In this paper, we present a mandatory access control system that uses input from multiple stakeholders to compose policies based on runtime information. In the emerging open cell phone system environment, many devices run software whose access permissions depends on multiple stakeholders, such as the device owner, the service provider, the application owner, etc., rather than a single system administrator. However, current access control administration remains as either discretionary, allowing the running and perhaps compromised process to administer permissions, or mandatory, requiring a system administrator to know all permissions for all possible legal runs. A key problem is that users may download arbitrary programs to their devices, requiring that the system contain such programs while allowing some reasonable functionality. However, such programs may need access to permissions that in combination with other conflicting permissions may lead to an attack, such as allowing voice-over-IP calls. In our approach, we use a "soft" sand-boxing mechanism to first contain such processes, request the stakeholder to authorize operations outside the sandbox that are not prohibited by policy, and maintain a runtime execution role for the process to identify its access state to the stakeholders. We define a proxy policy server that caches and combines stakeholder policies to make such access decisions. Our framework was implemented by modifying the SELinux module and using a remote proxy policy server, although a local proxy policy server is also possible. We incur a 0.288 ts performance overhead only when stakeholders need to be consulted, and new permissions are cached.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Ars Technica. Smartphones market forecast. http://arstechnica.com/open-source/news/2008/06/23-of-smartphone-market-to-be-linux-powered-by-2013.ars, 2008.
	2	D. Bell, L. L. Padula, M. Ben-Ari, and G. Benson. Secure computer system unified exposition and multics interpretation. Communications of the ACM, 1988.
	3	L. Benavides, F. Taliberti, and J. Domene. The Rise of Wireless VoIP. Master in E-Business and ICT for Management-Politecnico di Torino, Italy, 2005.
	4	Piero Bonatti , Sabrina De Capitani di Vimercati , Pierangela Samarati, An algebra for composing access control policies, ACM Transactions on Information and System Security (TISSEC), v.5 n.1, p.1-35, February 2002  [doi>10.1145/504909.504910]
	5	D. Brewer and M. Nash. The chinese wall security policy. Security and Privacy, Proceedings., 1989.
	6	D. Ferraiolo, J. Cugini, and D. Kuhn. Role-based access control (rbac): Features and motivations. Proceedings 11th Annual Computer Security, 1995.
	7	Gartner Research. Smartphone Sales by OS. http://www.gartner.com/it/page.jsp?id=910112, 2008.
	8	C. Guo, H. J. Wang, and W. Zhu. Smart Phone Attacks and Defenses. In Proceedings of Third ACM Workshop on Hot Topics in Networks, 2004.
	9	Trent Jaeger , Xiaolan Zhang , Antony Edwards, Policy management using access control spaces, ACM Transactions on Information and System Security (TISSEC), v.6 n.3, p.327-364, August 2003  [doi>10.1145/937527.937528]
	10	Jaehong Park , Ravi Sandhu, The UCONABC usage control model, ACM Transactions on Information and System Security (TISSEC), v.7 n.1, p.128-174, February 2004  [doi>10.1145/984334.984339]
	11	Scott Kelby , Terry White, The iphone book: how to do the things you want to do with your iphone, Peachpit Press, Berkeley, CA, 2007
	12	Mary Thompson , William Johnston , Srilekha Mudumbai , Gary Hoo , Keith Jackson , Abdelilah Essiari, Certificate-based access control for widely distributed resources, Proceedings of the 8th conference on USENIX Security Symposium, p.17-17, August 23-26, 1999, Washington, D.C.
	13	National Security Agency. Security Enhanced Linux. http://www.nsa.gov/selinux.
	14	Symbian Limited. Symbian OS - the mobile operating system. http://www.symbian.com, 2006.
	15	Tresys technology, SETools for SELinux. http://www.tresys.com/selinux/selinux_policy_tools.shtml.
	16	W. Enck, M. Ongtang, and P. McDaniel. Automated Cellphone Application Certification in Android. Technical report, Pennsylvania State University, 2008.