{"title":"A cryptographic access control architecture secure against privileged attackers","authors":"Christian N. Payne","doi":"10.1145/1314466.1314478","DOIUrl":"https://doi.org/10.1145/1314466.1314478","url":null,"abstract":"The overwhelming majority of existing access control schemes use active protection mechanisms where a security kernel enforces policy based upon an identity label assigned to each process. However, this design is fragile as a result of widely-used but flawed privilege architectures where all special privileges are assigned to a single identity. As a result, this account is required for all administrative tasks and, in practice, is often compromised leading to system-wide security failure. This paper describes an alternative, `locks and keys' based access control architecture which leverages the passive nature of cryptography as a protection mechanism to limit the impact of this problem. This is more flexible than existing cryptographic file systems since it provides the same features as conventional access control schemes. Furthermore, it achieves its specified security objectives of confidentiality and verifiable integrity even in the face of an attacker who can bypass the security kernel and directly modify objects on the disk. This addresses the need for stronger security architectures in contemporary operating systems while presenting the user with the simple and well-understood interface of an access control scheme.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129364091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Yet another MicroArchitectural Attack:: exploiting I-Cache","authors":"O. Aciiçmez","doi":"10.1145/1314466.1314469","DOIUrl":"https://doi.org/10.1145/1314466.1314469","url":null,"abstract":"MicroArchitectural Attacks (MA), which can be considered as a special form of Side-Channel Analysis, exploit microarchitectural functionalities of processor implementations and can compromise the security of computational environments even in the presence of sophisticated protection mechanisms like virtualization and sandboxing. This newly evolving research area has attracted significant interest due to the broad application range and the potentials of these attacks. Cache Analysis and Branch Prediction Analysis were the only types of MA that had been known publicly. In this paper, we introduce Instruction Cache (I-Cache) as yet another source of MA and present our experimental results which clearly prove the practicality and danger of I-Cache Attacks.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121479471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jodie P. Boyer, Ragib Hasan, L.E. Olson, N. Borisov, Carl A. Gunter, David Raila
{"title":"Improving multi-tier security using redundant authentication","authors":"Jodie P. Boyer, Ragib Hasan, L.E. Olson, N. Borisov, Carl A. Gunter, David Raila","doi":"10.1145/1314466.1314475","DOIUrl":"https://doi.org/10.1145/1314466.1314475","url":null,"abstract":"Multi-tier web server systems are used in many important contexts and their security is a major cause of concern. Such systems can exploit strategies like least privilege to make lower tiers more secure in the presence of compromised higher tiers. In this paper, we investigate an extension of this technique in which higher tiers are required to provide evidence of the authentication of principals when they make requests of lower tiers. This concept, which we call redundant authentication, enables lower tiers to provide security guarantees that improve significantly over current least privilege strategies. We validate this technique by applying it to a practical Building Automation System (BAS) application, where we explore the use of redundant authentication in conjunction with an authentication proxy to enable interoperation with existing enterprise authentication services.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129520198","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati
{"title":"A data outsourcing architecture combining cryptography and access control","authors":"S. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati","doi":"10.1145/1314466.1314477","DOIUrl":"https://doi.org/10.1145/1314466.1314477","url":null,"abstract":"Data outsourcing is becoming today a successful solution that allows users and organizations to exploit external servers for the distribution of resources. Some of the most challenging issues in such a scenario are the enforcement of authorization policies and the support of policy updates. Since a common approach for protecting the outsourced data consists in encrypting the data themselves, a promising approach for solving these issues is based on the combination of access control with cryptography. This idea is in itself not new, but the problem of applying it in an outsourced architecture introduces several challenges. In this paper, we first illustrate the basic principles on which an architecture for combining access control and cryptography can be built. We then illustrate an approach for enforcing authorization policies and supporting dynamic authorizations, allowing policy changes and data updates at a limited cost in terms of bandwidth and computational power.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131576471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Some thoughts on security after ten years of qmail 1.0","authors":"D. Bernstein","doi":"10.1145/1314466.1314467","DOIUrl":"https://doi.org/10.1145/1314466.1314467","url":null,"abstract":"The qmail software package is a widely used Internet-mail transfer agent that has been covered by a security guarantee since 1997. In this paper, the qmail author reviews the history and security-relevant architecture of qmail; articulates partitioning standards that qmail fails to meet; analyzes the engineering that has allowed qmail to survive this failure; and draws various conclusions regarding the future of secure programming.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"8 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130126053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kevin R. B. Butler, Stephen E. McLaughlin, P. Mcdaniel
{"title":"Non-volatile memory and disks:: avenues for policy architectures","authors":"Kevin R. B. Butler, Stephen E. McLaughlin, P. Mcdaniel","doi":"10.1145/1314466.1314479","DOIUrl":"https://doi.org/10.1145/1314466.1314479","url":null,"abstract":"As computing models change, so too do the demands on storage. Distributed and virtualized systems introduce new vulnerabilities, assumptions, and performance requirements on disks. However,traditional storage systems have very limited capacity to implement needed \"advanced storage\" features such as integrity and dataisolation. This is largely due to the simple interfaces and limited computing resources provided by commodity hard-drives. A new generation of storage devices affords better opportunities to meet these new models, but little is known about how to exploit them. In this paper, we show that the recently introduced fast-accessnon-volatile RAM-enhanced hybrid (HHD) disk architectures can be used to implement a range of valuable storage-security services. We specifically discuss the use of these new architectures to provide data integrity, capability-based access control, and labeled information flow at the disk access layer. In this, we introduce systems that place a security perimeter at the disk interface--and deal with the parent operating system only as a largely untrusted entity.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115298734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Analysis of three multilevel security architectures","authors":"T. Levin, C. Irvine, C. Weissman, Thuy D. Nguyen","doi":"10.1145/1314466.1314473","DOIUrl":"https://doi.org/10.1145/1314466.1314473","url":null,"abstract":"Various system architectures have been proposed for high assurance enforcement of multilevel security. This paper provides an analysis of the relative merits of three architectural types -- one based on a security kernel, another based on a traditional separation kernel, and a third based on a least-privilege separation kernel. We introduce the Least Privilege architecture, which incorporates security features from the recent \"Separation Kernel Protection Profile,\" and show how it can provide several unique aspects of security and assurance, although each architecture has advantages.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127023769","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
W. Enck, S. Rueda, Joshua Schiffman, Yogesh Sreenivasan, Luke St. Clair, T. Jaeger, P. Mcdaniel
{"title":"Protecting users from \"themselves\"","authors":"W. Enck, S. Rueda, Joshua Schiffman, Yogesh Sreenivasan, Luke St. Clair, T. Jaeger, P. Mcdaniel","doi":"10.1145/1314466.1314472","DOIUrl":"https://doi.org/10.1145/1314466.1314472","url":null,"abstract":"Computer usage and threat models have changed drastically since the advent of access control systems in the 1960s. Instead of multiple users sharing a single file system, each user has many devices with their own storage. Thus, a user's fear has shifted away from other users' impact on the same system to the threat of malice in the software they intentionally or even inadvertently run. As a result, we propose a new vision for access control: one where individual users are isolated by default and where the access of individual user applications is carefully managed. A key question is how much user administration effort would be required if a system implementing this vision were constructed. In this paper, we outline our work on just such a system, called PinUP, which manages file access on a per application basis for each user. We use historical data from our lab's users to explore how much user and system administration effort is required. Since administration is required for user sharing in PinUP, we find that sharing via mail and file repositories requires a modest amount of administrative effort, a system policy change every couple of days and a small number of user administrative operations a day. We are encouraged that practical administration on such a scale is possible given an appropriate and secure user approach.","PeriodicalId":121387,"journal":{"name":"Workshop on Computer Security Architecture","volume":"181 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2007-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122930661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
