Efficient IRM enforcement of history-based access control policies

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Efficient IRM enforcement of history-based access control policies

Full text

Pdf (723 KB)

Source

ASIAN ACM Symposium on Information, Computer and Communications Security archive
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security table of contents

Sydney, Australia

SESSION: Software security table of contents

Pages 35-46

Year of Publication: 2009

ISBN:978-1-60558-394-5

Authors

Fei Yan	University of Regina Regina, Saskatchewan, Canada
Philip W. L. Fong	University of Regina Regina, Saskatchewan, Canada

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 8, Downloads (12 Months): 67, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1533057.1533066 What is a DOI?

ABSTRACT

Inlined Reference Monitor (IRM) is an established enforcement mechanism for history-based access control policies. IRM enforcement injects monitoring code into the binary of an untrusted program in order to track its execution history. The injected code denies access when execution deviates from the policy. The viability of IRM enforcement is predicated on the ability of the binary rewriting element to optimize away redundant monitoring code without compromising security.

This work proposes a novel optimization framework for IRM enforcement. The scheme is based on a constrained representation of history-based access control policies, which, despite its constrained expressiveness, can express such policies as separation of duty, generalized Chinese Wall policies, and hierarchical one-out-of-k authorization. An IRM optimization procedure has been designed to exploit the structure of this policy representation. The optimization scheme is then extended into a distributed optimization protocol, in which an untrusted code producer attempts to help boost the optimization effectiveness of an IRM enforcement mechanism administered by a distrusting code consumer. It is shown that the optimization procedure provably preserves security even in the midst of distributed optimization. A prototype of the optimization procedure has been implemented for Java bytecode, and its effectiveness has been empirically profiled.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	M. Abadi and C. Fournet. Access control based on execution history. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS'03), San Diego, California, USA, Feb. 2003.
	2	Irem Aktug , Mads Dam , Dilian Gurov, Provably Correct Runtime Monitoring, Proceedings of the 15th international symposium on Formal Methods, May 26-30, 2008, Turku, Finland [doi>10.1007/978-3-540-68237-0_19]
	3	Irem Aktug , Katsiaryna Naliuka, ConSpec -- A Formal Language for Policy Specification, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.1, p.45-58, February, 2008 [doi>10.1016/j.entcs.2007.10.013]
	4	Pavel Avgustinov , Julian Tibble , Oege de Moor, Making trace monitors feasible, Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications, October 21-25, 2007, Montreal, Quebec, Canada
	5	L. Bauer, J. Ligatti, and D. Walker. More enforceable security policies. In Proceedings of the Workshop on Foundations of Computer Security (FCS'02), Copenhagen, Denmark, July 2002.
	6	Frédéric Besson , Thomas Jensen , Daniel Le Métayer , Tommy Thorn, Model checking security properties of control flow graphs, Journal of Computer Security, v.9 n.3, p.217-250, January 2001
	7	Sandeep Bhatkar , Abhishek Chaturvedi , R. Sekar, Dataflow Anomaly Detection, Proceedings of the 2006 IEEE Symposium on Security and Privacy, p.48-62, May 21-24, 2006 [doi>10.1109/SP.2006.12]
	8	K. Biba. Integrity considerations for secure computer systems. Technical Report 76--372, U. S. Air Force Electronic Systems Division, 1977.
	9	W. E. Boebert and R. Y. Kain. A practical alternative to hierarchical integrity policies. In Proceedings of the 8th National Computer Security Conference, pages 18--27, Oct. 1985.
	10	D. F. C. Brewer and M. J. Nash. The Chinese Wall security policy. In Proceedings of the IEEE Symposium on Research in Security and Privacy (S&P'89), pages 206--214, Oakland, California, USA, May 1989.
	11	D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In Proceedings of the 1987 IEEE Symposium on Security and Privacy (S&P'87), pages 184--194, May 1987.
	12	Thomas Colcombet , Pascal Fradet, Enforcing trace properties by program transformation, Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.54-66, January 19-21, 2000, Boston, MA, USA [doi>10.1145/325694.325703]
	13	B. A. Davey and H. A. Priestley. Introduction to Lattices and Order. Cambridge University Press, 2nd edition, 2002.
	14	Guy Edjlali , Anurag Acharya , Vipin Chaudhary, History-based access control for mobile code, Proceedings of the 5th ACM conference on Computer and communications security, p.38-48, November 02-05, 1998, San Francisco, California, United States [doi>10.1145/288090.288102]
	15	D. Evans and A. Twyman. Flexible policy-directed code safety. In Proceedings of the 1999 IEEE Symposium on Security and Privacy (S&P'99), pages 32--45, Oakland, California, USA, May 1999.
	16	R. Fikes and N. Nilsson. STRIPS: A new approach to the application of theorem proving to problem solving. Artificial Intelligence, 2:189--208, 1971.
	17	P. W. L. Fong. Access control by tracking shallow execution history. In Proceedings of the 2004 IEEE Symposium on Security and Privacy (S&P'04), pages 43--55, Berkeley, California, USA, May 2004.
	18	L. Gong and R. Schemers. Implementing protection domains in the Java Development Kit 1.2. In Proceedings of the 1998 ISOC Symposium on Network and Distributed System Security (NDSS'98), San Diego, Carlifornia, USA, Mar. 1998.
	19	Kevin W. Hamlen , Greg Morrisett , Fred B. Schneider, Computability classes for enforcement mechanisms, ACM Transactions on Programming Languages and Systems (TOPLAS), v.28 n.1, p.175-205, January 2006 [doi>10.1145/1111596.1111601]
	20	T. Jensen, D. L. Métayer, and T. Thorn. Verification of control flow based security properties. In Proceedings of the 1999 IEEE Symposium on Security and Privacy (S&P'99), pages 89--103, Oakland, California, USA, May 1999.
	21	C. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. V. Lopes, J.-M. Loingtier, and J. Irwin. Aspect-oriented programming. In Proceedings of the 11th European Conference on Object-Oriented Programming (ECOOP'97), volume 1241 of LNCS, Finland, June 1997.
	22	J. Ligatti, L. Bauer, and D. Walker. Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security, 4(1--2):2--16, Feb. 2005.
	23	T. Y. Lin. Chinese Wall security policy: An aggressive model. In Proceedings of the Fifth Annual Computer Security Applications Conference (ACSAC'89), pages 282--289, Tucson, Arizona, USA, Dec. 1989.
	24	George C. Necula, Proof-carrying code, Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.106-119, January 15-17, 1997, Paris, France [doi>10.1145/263699.263712]
	25	Flemming Nielson , Hanne R. Nielson , Chris Hankin, Principles of Program Analysis, Springer-Verlag New York, Inc., Secaucus, NJ, 1999
	26	Benjamin C. Pierce, Types and programming languages, MIT Press, Cambridge, MA, 2002
	27	E. Rose and K. H. Rose. Lightweight bytecode verification. In The OOPSLA'98 Workshop on Formal Underpinnings of Java, Vancouver, BC, Canada, Nov. 1998.
	28	J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. In Proceedings of the IEEE, volume 63, pages 1278--1308, 1975.
	29	Fred B. Schneider, Enforceable security policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.1, p.30-50, Feb. 2000 [doi>10.1145/353323.353382]
	30	Fred B. Schneider , J. Gregory Morrisett , Robert Harper, A Language-Based Approach to Security, Informatics - 10 Years Back. 10 Years Ahead., p.86-101, January 2001
	31	R. Sekar , V.N. Venkatakrishnan , Samik Basu , Sandeep Bhatkar , Daniel C. DuVarney, Model-carrying code: a practical approach for safe execution of untrusted applications, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	32	A. Prasad Sistla , V. N. Venkatakrishnan , Michelle Zhou , Hilary Branske, CMV: automatic verification of complete mediation for java virtual machines, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan [doi>10.1145/1368310.1368327]
	33	Chamseddine Talhi , Nadia Tawbi , Mourad Debbabi, Execution monitoring enforcement for limited-memory systems, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada [doi>10.1145/1501434.1501480]
	34	Chamseddine Talhi , Nadia Tawbi , Mourad Debbabi, Execution monitoring enforcement under memory-limitation constraints, Information and Computation, v.206 n.2-4, p.158-184, February, 2008 [doi>10.1016/j.ic.2007.07.009]
	35	Úlfar Erlingsson , Fred B. Schneider, SASI enforcement of security policies: a retrospective, Proceedings of the 1999 workshop on New security paradigms, p.87-95, September 22-24, 1999, Caledon Hills, Ontario, Canada [doi>10.1145/335169.335201]
	36	Ulfar Erlingsson , Fred B. Schneider, IRM Enforcement of Java Stack Inspection, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.246, May 14-17, 2000
	37	Raja Vallée-Rai , Etienne Gagnon , Laurie J. Hendren , Patrick Lam , Patrice Pominville , Vijay Sundaresan, Optimizing Java Bytecode Using the Soot Framework: Is It Feasible?, Proceedings of the 9th International Conference on Compiler Construction, p.18-34, March 25-April 02, 2000
	38	Dan S. Wallach , Andrew W. Appel , Edward W. Felten, SAFKASI: a security mechanism for language-based systems, ACM Transactions on Software Engineering and Methodology (TOSEM), v.9 n.4, p.341-378, Oct. 2000 [doi>10.1145/363516.363520]
	39	J. Wang, Y. Takata, and H. Seki. HBAC: A model for history-based access control and its model checking. In Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS'06), volume 4189 of LNCS, pages 263--278, Hamburg, Germany, Sept. 2006. Springer.
	40	Ian Welch , Robert J. Stroud, Using reflection as a mechanism for enforcing security policies on compiled code, Journal of Computer Security, v.10 n.4, p.399-432, December 2002
	41	F. Yan and P. W. L. Fong. Efficient IRM enforcement of history-based access control policy. Technical Report CS-2008-03, Department of Computer Science, University of Regina, Regina, Saskatchewan, Canada, Nov. 2008.