为更灵活的特权传播扩展Take-Grant模型

Proceedings of the 5th International Conference on Computer Science and Software Engineering Pub Date : 2022-10-21 DOI:10.1145/3569966.3570088

Liang-Jui Shen, Yusong Tan, Pian Tao, Pan Dong, Jun Ma

{"title":"为更灵活的特权传播扩展Take-Grant模型","authors":"Liang-Jui Shen, Yusong Tan, Pian Tao, Pan Dong, Jun Ma","doi":"10.1145/3569966.3570088","DOIUrl":null,"url":null,"abstract":"Capability is an important security mechanism in operating systems. The Take-Grant model, as a classic capability system access control model, only has basic rewriting rules to meet the needs of security analysis, but it is difficult to be used for flexible and fine-grained permission propagation. This paper extends the traditional Take-Grant model to control the propagation of capabilities from the direction of propagation, distance and size of propagation, so as to meet the needs of security policies in complex scenarios. Besides, this paper divides permissions to different domains, making the extended model more flexible. The given examples show that the proposed extension to Take-Grant model is more expressive and flexible when doing privilege propagation.","PeriodicalId":145580,"journal":{"name":"Proceedings of the 5th International Conference on Computer Science and Software Engineering","volume":"117 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Extending Take-Grant Model for More Flexible Privilege Propagation\",\"authors\":\"Liang-Jui Shen, Yusong Tan, Pian Tao, Pan Dong, Jun Ma\",\"doi\":\"10.1145/3569966.3570088\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Capability is an important security mechanism in operating systems. The Take-Grant model, as a classic capability system access control model, only has basic rewriting rules to meet the needs of security analysis, but it is difficult to be used for flexible and fine-grained permission propagation. This paper extends the traditional Take-Grant model to control the propagation of capabilities from the direction of propagation, distance and size of propagation, so as to meet the needs of security policies in complex scenarios. Besides, this paper divides permissions to different domains, making the extended model more flexible. The given examples show that the proposed extension to Take-Grant model is more expressive and flexible when doing privilege propagation.\",\"PeriodicalId\":145580,\"journal\":{\"name\":\"Proceedings of the 5th International Conference on Computer Science and Software Engineering\",\"volume\":\"117 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 5th International Conference on Computer Science and Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3569966.3570088\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 5th International Conference on Computer Science and Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3569966.3570088","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

能力是操作系统中一种重要的安全机制。Take-Grant模型作为一种经典的能力系统访问控制模型，只有基本的重写规则来满足安全分析的需要，但难以用于灵活的、细粒度的权限传播。本文对传统的Take-Grant模型进行了扩展，从传播方向、传播距离、传播规模等方面对能力的传播进行控制，以满足复杂场景下安全策略的需求。此外，本文还将权限划分到不同的域，使扩展模型更加灵活。实例表明，本文提出的扩展Take-Grant模型在进行权限传播时更具表现力和灵活性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Extending Take-Grant Model for More Flexible Privilege Propagation

Capability is an important security mechanism in operating systems. The Take-Grant model, as a classic capability system access control model, only has basic rewriting rules to meet the needs of security analysis, but it is difficult to be used for flexible and fine-grained permission propagation. This paper extends the traditional Take-Grant model to control the propagation of capabilities from the direction of propagation, distance and size of propagation, so as to meet the needs of security policies in complex scenarios. Besides, this paper divides permissions to different domains, making the extended model more flexible. The given examples show that the proposed extension to Take-Grant model is more expressive and flexible when doing privilege propagation.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 5th International Conference on Computer Science and Software Engineering

自引率

0.00%

发文量