Cut me some security

Authors:
Divya Muthukumaran;Sandra Rueda;Hayawardh Vijayakumar;Trent Jaeger
Affiliations:
Pennsylvania State University, University Park, PA, USA;Pennsylvania State University, University Park, PA, USA;Pennsylvania State University, University Park, PA, USA;Pennsylvania State University, University Park, PA, USA
Venue:
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Year:
2010

Citing 12
Cited 0

A decentralized model for information flow control

Proceedings of the sixteenth ACM symposium on Operating systems principles
A lattice model of secure information flow

Communications of the ACM
Improving the granularity of access control for Windows 2000

ACM Transactions on Information and System Security (TISSEC)
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation

Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Enumerating disjunctions and conjunctions of paths and cuts in reliability theory

Discrete Applied Mathematics
Making information flow explicit in HiStar

OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Confining root programs with domain and type enforcement (DTE)

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Information flow control for standard OS abstractions

Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
The developer is the enemy

Proceedings of the 2008 workshop on New security paradigms
Improving application security with data flow assertions

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Automating security mediation placement

ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Computer security is currently fraught with fine-grained access control policies, in operating systems, applications and even programming languages. All this policy configuration means that too many decisions are left to administrators, developers and even users to some extent and as a result we do not get any comprehensive security guarantees. In this position paper, we take a stand for the idea that less policy is better and propose that limiting the choices given to parties along the development and deployment process leads to a more secure system. We argue that other systems processes like scheduling and memory management achieve their goals with minimal user input and access control configuration should also follow suit. We then suggest a technique to automate access control configuration using graph-cuts and show that this gets us closer to achieving our goal.