From a Generic Framework for Expressing Integrity Properties to a Dynamic mac Enforcement for Operating Systems

Protection deals with the enforcement of integrity and confidentiality. Integrity violations often lead to confidentiality vulnerabilities. This paper proposes a novel approach of Mandatory Access Control enforcement for guaranteeing a large range of integrity properties. In the literature, many integrity models are proposed such as the Biba model, data integrity, subject integrity, domain integrity and Trusted Path Execution. There can be numerous integrity models. In practice, an administrator needs to combine various integrity models. The major limitations of existing solutions deal first with the support of indirect activities aiming at violating integrity and second with the impossibility to extend existing models or even define new ones. This paper proposes a novel framework for expressing integrity requirements associated with direct or indirect activities, mostly in terms of information flows. It presents a formalization for the major integrity properties of the literature. The formalization of the required security is efficient and a straightforward enforcement is proposed. In contrast with our previous work, an information flow graph provides a dynamic analysis of the requested properties. The paper also provides a MAC implementation that enforces every integrity property supported by our formalization. Thus, a system call fails if it could violate the required security properties. A large scale experiment on high interaction honeypots shows the relevance, robustness and efficiency of our approach. This experimentation sets up two kinds of hosts. Hosts with our solution in IDS mode detect the violation of the requested properties. That IDS allows us to verify the completeness of our MAC protection. Hosts with our MAC protection guarantee all the required properties.

[1]  George M. Mohay,et al.  Kernel and shell based applications integrity assurance , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[2]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[3]  Xuxian Jiang,et al.  Towards a VMM-based usage control framework for OS kernel integrity protection , 2007, SACMAT '07.

[4]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[5]  Yufang Sun,et al.  Enforcing mandatory integrity protection in operating system , 2001, Proceedings 2001 International Conference on Computer Networks and Mobile Computing.

[6]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[7]  Jérémy Briffaut,et al.  Formalization of Security Properties: Enforcement for MAC Operating Systems and Verification of Dynamic MAC Policies , 2009 .

[8]  Jonathan Rouzaud-Cornabas,et al.  A new approach to enforce the security properties of a clustered high-interaction honeypot , 2009, 2009 International Conference on High Performance Computing & Simulation.

[9]  Patrice Clemente,et al.  An Information Flow Approach for Preventing Race Conditions: Dynamic Protection of the Linux OS , 2010, 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies.

[10]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[11]  Susan Hansche,et al.  Committee on National Security Systems , 2005 .

[12]  Hong Chen,et al.  Usable Mandatory Integrity Protection for Operating Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[13]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[14]  Carl Staelin,et al.  lmbench: Portable Tools for Performance Analysis , 1996, USENIX Annual Technical Conference.

[15]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[16]  James P. Titus,et al.  Security and Privacy , 1967, 2022 IEEE Future Networks World Forum (FNWF).

[17]  Mike Hibler,et al.  The Flask Security Architecture: System Support for Diverse Security Policies , 1999, USENIX Security Symposium.

[18]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[19]  Pietro Iglio TrustedBox: a kernel-level integrity checker , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[20]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[21]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[22]  Yoshiyasu Takefuji,et al.  A Real-time Integrity Monitor for Xen Virtual Machine , 2006, International conference on Networking and Services (ICNS'06).

[23]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[24]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[25]  T. Redmond,et al.  Noninterference and intrusion detection , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[26]  Niki A. Rahimi Trusted Path Execution for the Linux 2.6 Kernel as a Linux Security Module , 2004, USENIX Annual Technical Conference, FREENIX Track.

[27]  Arnab Ray,et al.  Preventing race condition attacks on file-systems , 2005, SAC '05.

[28]  Eddie Kohler,et al.  Manageable fine-grained information flow , 2008, Eurosys '08.

[29]  Simon R. Wiseman,et al.  A 'new' security policy model , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[30]  Theodore M. P. Lee,et al.  Using mandatory integrity to enforce 'commercial' security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[31]  Hong Chen,et al.  Trojan horse resistant discretionary access control , 2009, SACMAT '09.

[32]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .