Enforcement of integrated security policy in trusted operating systems

Authors:
Hyung Chan Kim;R. S. Ramakrishna;Wook Shin;Kouichi Sakurai
Affiliations:
Department of Information and Communications, Gwangju Institute of Science and Technology, Gwangju, Rep. of Korea;Department of Information and Communications, Gwangju Institute of Science and Technology, Gwangju, Rep. of Korea;Department of Computer Science, University of Illinois at Urbana-Champaign, IL;Faculty of Computer Science and Communication Engineering, Kyushu University, Fukuoka, Japan
Venue:
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Year:
2007

Citing 17
Cited 0

Role-Based Access Control Models

Computer
SASI enforcement of security policies: a retrospective

Proceedings of the 1999 workshop on New security paradigms
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Remus: a security-enhanced operating system

ACM Transactions on Information and System Security (TISSEC)
Some Alternative Formulations of the Event Calculus

Computational Logic: Logic Programming and Beyond, Essays in Honour of Robert A. Kowalski, Part II
Integrating Flexible Support for Security Policies into the Linux Operating System

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Linux Security Modules: General Security Support for the Linux Kernel

Proceedings of the 11th USENIX Security Symposium
On Preventing Intrusions by Process Behavior Monitoring

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
BlueBoX: A policy-driven, host-based intrusion detection system

ACM Transactions on Information and System Security (TISSEC)
Using Event Calculus to Formalise Policy Specification and Analysis

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Utilising the Event Calculus for Policy Driven Adaptation on Mobile Systems

POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Consistency analysis of authorization hook placement in the Linux security modules framework

ACM Transactions on Information and System Security (TISSEC)
Extended Role Based Access Control with Procedural Constraints for Trusted Operating Systems

IEICE - Transactions on Information and Systems
The flask security architecture: system support for diverse security policies

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A domain and type enforcement UNIX prototype

SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Design and implementation of an extended reference monitor for trusted operating systems

ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Security checker architecture for policy-based security management

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The main focus of Trusted Operating System (TOS) research these days is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. It is desirable, therefore, to enforce an integrated security policy that includes both behavioral security and access control policies. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which is also of concern in security enforcement. This paper presents the design of the extended reference monitor for integrated policy enforcement and describes its implementation in Linux operating systems.