Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 30135
BTG-BIBA: A Flexibility-Enhanced Biba Model Using BTG Strategies for Operating System

Authors: Gang Liu, Can Wang, Runnan Zhang, Quan Wang, Huimin Song, Shaomin Ji

Abstract:

Biba model can protect information integrity but might deny various non-malicious access requests of the subjects, thereby decreasing the availability in the system. Therefore, a mechanism that allows exceptional access control is needed. Break the Glass (BTG) strategies refer an efficient means for extending the access rights of users in exceptional cases. These strategies help to prevent a system from stagnation. An approach is presented in this work for integrating Break the Glass strategies into the Biba model. This research proposes a model, BTG-Biba, which provides both an original Biba model used in normal situations and a mechanism used in emergency situations. The proposed model is context aware, can implement a fine-grained type of access control and primarily solves cross-domain access problems. Finally, the flexibility and availability improvement with the use of the proposed model is illustrated.

Keywords: Biba model, break the glass, context, cross-domain, fine-grained.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1131083

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 533

References:


[1] Tu, Shan Shan and Niu, Shao Zhang and Li, Hui, ”A fine-grained access control and revocation scheme on clouds,” J. Concurrency and Computation: Practice and Experience, vol. 28, no. 6, pp. 2381-2395, 2016, doi: 10.1002/cpe.2956.
[2] D. Elliott Bell and Leonard J. LaPadula, et al., ”Secure Computer Systems: Mathematical Foundations,” MITRE Technical Report MTR-2547, Secure Computer Systems Mathematical Foundations, vol. 1, Mar. 1973.
[3] K. Biba, ”Integrity Considerations for Secure Computer Systems,” Technical Report MTR-3153, MITRE Corporation, Bedford, MA, Apr. 1977.
[4] Chun-Yang Yuan and Chen-Lei Deng, ”Enforcement of Clark-Wilson Model in Combination of RBAC and TE Models,” J. the Graduate School of the Chinese Acad, vol. 24, no. 4, pp. 538-546, Jul. 2010.
[5] Zhou L, Varadharajan V, Hitchens M, ”Trust Enhanced Cryptographic Role-Based Access Control for Secure Cloud Data Storage,” J. Information Forensics & Security IEEE Transactions on, vol. 10, no. 11, pp. 2381-2395, 2015, doi: 10.1109/TIFS.2015.2455952.
[6] Xu D., Kent M., Thomas L., et al. ”Automated Model-Based Testing of Role-Based Access Control Using Predicate/Transition Nets,” J. IEEE Transactions on Computers, vol. 64, no. 9, pp. 2490-2505, Sep. 1 2015, doi: 10.1109/TC.2014.2375189.
[7] Bishop M., ”Computer Security: Art and Science,” Boston: Addison Wesley, pp. 3-6, 2003.
[8] EI Hassani A. A., EI Kalam A. A., Bouhoula A., et al., ”Integrity-OrBAC: A New Model to Preserve Critical Infrastructures Integrity,” J. International Journal of Information Security, vol. 14, no. 4, pp. 367-385, Aug. 2014, doi: 10.1007/s10207-014-0254-9.
[9] Garnaut P., Thompson J., ”Review of Data Integrity Models in Multi-Level Security Environments,” Technical Report DSTO-TN-0971, Defence Science And Technology Organisation Edinburgh Command Control Communications And Intelligence Div, Australia, Feb. 2012.
[10] Alexander P, Pike L, Loscocco P, et al., ”Model Checking Distributed Mandatory Access Control Policies,” J. Acm Transactions on Information & System Security, vol. 18, no. 6, pp. 1-25, Dec. 2015, doi: 10.1145/2785966.
[11] Watson, R.N.M.Feldman, B., Migus, A. and Vance,C. Design and implementation of the TrustedBSD MAC Framework. Proc. the Third DARPA Information Survivability Conference and Exhibition, Washington,DC: IEEE, pp. 38-49. Apr. 2003, doi:10.1109/DISCEX.2003.1194871.
[12] Wright, C., Cowan, C., Morris, J., Smalley, S. and Kroah-Hartman, G., Linux security modules: General security support for the Linux kernel. Proc. the 11th Usenix Security Symposium, Berkeley, CA: Usenix Association, pp. 17-31, Dec. 2002, doi: 10.1109/FITS.2003.1264934.
[13] Robert N.M. Wats on. ”A Decade of OS Access-control Extensibility.” J. Communications of the Acm,vol. 56, no. 2, pp. 52-63, Feb. 2013, doi:10.1145/2408776.2408792.
[14] Zhang X., Sun Y., ”Dynamic Enforcement of the Strict Integrity Policy in Biba’s Model,” J. Jisuanji Yanjiu yu Fazhan(Comput. Res. Dev.), vol. 42, no. 5, pp. 746-754, Apr. 2005.
[15] JUN ZHANG, LI-JUN YUN, ZHENG ZHOU, ”Research of BLP and Biba Dynamic Union Model Based on Check Domain,” Proc. the Seventh International Conference on Machine Learning and Cybernetics, Kunming: IEEE, pp. 3679-3683, Jul. 2008, doi:10.1109/ICMLC.2008.4621044.
[16] Mingxi Zhang, ”Strict Integrity Policy of Biba Model with Dynamic Characteristics and Its Correctness,” Proc. International Conference on Computational Intelligence and Security(CIS ’09), Beijing: IEEE, pp. 521-525, Dec. 2009, doi:10.1109/CIS.2009.58.
[17] Oleshchuk V., ”Trust-enhanced Data Integrity Model,” Proc. IEEE 1st International Symposium on Wireless Systems (IDAACS-SWS), Offenburg: IEEE, pp. 109-112, Sep. 2012, doi:10.1109/IDAACS-SWS.2012.6377645.
[18] Liu G., Zhang J., Liu J., et al., ”Improved Biba Model Based on Trusted Computing,” J. Security and Communication Networks, vol. 8, no. 16, pp. 2793-2797, Apr. 2015, doi:10.1002/sec.1201.
[19] A. Ferreira, D. Chadwick, P. Farinha, R. Correia, G. Zao, R. Chilro, and L. Antunes, ”How to Securely Break into RBAC: The btg-rbac model,” Proc. Computer Security Applications Conference, Annual(ACSAC), Honolulu, Hawaii: IEEE Computer Society, pp. 23-31. Dec. 2009, doi:10.1109/ACSAC.2009.12.
[20] Rissanen E., Firozabadi S., Sergot M., ”Towards a Mechanism for Discretionary Overriding of Access Control,” 12th International Workshop, Bruce Christianson, Bruno Crispo, James A. Malcolm, Michael Roe, eds., Cambridge, UK: Springer Berlin Heidelberg, pp. 312-319. 2006, doi:10.1007/11861386 38.
[21] Achim D. Brucker, Helmut Petritsch, ”Extending Access Control Models with Break-glass,”Proc. the 14th ACM symposium on Access Control Models and Technologies(SACMAT’09), NY, USA: ACM New York, pp. 197-206, 2009, doi:10.1145/1542207.1542239.
[22] ”Break-glass: An Approach to Granting Emergency Access to Healthcare Systems,” White paper, Joint NEMA/COCIR/JIRA Security and Privacy Committee(SPC), 2004.
[23] Anderson R., Stajano F., Lee J.H., ”Security Policies,” J. Advances in Computers, vol. 2, no. 4, pp. 185-235, 2002.
[24] Helmut Petritsch, Handling Exceptional Situations in Access Control, Springer Fachmedien Wiesbaden, pp. 37-50, Sep. 2014, doi:10.1007/978-3-658-07365-7 3.
[25] Georgakakis, E., Nikolidakis, S.A., Vergados, D.D., and Douligeris, C., ”Spatio Temporal Emergency Role Based Access Control (STEM-RBAC): A time and location aware role based access control model with a break the glass mechanism,” proc.IEEE Symposium on Computers and Communications (ISCC), pp. 764-770, Jul. 2011, doi:10.1109/ISCC.2011.5983932.