacker who can bypass the security kernel and directly modify objects on the disk. This addresses the need for stronger security architectures in contemporary operating systems while presenting the user with the simple and well-understood interface of an access control scheme.