Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
A role-based access control model for protection domain derivation and management
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Requirements of role-based access control for collaborative systems
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Defending against denial of service attacks in Scout
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Security architecture for component-based operating systems
Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications
Operating system enhancements to prevent the misuse of system calls
Proceedings of the 7th ACM conference on Computer and communications security
Separating access control policy, enforcement, and functionality in extensible systems
ACM Transactions on Computer Systems (TOCS)
Access control in configurable systems
Secure Internet programming
Providing policy-neutral and transparent access control in extensible systems
Secure Internet programming
Secure virtual enclaves: Supporting coalition use of distributed application technologies
ACM Transactions on Information and System Security (TISSEC)
Managing access control policies using access control spaces
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
An access control language for web services
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Collective Value of QoS: A Performance Measure Framework for Distributed Heterogeneous Networks
IPDPS '01 Proceedings of the 15th International Parallel & Distributed Processing Symposium
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
Verified formal security models for multiapplicative smart cards
Journal of Computer Security - Special issue on ESORICS 2000
Software Security for Open-Source Systems
IEEE Security and Privacy
A comparison between ConSA and current Linux security implementations
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
A protection scheme for collaborative environments
Proceedings of the 2003 ACM symposium on Applied computing
Towards a formal model for security policies specification and validation in the selinux system
Proceedings of the ninth ACM symposium on Access control models and technologies
SubDomain: Parsimonious Server Security
LISA '00 Proceedings of the 14th USENIX conference on System administration
Tools to Administer Domain and Type Enforcement
LISA '01 Proceedings of the 15th USENIX conference on System administration
Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
DRM, trusted computing and operating system architecture
ACSW Frontiers '05 Proceedings of the 2005 Australasian workshop on Grid computing and e-research - Volume 44
Enforcing well-formed and partially-formed transactions for Unix
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Building systems that flexibly control downloaded executable context
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
A domain and type enforcement UNIX prototype
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Reusability of Functionality-Based Application Confinement Policy Abstractions
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Model-Driven Configuration of SELinux Policies
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Evaluating confidence in context for context-aware security
AmI'07 Proceedings of the 2007 European conference on Ambient intelligence
An OS security protection model for defeating attacks from network
ICISS'07 Proceedings of the 3rd international conference on Information systems security
An integrated model for access control and information flow requirements
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Security model for resource availability—Subject and object type enforcement
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Group-centric models for secure and agile information sharing
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
A QoS performance measure framework for distributed heterogeneous networks
EURO-PDP'00 Proceedings of the 8th Euromicro conference on Parallel and distributed processing
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
SecGuard: secure and practical integrity protection model for operating systems
APWeb'11 Proceedings of the 13th Asia-Pacific web conference on Web technologies and applications
Relationship-based access control policies and their policy languages
Proceedings of the 16th ACM symposium on Access control models and technologies
ACM Transactions on Information and System Security (TISSEC)
Group-Centric Secure Information-Sharing Models for Isolated Groups
ACM Transactions on Information and System Security (TISSEC)
Combining Discretionary Policy with Mandatory Information Flow in Operating Systems
ACM Transactions on Information and System Security (TISSEC)
Research on multistage interconnection architecture and collision detection model
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Verifying system integrity by proxy
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
DTEvisual: a visualization system for teaching access control using Domain Type Enforcement
Journal of Computing Sciences in Colleges
Situation-based policy enforcement
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
A decade of OS access-control extensibility
Communications of the ACM
A Decade of OS Access-control Extensibility
Queue - Web Development
Formal verification of security properties in trust management policy
Journal of Computer Security
| Hi-index | 0.02 |
Abstract: Type enforcement is a table-oriented mandatory access control mechanism well-suited for confining applications and restricting information flows. Although both flexible and strong, type enforcement alone imposes significant administrative costs and has not been widely adopted. Domain and Type Enforcement (DTE) is an enhanced version of type enforcement designed to provide needed simplicity and compatibility. Two primary techniques distinguish DTE from simple type enforcement: DTE policies are expressed in a high-level language that includes file security attribute associations as well as other access control information; and during system execution, DTE file security attributes are maintained using a concise human-readable format in a runtime DTE policy database, thus removing the need for security-specific low-level data formats. Such formats are a major source of incompatibility for security-enhanced systems. A DTE UNIX prototype system has been implemented to evaluate these primary DTE concepts. This paper presents experiences gained and preliminary results indicating that DTE can provide cost effective security increases to UNIX systems while maintaining a high degree of compatibility with existing programs and media.