Usage control platformization via trustworthy SELinux

Continuous access control after an object is released into a distributed environment has been regarded as the usage control problem and has been investigated by different researchers in various papers. However, the enabling technology for usage control is a challenging problem and the space has not been fully explored yet. In this paper we identify the general requirements of a trusted usage control enforcement in heterogeneous computing environments, and also propose a general platform architecture to meet these requirements.

[1]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[2]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[3]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[4]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[5]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[6]  Amir Herzberg,et al.  Access control meets public key infrastructure, or: assigning roles to strangers , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[7]  Ravi S. Sandhu,et al.  Secure information sharing enabled by Trusted Computing and PEI models , 2006, ASIACCS '06.

[8]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[9]  Benedict G. E. Wiedemann Protection? , 1998, Science.

[10]  SandhuRavi,et al.  The UCONABC usage control model , 2004 .

[11]  Alexander Pretschner,et al.  On Obligations , 2005, ESORICS.

[12]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[13]  Butler W. Lampson,et al.  31. Paper: Computer Security in the Real World Computer Security in the Real World , 2022 .

[14]  Ravi S. Sandhu Good-Enough Security: Toward a Pragmatic Business-Driven Discipline , 2003, IEEE Internet Comput..

[15]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[16]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.