Usable Mandatory Integrity Protection for Operating Systems

2007 IEEE Symposium on Security and Privacy (SP '07) Pub Date : 2007-05-20 DOI:10.1109/SP.2007.37

Ninghui Li, Ziqing Mao, Hong Chen

{"title":"Usable Mandatory Integrity Protection for Operating Systems","authors":"Ninghui Li, Ziqing Mao, Hong Chen","doi":"10.1109/SP.2007.37","DOIUrl":null,"url":null,"abstract":"Existing mandatory access control systems for operating systems are difficult to use. We identify several principles for designing usable access control systems and introduce the usable mandatory integrity protection (UMIP) model that adds usable mandatory access control to operating systems. The UMIP model is designed to preserve system integrity in the face of network-based attacks. The usability goals for UMIP are twofold. First, configuring a UMIP system should not be more difficult than installing and configuring an operating system. Second, existing applications and common usage practices can still be used under UMIP. UMIP has several novel features to achieve these goals. For example, it introduces several concepts for expressing partial trust in programs. Furthermore, it leverages information in the existing discretionary access control mechanism to derive file labels for mandatory integrity protection. We also discuss our implementation of the UMIP model for Linux using the Linux Security Modules framework, and show that it is simple to configure, has low overhead, and effectively defends against a number of network-based attacks.","PeriodicalId":131863,"journal":{"name":"2007 IEEE Symposium on Security and Privacy (SP '07)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"75","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE Symposium on Security and Privacy (SP '07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2007.37","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 75

Abstract

Existing mandatory access control systems for operating systems are difficult to use. We identify several principles for designing usable access control systems and introduce the usable mandatory integrity protection (UMIP) model that adds usable mandatory access control to operating systems. The UMIP model is designed to preserve system integrity in the face of network-based attacks. The usability goals for UMIP are twofold. First, configuring a UMIP system should not be more difficult than installing and configuring an operating system. Second, existing applications and common usage practices can still be used under UMIP. UMIP has several novel features to achieve these goals. For example, it introduces several concepts for expressing partial trust in programs. Furthermore, it leverages information in the existing discretionary access control mechanism to derive file labels for mandatory integrity protection. We also discuss our implementation of the UMIP model for Linux using the Linux Security Modules framework, and show that it is simple to configure, has low overhead, and effectively defends against a number of network-based attacks.

查看原文本刊更多论文

操作系统可用的强制完整性保护

现有的操作系统强制访问控制系统难以使用。我们确定了设计可用访问控制系统的几个原则，并介绍了可用强制完整性保护(UMIP)模型，该模型为操作系统增加了可用的强制访问控制。UMIP模型设计用于在面对基于网络的攻击时保持系统完整性。UMIP的可用性目标是双重的。首先，配置UMIP系统不应该比安装和配置操作系统更困难。其次，现有的应用程序和通用的使用实践仍然可以在UMIP下使用。UMIP有几个新颖的功能来实现这些目标。例如，介绍了几个表示程序部分信任的概念。此外，它利用现有的自主访问控制机制中的信息来派生用于强制完整性保护的文件标签。我们还讨论了使用Linux安全模块框架的Linux的UMIP模型的实现，并表明它配置简单，开销低，并且有效地防御了许多基于网络的攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2007 IEEE Symposium on Security and Privacy (SP '07)

自引率

0.00%

发文量