Policy models to protect resource retrieval

Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies Pub Date : 2014-06-25 DOI:10.1145/2613087.2613111

H. Vijayakumar, Xinyang Ge, T. Jaeger

{"title":"Policy models to protect resource retrieval","authors":"H. Vijayakumar, Xinyang Ge, T. Jaeger","doi":"10.1145/2613087.2613111","DOIUrl":null,"url":null,"abstract":"Processes need a variety of resources from their operating environment in order to run properly, but adversary may control the inputs to resource retrieval or the end resource itself, leading to a variety of vulnerabilities. Conventional access control methods are not suitable to prevent such vulnerabilities because they use one set of permissions for all system call invocations. In this paper, we define a novel policy model for describing when resource retrievals are unsafe, so they can be blocked. This model highlights two contributions: (1) the explicit definition of adversary models as adversarial roles, which list the permissions that dictate whether one subject is an adversary of another, and (2) the application of data-flow to determine the adversary control of the names used to retrieve resources. An evaluation using multiple adversary models shows that data-flow is necessary to authorize resource retrieval in over 90% of system calls. By making adversary models and the adversary accessibility of all aspects of resource retrieval explicit, we can block resource access attacks system-wide.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"279 1","pages":"211-222"},"PeriodicalIF":0.0000,"publicationDate":"2014-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2613087.2613111","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Processes need a variety of resources from their operating environment in order to run properly, but adversary may control the inputs to resource retrieval or the end resource itself, leading to a variety of vulnerabilities. Conventional access control methods are not suitable to prevent such vulnerabilities because they use one set of permissions for all system call invocations. In this paper, we define a novel policy model for describing when resource retrievals are unsafe, so they can be blocked. This model highlights two contributions: (1) the explicit definition of adversary models as adversarial roles, which list the permissions that dictate whether one subject is an adversary of another, and (2) the application of data-flow to determine the adversary control of the names used to retrieve resources. An evaluation using multiple adversary models shows that data-flow is necessary to authorize resource retrieval in over 90% of system calls. By making adversary models and the adversary accessibility of all aspects of resource retrieval explicit, we can block resource access attacks system-wide.

查看原文本刊更多论文

保护资源检索的策略模型

流程需要来自其操作环境的各种资源才能正常运行，但是攻击者可能会控制资源检索的输入或最终资源本身，从而导致各种漏洞。传统的访问控制方法不适合防止此类漏洞，因为它们对所有系统调用调用使用一组权限。在本文中，我们定义了一个新的策略模型，用于描述资源检索何时是不安全的，因此可以阻止它们。该模型突出了两个贡献:(1)对手模型作为对抗角色的显式定义，它列出了决定一个主体是否为另一个主体的对手的权限，以及(2)数据流的应用程序，以确定对手对用于检索资源的名称的控制。使用多个对手模型的评估表明，在90%以上的系统调用中，数据流是授权资源检索所必需的。通过明确攻击者模型和攻击者对资源检索各方面的可访问性，我们可以在系统范围内阻止资源访问攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies

自引率

0.00%

发文量