A General Mandatory Access Control Framework in Distributed Environments
Authors: Feng Yang, Xuehai Zhou, Dalei Hu
Abstract:
In this paper, we propose a general mandatory access framework for distributed systems. The framework can be applied into multiple operating systems and can handle multiple stakeholders. Despite considerable advancements in the area of mandatory access control, a certain approach to enforcing mandatory access control can only be applied in a specific operating system. Other than PC market in which windows captures the overwhelming shares, there are a number of popular operating systems in the emerging smart phone environment, i.e. Android, Windows mobile, Symbian, RIM. It should be noted that more and more stakeholders are involved in smartphone software, such as devices owners, service providers and application providers. Our framework includes three parts—local decision layer, the middle layer and the remote decision layer. The middle layer takes charge of managing security contexts, OS API, operations and policy combination. The design of the remote decision layer doesn’t depend on certain operating systems because of the middle layer’s existence. We implement the framework in windows, linux and other popular embedded systems.
Keywords: Mandatory Access Control, Distributed System, General Platform.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1088560
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2186References:
[1] L. Lapadula 1996. Secure computer systems: a mathematical model. MITRE Technical Report, Vol I.
[2] L. Lapadula 1996. Secure computer systems: a mathematical model. MITRE Technical Report, Vol II.
[3] K.J. Biba 1977. Integrity Considerations for Secure Computer Systems:
[ESD-TR-76-372]. Electronic Systems Division.
[4] C.E. Landwehr. 1981. Formal Models for Computer Security. ACM Computing Surveys, 13(3).
[5] S.R. Ferraiolo DF, S. Gavrila. 2001. Proposed NIST Standard for Rolebased Access Control. ACM Transactions on Information and System Security.
[6] W.E. Boebert, R. Y. Kain. 1985. A Practical Alternative to Hierarchical Integrity Policies. In Proceedings of the 8PthP National Computer Security Conference.
[7] Symbian Limited. Symbian OS – the mobile operating system. HTUhttp://www.symbian.comUTH, 2006.
[8] W. Enck, M. Ongtang, and P. McDaniel. Automated Cellphone Application Certification in Android. Technical report, Pennsylvania State University, 2008.
[9] A. Herzberg, Y. Mass, J. Michaeli, Y. Ravid, D. Naor. 2000. Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers. In the Proceedings of the 2000 IEEE Symposium on Security and Privacy.
[10] P. Bonatti, S. De Capitani di Vimercati, and P. Samarati. 2002. An Algebra for Composing Access Control Policies. HACM Transactions on Information and System SecurityH.
[11] H. H. Hosmer. 1992. Metapolicies II. In Proceedings of the 15PthP National Computer Security Conference.
[12] V. Rao, T. Jaeger. 2009. Dynamic Mandatory Access Control for Multiple Stakeholders. In the Proceedings of 2009 HSymposium on Access control Models and TechnologiesH.
[13] Rtems HTUhttp://www.rtems.com/UTH.
[14] http://web-b.embedded.ustcsz.edu.cn/projects/PFAC.