Compatible and Usable Mandatory Access Control for Good-enough OS Security

OS compromise is one of the most serious computer security problems today, but still not being resolved. Although people proposed different kinds of methods, they could not be accepted by most users who are non-expert due to the lack of compatibility and usability. In this paper, we introduce a kind of new mandatory access control model, named CUMAC, that aims to achieve good-enough security, high compatibility and usability. It has two novel features. One is access control based on tracing potential intrusion that can reduce false negatives and facilitate security configuration, in order to improve both compatibility and usability; the other is automatically figuring out all of the compatibility exceptions that usually incurs incompatible problems. The experiments performed on the prototype show that CUMAC can defense attacks from network, mobile disk and local untrustable users while keeping good compatibility and usability.

[1]  Eyal de Lara,et al.  The taser intrusion recovery system , 2005, SOSP '05.

[2]  Meng Xiaofeng Access control model for enhancing survivability , 2008 .

[3]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[4]  Hui Liu,et al.  Automatic detection of integer sign vulnerabilities , 2008, 2008 International Conference on Information and Automation.

[5]  Tzi-cker Chiueh,et al.  Tracer: enforcing mandatory access control in commodity OS with the support of light-weight intrusion detection and tracing , 2011, ASIACCS '11.

[6]  Shan Zhiyong and Shi Wenchang STBAC: A New Access Control Model for Operating System , 2008 .

[7]  Samuel T. King,et al.  Backtracking intrusions , 2003, SOSP '03.

[8]  Timothy Fraser,et al.  LOMAC: MAC You Can Live With , 2001, USENIX Annual Technical Conference, FREENIX Track.

[9]  Xiao Li,et al.  Operating system mechanisms for TPM-based lifetime measurement of process integrity , 2009, 2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems.

[10]  Tzi-cker Chiueh,et al.  Design, implementation, and evaluation of repairable file service , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[11]  Shan Zhi A Study of Extending Generalized Framework for Access Control , 2003 .

[12]  Yang Yu,et al.  Confining windows inter-process communications for OS-level virtual machine , 2009, VDTS '09.

[13]  Virgil D. Gligor,et al.  On the Design and the Implementation of Secure Xenix Workstations , 1986, 1986 IEEE Symposium on Security and Privacy.

[14]  Shan Zhi A Study of Generalized Environment-Adaptable Multi-Policies Supporting Framework , 2003 .

[15]  Xiaofeng Meng,et al.  Safe side effects commitment for OS-level virtualization , 2011, ICAC '11.

[16]  Timothy Fraser,et al.  LOMAC: Low Water-Mark integrity protection for COTS environments , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[17]  Louise E. Moser,et al.  Design and implementation of a consistent time service for fault-tolerant distributed systems , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[18]  Shi Wen DESIGN AND IMPLEMENTATION OF SECURE LINUX KERNEL SECURITY FUNCTIONS , 2001 .

[19]  Shan Zhiyong Research on Framework for Multi-policy , 2007 .

[20]  Shan Zhi-yong Design of an Architecture for Process Runtime Integrity Measurement , 2009 .

[21]  Shan Zhi A STUDY OF SECURITY ATTRIBUTES IMMEDIATE REVOCATION IN SECURE OS , 2002 .

[22]  Daniel F. Sterne,et al.  A Domain and Type Enforcement UNIX Prototype , 1995, Comput. Syst..

[23]  Xiaofeng Meng,et al.  An OS Security Protection Model for Defeating Attacks from Network , 2007, ICISS.

[24]  Tzi-cker Chiueh,et al.  Virtualizing system and ordinary services in Windows-based OS-level virtual machines , 2011, SAC '11.

[25]  Ravi S. Sandhu Good-Enough Security: Toward a Pragmatic Business-Driven Discipline , 2003, IEEE Internet Comput..

[26]  Shan Zhi An Operating System Oriented RBAC Model and Its Implementation , 2004 .

[27]  Hong Chen,et al.  Usable Mandatory Integrity Protection for Operating Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).