论文信息 - A Lightweight Type Enforcement Access Control Approach with Role Based Authorization

A Lightweight Type Enforcement Access Control Approach with Role Based Authorization

Type Enforcement (TE) and Role-Based Access Control (RBAC) are both applied widely in operating system security. Addressing the complexity of security configuration caused by the combination of TE and RBAC, this paper proposes a TE access control model featuring loose-coupled role authorization, named as RS-TEAC. In the model, the role-relevant subject domain transition is exploited to enable subjects with different roles entering their corresponding security domain. Hence the access control based on role authorization is achieved. The RS-TEAC model is implemented in Linux, and its effectiveness and performance are tested through a series of applications and experiments.

[1] Daniel F. Sterne,et al. A Domain and Type Enforcement UNIX Prototype , 1995, Comput. Syst..

[2] Peter Loscocco,et al. Meeting Critical Security Objectives with Security-Enhanced Linux , 2001 .

[3] Stephen Smalley,et al. Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[4] Zhao Qing-song. Research and Implementation of Role-Based Domain and Type Enforcement Access Control Model , 2003 .

[5] Trent Jaeger,et al. Analyzing Integrity Protection in the SELinux Example Policy , 2003, USENIX Security Symposium.

[6] Trent Jaeger,et al. Policy management using access control spaces , 2003, TSEC.

[7] Luigi V. Mancini,et al. Towards a formal model for security policies specification and validation in the selinux system , 2004, SACMAT '04.

[8] Joshua D. Guttman,et al. Verifying information flow goals in Security-Enhanced Linux , 2005, J. Comput. Secur..

[9] Qing Si. An Approach to Enforcing Clark-Wilson Model Based on Type Enforcement , 2008 .

[10] Yang Zhang,et al. A Information-Flow-Based Verification Solution with Security Sensitivity to Check Security Policy of SELinux: A Information-Flow-Based Verification Solution with Security Sensitivity to Check Security Policy of SELinux , 2009 .

[11] Zhang Yang. A Information-Flow-Based Verification Solution with Security Sensitivity to Check Security Policy of SELinux , 2009 .