An OS security protection model for defeating attacks from network

Authors:
Zhiyong Shan;Qiuyue Wang;Xiaofeng Meng
Affiliations:
School of Information, Renmin University of China;School of Information, Renmin University of China;School of Information, Renmin University of China
Venue:
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Year:
2007

Citing 11
Cited 0

Role-Based Access Control Models

Computer
LOMAC: MAC You Can Live With

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Integrating Flexible Support for Security Policies into the Linux Operating System

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Practical Domain and Type Enforcement for UNIX

SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
LOMAC: Low Water-Mark Integrity Protection for COTS Environments

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Backtracking intrusions

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Backtracking intrusions

ACM Transactions on Computer Systems (TOCS)
The taser intrusion recovery system

Proceedings of the twentieth ACM symposium on Operating systems principles
Improving host security with system call policies

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
A domain and type enforcement UNIX prototype

SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Domain and type enforcement for linux

ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security threats to operating systems today largely come from network. Traditional discretionary access control mechanism alone can hardly defeat them. Although traditional mandatory access control models can effectively protect the security of OS, they have problems of application incompatibility and administration complexity. In this paper, we propose a new model, Suspicious-Taint-Based Access Control (STBAC) model, for defeating network attacks while maintaining good compatibility, simplicity and system performance. STBAC regards processes using Non-Trustable-Communications as starting points of suspicious taint, traces activities of the suspiciously tainted processes by taint rules, and forbids the suspiciously tainted processes to illegally access vital resources by protection rules. Even in the cases when some privileged processes are subverted, STBAC can still protect vital resources from being compromised by the intruder. We implemented the model in the Linux kernel and evaluated it through experiments. The evaluation showed that STBAC could protect vital resources effectively without significant impact on compatibility and performance.