Security Enforcement Model for Distributed Usage Control

Recently proposed usage control concept and models extend traditional access control models with features for contemporary distributed computing systems, including continuous access control in dynamic computing environments where subject attributes and system states can be changed. Particularly, this is very useful in specifying security requirements to control the usage of an object after it is released into a distributed environment, which is regarded as one of the fundamental security issues in many distributed systems. However, the enabling technology for usage control is a challenging problem and the space has not been fully explored yet. In this paper we identify the general requirements of a trusted usage control enforcement in heterogeneous computing environments, and then propose a general platform architecture and enforcement mechanism by following these requirements. According to our usage control requirements, we augment the traditional SELinux MAC enforcement mechanism by considering subject/object integrity and environmental information. The result shows that our framework is effective in practice and can be seen as a general solution for usage control in distributed and pervasive computing environments with widely deployed trusted computing technologies on various computing devices.

[1]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[2]  William J. Caelli,et al.  DRM, Trusted Computing and Operating System Architecture , 2005, ACSW.

[3]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[4]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[5]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[6]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[7]  Alexander Pretschner,et al.  On Obligations , 2005, ESORICS.

[8]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[9]  SandhuRavi,et al.  The UCONABC usage control model , 2004 .

[10]  Trent Jaeger,et al.  Attestation-based policy enforcement for remote access , 2004, CCS '04.

[11]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[12]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[13]  Ravi S. Sandhu,et al.  Secure information sharing enabled by Trusted Computing and PEI models , 2006, ASIACCS '06.

[14]  Ravi S. Sandhu Good-Enough Security: Toward a Pragmatic Business-Driven Discipline , 2003, IEEE Internet Comput..

[15]  Amir Herzberg,et al.  Access control meets public key infrastructure, or: assigning roles to strangers , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[16]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[17]  Butler W. Lampson,et al.  31. Paper: Computer Security in the Real World Computer Security in the Real World , 2022 .

[18]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[19]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[20]  James P Anderson Computer Security Technology Planning Study. Volume 2 , 1972 .

[21]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[22]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .