Applying a usage control model in an operating system kernel

Authors:
Rafael Teigão;Carlos Maziero;Altair Santin
Affiliations:
Graduate Program in Computer Science, Pontifical Catholic University of Paraná State, Rua Imaculada Conceição 1155, 80.215-901 Curitiba, PR, Brazil;Graduate Program in Computer Science, Pontifical Catholic University of Paraná State, Rua Imaculada Conceição 1155, 80.215-901 Curitiba, PR, Brazil;Graduate Program in Computer Science, Pontifical Catholic University of Paraná State, Rua Imaculada Conceição 1155, 80.215-901 Curitiba, PR, Brazil
Venue:
Journal of Network and Computer Applications
Year:
2011

Citing 14
Cited 1

The NIST model for role-based access control: towards a unified standard

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Efficient Computation of LALR(1) Look-Ahead Sets

ACM Transactions on Programming Languages and Systems (TOPLAS)
Integrating Flexible Support for Security Policies into the Linux Operating System

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Authorization in Distributed Systems: A Formal Approach

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
A logical specification for usage control

Proceedings of the ninth ACM symposium on Access control models and technologies
Modular authorization and administration

ACM Transactions on Information and System Security (TISSEC)
Formal model and policy specification of usage control

ACM Transactions on Information and System Security (TISSEC)
Towards a VMM-based usage control framework for OS kernel integrity protection

Proceedings of the 12th ACM symposium on Access control models and technologies
Mechanisms for usage control

Proceedings of the 2008 ACM symposium on Information, computer and communications security
Security Enforcement Model for Distributed Usage Control

SUTC '08 Proceedings of the 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008)
A general obligation model and continuity: enhanced policy enforcement engine for usage control

Proceedings of the 13th ACM symposium on Access control models and technologies
Access control: principle and practice

IEEE Communications Magazine
A policy language for distributed usage control

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Distributed goal-oriented computing

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

Operating systems traditionally use access control mechanisms to manage access to system resources like files, network connections, and memory areas. However, classic access control models are not suitable for regulating access to the diversity of ways data is available and used today. Modern usage control models go beyond traditional access control, addressing its limitations related to attribute mutability and continuous usage permission validation. The recently proposed UCON"A"B"C model establishes a predicate-based framework to satisfy the new access/usage control needs in computing systems. This paper defines a usage control model based on UCON"A"B"C and describes a framework to implement it in an operating system kernel, on top of the existing DAC mechanism. A language for representing usage control entities and rules is also proposed, and some typical access/usage control scenarios are represented using it, to show its usefulness. Finally, a prototype of the proposed framework was built in an operating system kernel, to control the usage of local files. The prototype evaluation shows that the proposed model is feasible, straightforward, and may serve as a basis for more complex usage control frameworks.