SecureBus

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

SecureBus: towards application-transparent trusted computing with mandatory access control

Full text

Pdf (155 KB)

Source

ASIAN ACM Symposium on Information, Computer and Communications Security archive
Proceedings of the 2nd ACM symposium on Information, computer and communications security table of contents

Singapore

SESSION: Access control table of contents

Pages: 117 - 126

Year of Publication: 2007

ISBN:1-59593-574-6

Authors

Xinwen Zhang	George Mason University, Fairfax, Virginia
Michael J. Covington	Intel Corporation, Hillsboro, Oregon
Songqing Chen	George Mason University, Fairfax, Virginia
Ravi Sandhu	George Mason University and TriCipher Inc.

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 9, Downloads (12 Months): 83, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1229285.1229304 What is a DOI?

ABSTRACT

The increasing number of software-based attacks has attracted substantial efforts to prevent applications from malicious interference. For example, Trusted Computing (TC) technologies have been recently proposed to provide strong isolation on application platforms. On the other hand, today pervasively available computing cycles and data resources have enabled various distributed applications that require collaboration among different application processes. These two conflicting trends grow in parallel. While much existing research focuses on one of these two aspects, a few authors have considered simultaneously providing strong isolation as well as collaboration convenience, particularly in the TC environment. However, none of these schemes is transparent. That is, they require modifications either of legacy applications or the underlying Operating System (OS).In this paper, we propose the SecureBus (SB) architecture, aiming to provide strong isolation and flexible controlled information flow and communication between processes at runtime. Since SB is application and OS transparent, existing applications can run without changes to commodity OS's. Furthermore, SB enables the enforcement of general access control policies, which is required but difficult to achieve for typical legacy applications. To study its feasibility and performance overhead, we have implemented a prototype system based on User-Mode Linux. Our experimental results show that SB can effectively achieve its design goals.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	LaGrande Technology Preliminary Architecture Specification, http://www.intel.com/technology/security/downloads/PRELIMLT-SPEC_D52212.htm.
	2	SETI@Home, http://setiathome.ssl.berkeley.edu/.
	3	TCG Specification Architecture Overview. https://www.trustedcomputinggroup.org.
	4	Universial TUN/TAP driver. http://vtun.sourceforge.net/tun/.
	5	Robert N. M. Watson, TrustedBSD: Adding Trusted Operating System Features to FreeBSD, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.15-28, June 25-30, 2001
	6	AMD platform for trustworthy computing. Microsoft WinHEC, http://www.microsoft.com/whdc/winhec/pres03.mspx, 2003.
	7	Technical introduction to next-generation secure computing base (NGSCB). Microsoft WinHEC, 2003.
	8	A. Baliga, L. Iftode, and X. Chen. Paladin: Automated detection and containment of rootkit attacks. Technical Report DCS-TR-593, Rutgers University, Department of Computer Science, 2006.
	9	Elisa Bertino , Barbara Catania , Elena Ferrari , Paolo Perlasca, A logical framework for reasoning about access control models, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.71-127, February 2003 [doi>10.1145/605434.605437]
	10	D. Brewer and M. Nash. The chinese wall security policy. In Proceedings of the IEEE Symposium On Research in Security and Privacy, pages 206--214, Oakland, California, 1988.
	11	Nicodemos Damianou , Naranker Dulay , Emil Lupu , Morris Sloman, The Ponder Policy Specification Language, Proceedings of the International Workshop on Policies for Distributed Systems and Networks, p.18-38, January 29-31, 2001
	12	Department of Defense National Computer Security Center. Trusted Database Interpretation of the Trusted Computer Systems Evaluation Criteria, April 1991. NCSC-TG-021.
	13	Jeff Dike. A user-mode port of the linux kernel. In Proceedings of the 2000 Linux Showcase and Conference, October 2000.
	14	I. Foster and C. Kesselman. Globus: A metacomputing infrastructure toolkit. International Journal of Supercmputer Applications, 11(2), 1997.
	15	Tal Garfinkel , Ben Pfaff , Jim Chow , Mendel Rosenblum , Dan Boneh, Terra: a virtual machine-based platform for trusted computing, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	16	V. Haldar, D. Chandra, and M. Franz. Semantic remote attestation - a virtual machine directed approach to trusted computing. In Proceedings of the Third virtual Machine Research and Technology Symposium, pages 29--41, San Jose, CA, USA, May 6--7 2004. USENIX.
	17	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.31, May 04-07, 1997
	18	John G. Levine , Julian B. Grizzard , Henry L. Owen, Detecting and Categorizing Kernel-Level Rootkits to Aid Future Detection, IEEE Security and Privacy, v.4 n.1, p.24, January 2006 [doi>10.1109/MSP.2006.11]
	19	Peter Loscocco , Stephen Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System, Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, p.29-42, June 25-30, 2001
	20	S. Muir, L. Peterson, M. Fiuczynski, J. Cappos, and J. Hartman. Proper: Privileged operations in a virtualised system environment. In Proceedings of Usenix Annual Technical Conference, 2005.
	21	OASIS XACML TC. Core Specification: eXtensible Access Control Markup Language (XACML), 2005.
	22	Rolf Oppliger , Ruedi Rytz, Does Trusted Computing Remedy Computer Security Problems?, IEEE Security and Privacy, v.3 n.2, p.16-19, March 2005 [doi>10.1109/MSP.2005.40]
	23	Manigandan Radhakrishnan , Jon A. Solworth, Application security support in the operating system kernel, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan [doi>10.1145/1128817.1128848]
	24	R.Sailer, T. Jaeger, E. Valdez, R. Perez, S. Berger, J. L. Griffin, and L. van Doorn. Building a mac-based security architecture for the xen opensource hypervisor. Technical report, IBM Research Report RC23629, 2005.
	25	A. Sadeghi and C. Stuble. Taming trusted platforms by operating system design. In Proceedings of the 4th International Workshop for Information Security Applications, LNCS 2908, pages 286--302, Berlin, Germany, August 2003.
	26	Ravi S. Sandhu, Lattice-Based Access Control Models, Computer, v.26 n.11, p.9-19, November 1993 [doi>10.1109/2.241422]
	27	Elaine Shi , Adrian Perrig , Leendert Van Doorn, BIND: A Fine-Grained Attestation Service for Secure Distributed Systems, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.154-168, May 08-11, 2005 [doi>10.1109/SP.2005.4]
	28	Sean W. Smith, Trusted Computing Platforms: Design and Applications, Springer-Verlag New York, Inc., Secaucus, NJ, 1899
	29	Chris Wright , Crispin Cowan , Stephen Smalley , James Morris , Greg Kroah-Hartman, Linux Security Modules: General Security Support for the Linux Kernel, Proceedings of the 11th USENIX Security Symposium, p.17-31, August 05-09, 2002