A Pluggable Domain Management Approach for Building Practical Distributed Coalitions

Recently, much attention has been paid to research on distributed coalitions, as a possible mechanism to embody distributed information flow control which can apply security policies to distributed components over nodes by making the components enforce mandatory access controls for resources based on the policies. Some projects have proposed prototype systems of distributed coalitions, but they assume that each component that participates in a domain has domain management functions. This assumption is reasonable when the components are designed for a distributed coalition, but it has been an obstacle when actually building distributed coalitions in existing environments, because it is difficult for existing components in real environments that were not designed for use in distributed coalitions to update their code and add support for domain management functions while considering the influences of their environments, especially for commercial components.In this paper, we propose a Domain Management Agent (DMA) for building practical distributed coalitions, which performs domain management on behalf of a component and emphasizes minimizing the influence on existing environments. We implement a prototype system on Microsoft Windows platform for broad use by many people, evaluate its performance overhead, and show that our approach is feasible.

[1]  Yoshiyasu Takefuji,et al.  Centralized Security Policy Support for Virtual Machine , 2006, LISA.

[2]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[3]  Trent Jaeger,et al.  Establishing and Sustaining System Integrity via Root of Trust Installation , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[4]  Chris Vance,et al.  The TrustedBSD MAC Framework: Extensible Kernel Access Control for FreeBSD 5.0 , 2003, USENIX Annual Technical Conference, FREENIX Track.

[5]  Galen C. Hunt,et al.  Intercepting and Instrumenting COM Applications , 1999, COOTS.

[6]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[7]  Trent Jaeger,et al.  Consistency analysis of authorization hook placement in the Linux security modules framework , 2004, TSEC.

[8]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[9]  Trent Jaeger,et al.  Runtime verification of authorization hook placement for the linux security modules framework , 2002, CCS '02.

[10]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[11]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[12]  Ahmad-Reza Sadeghi,et al.  Towards Multilateral-Secure DRM Platforms , 2005, ISPEC.

[13]  Seiji Munetoh,et al.  Integrity Management Infrastructure for Trusted Computing , 2008, IEICE Trans. Inf. Syst..

[14]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[15]  Naftaly H. Minsky,et al.  Flexible Regulation of Distributed Coalitions , 2003, ESORICS.

[16]  Walter Oney,et al.  Programming the Microsoft Windows Driver Model , 1999 .

[17]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[18]  Vijayalakshmi Atluri,et al.  Using semantics for automatic enforcement of access control policies among dynamic coalitions , 2007, SACMAT '07.

[19]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[20]  Stefan Berger,et al.  TVDc: managing security in the trusted virtual datacenter , 2008, OPSR.

[21]  Stefan Berger,et al.  Building a MAC-based security architecture for the Xen open-source hypervisor , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[22]  Galen C. Hunt,et al.  Detours: binary interception of Win32 functions , 1999 .

[23]  Steve Vandebogart,et al.  Labels and event processes in the Asbestos operating system , 2005, TOCS.

[24]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[25]  Trent Jaeger,et al.  Using CQUAL for Static Analysis of Authorization Hook Placement , 2002, USENIX Security Symposium.

[26]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].