A Feather-Weight Application Isolation Model

In this paper, we introduce a new application isolation model which bases on Least-Privilege principle and Need-to-Know principle. Since this model is easy to implement, we call it the Feather-weight Application Isolation (FAI) model. This model is used to achieve the Process Permission Constraint (PPC) and classified Object Access Control (OAC). The model allows us to make application isolation depending on PPC policies and OAC policies. Compared with the existing complex isolation models such as sandboxes and virtual machines, the FAI model is simpler, and therefore it does not only meet the necessary security requirements but also increases the usability. To isolate applications and prevent classified objects of the applications from being illegally tampered, the FAI model extends the traditional two-dimensional access control matrix to a three-dimensional access control matrix, which includes subjects, objects and processes. In order to support multi-level security and Mandatory Access Control (MAC), the concept of processes sensitivity level ranges is considered in the model. In this article, we first give an informal description of the model, and then introduce the formalized description and safety analysis. Finally we explain the feasibility of the model by showing the result of the engineering implementation.

[1]  B. D. GOLD,et al.  A security retrofit of VM/370 , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[2]  Renato J. O. Figueiredo,et al.  A case for grid computing on virtual machines , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[3]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Lance J. Hoffman,et al.  Smoking out the bad actors: Risk analysis in the age of the microcomputer , 1989, Comput. Secur..

[5]  Peter J. Denning,et al.  On the Derivation of Lattice Structured Information Flow Policies , 1976 .

[6]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[7]  Hemma Prafullchandra,et al.  Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 , 1997, USENIX Symposium on Internet Technologies and Systems.

[8]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[9]  Ashvin Goel,et al.  Application-level isolation and recovery with solitude , 2008, Eurosys '08.

[10]  Colin O'Halloran,et al.  A Calculus of Information Flow , 1990, ESORICS.

[11]  Peter J. Denning,et al.  Fault Tolerant Operating Systems , 1976, CSUR.

[12]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[13]  Fred Cohen,et al.  Computational aspects of computer viruses , 1989, Comput. Secur..

[14]  James A. Whittaker Why Secure Applications are Difficult to Write , 2003, IEEE Secur. Priv..

[15]  Ian Goldberg,et al.  A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[16]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[17]  Mary Campione,et al.  The Java Tutorial Continued: The Rest of the JDK , 1998 .