Techniques for Automating Policy Specification for Application-oriented Access Controls

2011 Sixth International Conference on Availability, Reliability and Security Pub Date : 2011-08-22 DOI:10.1109/ARES.2011.47

Z. Schreuders, Christian N. Payne, T. McGill

{"title":"Techniques for Automating Policy Specification for Application-oriented Access Controls","authors":"Z. Schreuders, Christian N. Payne, T. McGill","doi":"10.1109/ARES.2011.47","DOIUrl":null,"url":null,"abstract":"By managing the authority assigned to each application, rule-based application-oriented access controls can significantly mitigate the threats posed by malicious code due to software vulnerabilities or malware. However, these policies are typically complex and difficult to develop. Learning modes can ease specification, however, they still require high levels of expertise to utilise correctly, and are most suited to confining non-malicious software. This paper presents a novel approach to automating policy specification for rule-based application-oriented access controls. The functionality-based application confinement (FBAC) model provides reusable parameterised abstractions. A number of straightforward yet effective techniques are presented that use these functionality-based abstractions to create application policies a priori, that is, without running programs before policies are specified. These techniques automate the specification of policy details by analysing program dependencies, program management information, and file system contents.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Sixth International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2011.47","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

By managing the authority assigned to each application, rule-based application-oriented access controls can significantly mitigate the threats posed by malicious code due to software vulnerabilities or malware. However, these policies are typically complex and difficult to develop. Learning modes can ease specification, however, they still require high levels of expertise to utilise correctly, and are most suited to confining non-malicious software. This paper presents a novel approach to automating policy specification for rule-based application-oriented access controls. The functionality-based application confinement (FBAC) model provides reusable parameterised abstractions. A number of straightforward yet effective techniques are presented that use these functionality-based abstractions to create application policies a priori, that is, without running programs before policies are specified. These techniques automate the specification of policy details by analysing program dependencies, program management information, and file system contents.

查看原文本刊更多论文

面向应用程序访问控制的策略规范自动化技术

通过管理分配给每个应用程序的权限，基于规则的面向应用程序的访问控制可以显著减轻由软件漏洞或恶意软件引起的恶意代码所构成的威胁。然而，这些政策通常很复杂，很难制定。学习模式可以简化规范，但是，它们仍然需要高水平的专业知识才能正确使用，并且最适合于限制非恶意软件。本文提出了一种基于规则的面向应用的访问控制策略规范自动化的新方法。基于功能的应用程序限制(FBAC)模型提供可重用的参数化抽象。本文提出了许多直接而有效的技术，它们使用这些基于功能的抽象来先验地创建应用程序策略，也就是说，在指定策略之前不运行程序。这些技术通过分析程序依赖关系、程序管理信息和文件系统内容，自动化了策略细节的规范。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 Sixth International Conference on Availability, Reliability and Security

自引率

0.00%

发文量