A cryptographic access control architecture secure against privileged attackers

Workshop on Computer Security Architecture Pub Date : 2007-11-02 DOI:10.1145/1314466.1314478

Christian N. Payne

{"title":"A cryptographic access control architecture secure against privileged attackers","authors":"Christian N. Payne","doi":"10.1145/1314466.1314478","DOIUrl":null,"url":null,"abstract":"The overwhelming majority of existing access control schemes use active protection mechanisms where a security kernel enforces policy based upon an identity label assigned to each process. However, this design is fragile as a result of widely-used but flawed privilege architectures where all special privileges are assigned to a single identity. As a result, this account is required for all administrative tasks and, in practice, is often compromised leading to system-wide security failure. This paper describes an alternative, `locks and keys' based access control architecture which leverages the passive nature of cryptography as a protection mechanism to limit the impact of this problem. This is more flexible than existing cryptographic file systems since it provides the same features as conventional access control schemes. Furthermore, it achieves its specified security objectives of confidentiality and verifiable integrity even in the face of an attacker who can bypass the security kernel and directly modify objects on the disk. This addresses the need for stronger security architectures in contemporary operating systems while presenting the user with the simple and well-understood interface of an access control scheme.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Workshop on Computer Security Architecture","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1314466.1314478","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

The overwhelming majority of existing access control schemes use active protection mechanisms where a security kernel enforces policy based upon an identity label assigned to each process. However, this design is fragile as a result of widely-used but flawed privilege architectures where all special privileges are assigned to a single identity. As a result, this account is required for all administrative tasks and, in practice, is often compromised leading to system-wide security failure. This paper describes an alternative, `locks and keys' based access control architecture which leverages the passive nature of cryptography as a protection mechanism to limit the impact of this problem. This is more flexible than existing cryptographic file systems since it provides the same features as conventional access control schemes. Furthermore, it achieves its specified security objectives of confidentiality and verifiable integrity even in the face of an attacker who can bypass the security kernel and directly modify objects on the disk. This addresses the need for stronger security architectures in contemporary operating systems while presenting the user with the simple and well-understood interface of an access control scheme.

查看原文本刊更多论文

一种加密访问控制体系结构，可以防止特权攻击者

绝大多数现有的访问控制方案使用主动保护机制，其中安全内核根据分配给每个进程的标识标签强制执行策略。然而，由于广泛使用但存在缺陷的特权体系结构，这种设计是脆弱的，其中所有特权都分配给单个身份。因此，所有管理任务都需要这个帐户，而且在实践中，这个帐户经常被破坏，导致系统范围的安全故障。本文描述了另一种基于“锁和密钥”的访问控制架构，该架构利用密码学的被动特性作为保护机制来限制该问题的影响。这比现有的加密文件系统更灵活，因为它提供了与传统访问控制方案相同的特性。此外，即使面对可以绕过安全内核并直接修改磁盘上对象的攻击者，它也能实现其指定的机密性和可验证完整性的安全目标。这解决了在当代操作系统中对更强的安全架构的需求，同时为用户提供了访问控制方案的简单且易于理解的界面。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Workshop on Computer Security Architecture

自引率

0.00%

发文量