A rule-set approach to formal modeling of a trusted computer system
Computing Systems
Role-Based Access Control Models
Computer
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
Operating system enhancements to prevent the misuse of system calls
Proceedings of the 7th ACM conference on Computer and communications security
Think: A Software Framework for Component-based Operating System Kernels
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Secure Applications Need Flexible Operating Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Protection in flexible operating system architectures
ACM SIGOPS Operating Systems Review
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Confining root programs with domain and type enforcement (DTE)
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
| Hi-index | 0.00 |
As the fundamental software to guarantee information security, operating system is desired to support various security policies flexibly and to control the propagation and revocation of access rights efficiently. This paper presents a design and implementation of Policy Flexible Architecture (PFA) for secure operating system to achieve the coordination, extensibility, consistency and dynamic configuration of security policies. Through a thorough analysis of all related facilities, PFA classifies policy constructions into several levels according to their effects on security status; PFA emphasizes on centralized management of security policy as well as on centralized maintainability of security attributes; for the first time PFA gives revocation rules to specify how and when to revoke permissions. PFA has been applied to our Secure Enhanced Linux Operating System, and the experiment shows that the system holds at least three advantages. First, it helps users to choose intended security policies flexibly. Besides it supports users to add new security policies according to specific security requirements easily. Finally it sets permission revocations immediately and gets no significant performance penalty.