State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition

Usage control generalizes access control to what happens to data in the future. We contribute to the enforcement of usage control requirements at the level of system calls by also taking into account data flow: Restrictions on the dissemination of data, for instance, as stipulated by data protection regulations, of course relate not to just one file containing the data, but likely to all copies of that file as well. In order to enforce the dissemination restrictions on all copies of the sensitive data item, we introduce a data flow model that tracks how the content of a file flows through the system (files, network sockets, main memory). By using this model, the existence of potential copies of the data is reflected in the state of the data flow model. This allows us to enforce the dissemination restrictions by relating to the state rather than all sequences of events that possibly yield copies. Generalizing this idea, we describe how usage control policies can be expressed in a related state-based manner. Finally, we present an implementation of the data flow model and state-based policy enforcement as well as first encouraging performance measurements.

[1]  Xuxian Jiang,et al.  Provenance-Aware Tracing ofWorm Break-in and Contaminations: A Process Coloring Approach , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[2]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[3]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[4]  Ninghui Li,et al.  PRECIP: Towards Practical and Retrofittable Confidential Information Protection , 2008, NDSS.

[5]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[6]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[7]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[8]  R. Sandhu,et al.  The UCON ABC Usage Control Model JAEHONG , 2004 .

[9]  Stephen McCamant,et al.  Quantitative information flow as network flow capacity , 2008, PLDI '08.

[10]  Christian Schaefer,et al.  A Policy Language for Distributed Usage Control , 2007, ESORICS.

[11]  Alexander Pretschner,et al.  On Obligations , 2005, ESORICS.

[12]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[13]  Hao Chen,et al.  Back to the Future: A Framework for Automatic Malware Removal and System Repair , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).