论文信息 - Integrated mandatory access control for digital data

Integrated mandatory access control for digital data

This paper presents an integrated mandatory access control (MAC) framework that incorporates MAC mechanisms at both operating system and application layers for digital data. The framework uses Security-Enhanced Linux (SELinux) as the foundation for MAC at the operating system layer. It uses XACML (eXtensible Access Control Markup Language) as the base mechanism for specifying and embedding information-layer MAC policies. This framework is designed to be general-purpose, flexible, and capable of providing fine-grained access control. This paper also describes a high-level architecture of a prototype being developed for the framework. One targeted application domain for this framework is information sharing and dissemination in a multi-level security environment.

Lisa M. Marvel | Keith Foster | George Hsieh | Gregory Patrick | Gerald Emamali

[1] Crispin Cowan,et al. Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[2] Ernesto Damiani,et al. Securing XML Documents , 2000, EDBT.

[3] Crispin Cowan,et al. Linux Security Module Framework , 2002 .

[4] Peter Loscocco,et al. Meeting Critical Security Objectives with Security-Enhanced Linux , 2001 .

[5] Andreas Matheus,et al. How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[6] Tim Moses,et al. EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[7] Michiharu Kudo,et al. XML document security based on provisional authorization , 2000, CCS.

[8] Ernesto Damiani,et al. Controlling Access to XML Documents , 2001, IEEE Internet Comput..

[9] Chad Hanson. SELinux and MLS : Putting the Pieces Together , 2006 .

[10] Wayne Salamon,et al. Implementing SELinux as a Linux Security Module , 2003 .

[11] Sabrina De Capitani di Vimercati,et al. A fine-grained access control system for XML documents , 2002, TSEC.