Integrated Access Permission: Secure and Simple Policy Description by Integration of File Access Vector Permission

2008 International Conference on Information Security and Assurance (isa 2008) Pub Date : 2008-04-24 DOI:10.1109/ISA.2008.21

T. Yamaguchi, T. Tabata, Y. Nakamura

{"title":"Integrated Access Permission: Secure and Simple Policy Description by Integration of File Access Vector Permission","authors":"T. Yamaguchi, T. Tabata, Y. Nakamura","doi":"10.1109/ISA.2008.21","DOIUrl":null,"url":null,"abstract":"In pervasive computing, embedded systems have a possibility to be attacked by crackers, including 0-day attack, as well as enterprise systems. In particular, in a case where a cracker gets a root privilege, damages are significant. To resolve this problem, Security-Enhanced Linux (SELinux) is useful. However, SELinux has a problem that is significant complexity for configuration because of too fine-grained access control. As a method for resolving this problem, SELinux Policy Editor (SEEdit) has been developed; this is a tool that simplifies the SELinux configuration. SEEdit uses the Simplified Policy Description Language (SPDL) as a policy description language. In the SPDL, we define new access permissions that integrate Access Vector Permissions (AVPs) employed in SELinux to provide access permissions in a security policy. Thus, we propose a set of access permissions named Integrated Access Permissions (IAPs), which enables the achievement of a good balance between reducing the workload of the configurations and guaranteeing security in SELinux. In addition, we evaluate our IAPs and show them almost secure.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Conference on Information Security and Assurance (isa 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISA.2008.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

In pervasive computing, embedded systems have a possibility to be attacked by crackers, including 0-day attack, as well as enterprise systems. In particular, in a case where a cracker gets a root privilege, damages are significant. To resolve this problem, Security-Enhanced Linux (SELinux) is useful. However, SELinux has a problem that is significant complexity for configuration because of too fine-grained access control. As a method for resolving this problem, SELinux Policy Editor (SEEdit) has been developed; this is a tool that simplifies the SELinux configuration. SEEdit uses the Simplified Policy Description Language (SPDL) as a policy description language. In the SPDL, we define new access permissions that integrate Access Vector Permissions (AVPs) employed in SELinux to provide access permissions in a security policy. Thus, we propose a set of access permissions named Integrated Access Permissions (IAPs), which enables the achievement of a good balance between reducing the workload of the configurations and guaranteeing security in SELinux. In addition, we evaluate our IAPs and show them almost secure.

查看原文本刊更多论文

集成访问权限:通过文件访问矢量权限集成实现安全、简单的策略描述

在普及计算中，嵌入式系统和企业系统都有可能受到黑客攻击，包括零日攻击。特别是，在黑客获得根权限的情况下，损害是显著的。为了解决这个问题，Security-Enhanced Linux (SELinux)非常有用。但是，SELinux有一个问题，由于过于细粒度的访问控制，配置非常复杂。作为解决这个问题的方法，SELinux策略编辑器(SEEdit)已经被开发出来;这是一个简化SELinux配置的工具。SEEdit使用SPDL (Simplified Policy Description Language)作为策略描述语言。在SPDL中，我们定义了新的访问权限，它集成了SELinux中使用的访问向量权限(avp)，以在安全策略中提供访问权限。因此，我们提出了一组访问权限，称为集成访问权限(IAPs)，它可以在SELinux中减少配置工作负载和保证安全性之间实现良好的平衡。此外，我们评估了我们的iap并证明它们几乎是安全的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 International Conference on Information Security and Assurance (isa 2008)

自引率

0.00%

发文量