Implementing RBAC model in An Operating System Kernel

In this paper, the implementation of an operating system oriented RBAC model is discussed. Firstly, on the basis of RBAC96 model, a new RBAC model named OSR is presented. Secondly, the OSR model is enforced in RFSOS kernel by the way of integrating GFAC method and Capability mechanism together. All parts of the OSR implementation are described in detail.

[1]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[2]  Trent Jaeger,et al.  A role-based access control model for protection domain derivation and management , 1997, RBAC '97.

[3]  Shan Zhi A Study of Extending Generalized Framework for Access Control , 2003 .

[4]  Butler W. Lampson,et al.  Dynamic protection structures , 1899, AFIPS '69 (Fall).

[5]  Shan Zhiyong Research on Framework for Multi-policy , 2007 .

[6]  Shan Zhi An Operating System Oriented RBAC Model and Its Implementation , 2004 .

[7]  Tzi-cker Chiueh,et al.  Malware Clearance for Secure Commitment of OS-Level Virtual Machines , 2013, IEEE Transactions on Dependable and Secure Computing.

[8]  Bin Liao,et al.  Design and Implementation of A Network Security Management System , 2016, ArXiv.

[9]  Tzi-cker Chiueh,et al.  Shuttle: Facilitating Inter-Application Interactions for OS-Level Virtualization , 2014, IEEE Trans. Computers.

[10]  Yang Yu,et al.  Confining windows inter-process communications for OS-level virtual machine , 2009, VDTS '09.

[11]  Zhiyong Shan,et al.  Compatible and Usable Mandatory Access Control for Good-enough OS Security , 2009, 2009 Second International Symposium on Electronic Commerce and Security.

[12]  Shan Zhi A STUDY OF SECURITY ATTRIBUTES IMMEDIATE REVOCATION IN SECURE OS , 2002 .

[13]  S. Jajodia,et al.  Information Security: An Integrated Collection of Essays , 1994 .

[14]  Zhiyong Shan,et al.  A Study on Altering PostgreSQL from Multi-Processes Structure to Multi-Threads Structure , 2016, ArXiv.

[15]  Don J. Torrieri,et al.  Proactive restart as cyber maneuver for Android , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[16]  Shan Zhi-yong Design of an Architecture for Process Runtime Integrity Measurement , 2009 .

[17]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[18]  Shan Zhi A Study of Generalized Environment-Adaptable Multi-Policies Supporting Framework , 2003 .

[19]  Shi Wen DESIGN AND IMPLEMENTATION OF SECURE LINUX KERNEL SECURITY FUNCTIONS , 2001 .

[20]  Xin Wang,et al.  Growing Grapes in Your Computer to Defend Against Malware , 2014, IEEE Transactions on Information Forensics and Security.

[21]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[22]  Xiao Li,et al.  Operating system mechanisms for TPM-based lifetime measurement of process integrity , 2009, 2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems.

[23]  Ravi S. Sandhu Future Directions in Role-Based Access Control Models , 2001, MMM-ACNS.

[24]  Xiaofeng Meng,et al.  An OS Security Protection Model for Defeating Attacks from Network , 2007, ICISS.

[25]  Tzi-cker Chiueh,et al.  Virtualizing system and ordinary services in Windows-based OS-level virtual machines , 2011, SAC '11.

[26]  Soyeon Park,et al.  FTXen: Making hypervisor resilient to hardware faults on relaxed cores , 2015, 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA).

[27]  T. Greenhalgh 42 , 2002, BMJ : British Medical Journal.

[28]  Tzi-cker Chiueh,et al.  Tracer: enforcing mandatory access control in commodity OS with the support of light-weight intrusion detection and tracing , 2011, ASIACCS '11.

[29]  Iulian Neamtiu,et al.  Finding resume and restart errors in Android applications , 2016, OOPSLA.

[30]  Tzi-cker Chiueh,et al.  Enforcing Mandatory Access Control in Commodity OS to Disable Malware , 2012, IEEE Transactions on Dependable and Secure Computing.

[31]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[32]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[33]  Zhiyong Shan,et al.  Suspicious-Taint-Based Access Control for Protecting OS from Network Attacks , 2016, International Journal of Engineering in Computer Science.

[34]  Xiaofeng Meng,et al.  Safe side effects commitment for OS-level virtualization , 2011, ICAC '11.

[35]  Shan Zhiyong and Shi Wenchang STBAC: A New Access Control Model for Operating System , 2008 .

[36]  J. Hoffman Implementing RBAC on a type enforced system , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[37]  Hui Liu,et al.  Automatic detection of integer sign vulnerabilities , 2008, 2008 International Conference on Information and Automation.

[38]  Xin Wang,et al.  Duplication of Windows Services , 2016, ArXiv.

[39]  Glenn Faden RBAC in UNIX administration , 1999, RBAC '99.

[40]  David F. Ferraiolo An argument for the role-based access control model , 2001, SACMAT '01.

[41]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[42]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[43]  Edward A. Feustel,et al.  The DGSA: unmet information security challenges for operating system designers , 1998, OPSR.

[44]  Meng Xiaofeng Access control model for enhancing survivability , 2008 .