A note on the confinement problem
Communications of the ACM
A Chinese wall security model for decentralized workflow systems
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Runtime verification of authorization hook placement for the linux security modules framework
Proceedings of the 9th ACM conference on Computer and communications security
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Using CQUAL for Static Analysis of Authorization Hook Placement
Proceedings of the 11th USENIX Security Symposium
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Consistency analysis of authorization hook placement in the Linux security modules framework
ACM Transactions on Information and System Security (TISSEC)
A Decentralized Treatment of a Highly Distributed Chinese-Wall Policy
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Attestation-based policy enforcement for remote access
Proceedings of the 11th ACM conference on Computer and communications security
A Nitpicker's guide to a minimal-complexity secure GUI
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
PRIMA: policy-reduced integrity measurement architecture
Proceedings of the eleventh ACM symposium on Access control models and technologies
Layering negotiations for flexible attestation
Proceedings of the first ACM workshop on Scalable trusted computing
Shamon: A System for Distributed Mandatory Access Control
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Design of the EROS trusted window system
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Detours: binary interception of Win32 functions
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
Trusted virtual domains: toward secure distributed services
HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Bridging the gap between inter-communication boundary and internal trusted components
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Content oriented virtual domains for secure information sharing across organizations
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Hi-index | 0.00 |
A distributed coalition supports distributed mandatory access controls for resources whose security policies differ for each group of components over nodes, and provides secure information operations and exchanges with nodes that handle information over which conflicts of interest may occur. Many projects have proposed distributed coalitions using a virtual machine monitor, but this approach for strong confinement tends to hinder successful deployments in real world scenarios that involve complicated operations and management for applications because such access control is coarse-grained for the resources. In this paper, we propose a Chinese-Wall Process Confinement (CWPC) for practical application-level distributed coalitions that provide fine-grained access controls for resources and that emphasize minimizing the impact on the usability, using a program-transparent reference monitor. We implemented a prototype system named ALDC for standard office applications on Microsoft Windows that are used on a daily basis for business purposes and that may involve conflicts of interests, evaluated its performance and influence on usability, and show that our approach is practical.