ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Simplifying security policy descriptions for internet servers in secure operating systems
Full text PdfPdf (294 KB)
Source
Symposium on Applied Computing archive
Proceedings of the 2009 ACM symposium on Applied Computing table of contents
Honolulu, Hawaii
SESSION: Operating systems track table of contents
Pages 326-333  
Year of Publication: 2009
ISBN:978-1-60558-166-8
Authors
Toshihiro Yokoyama  Keio University, Kohoku-ku, Yokohama, Japan
Miyuki Hanaoka  Keio University, Kohoku-ku, Yokohama, Japan
Makoto Shimamura  Keio University, Kohoku-ku, Yokohama, Japan
Kenji Kono  Keio University, Kohoku-ku, Yokohama, Japan
Sponsor
SIGAPP: ACM Special Interest Group on Applied Computing
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 25,   Downloads (12 Months): 108,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1529282.1529352
What is a DOI?

ABSTRACT

Secure operating systems (secure OSes) are widely used to limit the damage caused by unauthorized access to Internet servers. However, writing a security policy based on the principle of least privilege for a secure OS is a challenge for an administrator. Considering that remote attackers can never attack a server before they establish connections to it, we propose a novel scheme that exploits phases to simplify security policy descriptions for Internet servers. In our scheme, the entire system has two execution phases: an initialization phase and a protocol processing phase. The initialization phase is defined as the phase before the server establishes connections to its clients, and the protocol processing phase is defined as the phase after it establishes connections. The key observation is that access control should be enforced by the secure OS only in the protocol processing phase to defend against remote attacks. Thus, we can omit the access-control policy in the initialization phase, which effectively reduces the number of policy rules. Our experimental results demonstrate that our scheme effectively reduces the number of descriptions; it eliminates 47.2%, 27.5%, and 24.0% of policy rules for HTTP, SMTP, and POP servers respectively, compared with an existing SELinux policy that includes the initialization of the server.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
N. S. Agency. Security-enhanced linux. http://www.nsa.gov/selinux/.
 
2
Argus System Group Inc. Pitbull lx. http://www.argus-system.com/.
3
Lujo Bauer , Scott Garriss , Michael K. Reiter, Detecting and resolving policy misconfigurations in access-control systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA  [doi>10.1145/1377836.1377866]
 
4
W. Boebert and R. Kain. A practical alternative to hierarchical integrity policies. In Proceedings of the 8th National Computer Security Conference, 1985.
5
Petros Efstathopoulos , Maxwell Krohn , Steve VanDeBogart , Cliff Frey , David Ziegler , Eddie Kohler , David Mazières , Frans Kaashoek , Robert Morris, Labels and event processes in the asbestos operating system, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
 
6
F. Foundation. Trusted bsd. http://www.trustedbsd.org/.
 
7
Joshua D. Guttman , Amy L. Herzog , John D. Ramsdell , Clement W. Skorupka, Verifying information flow goals in security-enhanced Linux, Journal of Computer Security, v.13 n.1, p.115-134, January 2005
 
8
C. Hanson. Selinux and mls: Putting the pieces together. Technical report, NAI-02-007, 2006.
 
9
R. Hat. Strict policy. http://www.redhat.com/.
 
10
R. Hat. Targeted policy. http://www.redhat.com/.
 
11
Hewlett-Packard Development Company. Virtualvault. http://www.hp.com/.
12
Boniface Hicks , Sandra Rueda , Luke St.Clair , Trent Jaeger , Patrick McDaniel, A logical specification and analysis for SELinux MLS policy, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France  [doi>10.1145/1266840.1266854]
13
Trent Jaeger , Antony Edwards , Xiaolan Zhang, Managing access control policies using access control spaces, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507713]
 
14
S. Microsystems. Trusted solaris. http://www.sun.com/.
15
Andrew C. Myers , Barbara Liskov, Protecting privacy using the decentralized label model, ACM Transactions on Software Engineering and Methodology (TOSEM), v.9 n.4, p.410-442, Oct. 2000  [doi>10.1145/363516.363526]
 
16
J. Saltzer and M. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(19): 1278--1308, 1975.
 
17
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
18
B. Sarna-Starosta and S. D. Stoller. Policy analysis for security-enhanced linux. In Proceedings of the 2004 Workshop on Issues in the Theory of Security (WITS '04), pages 1--12, 2004.
 
19
T. Shinagawa and K. Kono. Simplifying security policy descriptions exploiting phases in execution. In Proceedings of the 2006 Information Processing Society of Japan Symposium on Advanced Computing Systems and Inflastractures (SACSIS '06), pages 495--503, 2006.
 
20
Ray Spencer , Stephen Smalley , Peter Loscocco , Mike Hibler , David Andersen , Jay Lepreau, The flask security architecture: system support for diverse security policies, Proceedings of the 8th conference on USENIX Security Symposium, p.11-11, August 23-26, 1999, Washington, D.C.
 
21
Standard Performance Evaluation Corporation. Specmail2001. http://www.spec.org/mail2001/.
 
22
Standard Performance Evaluation Corporation. Specweb2005. http://www.spec.org/web2005/.
 
23
T. Technology. Apol. http://oss.tresys.com/.
 
24
C. Vance, T. Miller, and R. Dekelbaum. Security-enhanced darwin: Porting selinux to mac os x. In Proceedings of the Third Annual SEcurity Enhanced Linux Symposium, 2007.
25
Giorgio Zanin , Luigi Vincenzo Mancini, Towards a formal model for security policies specification and validation in the selinux system, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA  [doi>10.1145/990036.990059]
 
26
Nickolai Zeldovich , Silas Boyd-Wickizer , Eddie Kohler , David Mazières, Making information flow explicit in HiStar, Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, p.19-19, November 06-08, 2006, Seattle, WA

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)


General Terms:
Management, Security


Keywords:
SELinux, internet server, policy description, secure operating system

Collaborative Colleagues:
Toshihiro Yokoyama: colleagues
Miyuki Hanaoka: colleagues
Makoto Shimamura: colleagues
Kenji Kono: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player