ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Resolving constraint conflicts
Full text PdfPdf (122 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the ninth ACM symposium on Access control models and technologies table of contents
Yorktown Heights, New York, USA
SESSION: Constraints table of contents
Pages: 105 - 114  
Year of Publication: 2004
ISBN:1-58113-872-5
Authors
Trent Jaeger  IBM T.J. Watson Research Center, Hawthorne, NY
Reiner Sailer  IBM T.J. Watson Research Center, Hawthorne, NY
Xiaolan Zhang  IBM T.J. Watson Research Center, Hawthorne, NY
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 6,   Downloads (12 Months): 44,   Citation Count: 7
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/990036.990053
What is a DOI?

ABSTRACT

In this paper, we define constraint conflicts and examine properties that may aid in guiding their resolution. A constraint conflict is an inconsistency between the access control policy and the constraints specified to limit that policy. For example, a policy that permits a high integrity subject to access low integrity data is in conflict with a Biba integrity constraint. Constraint conflicts differ from typical policy conflicts in that constraints are never supposed to be violated. That is, a conflict with a constraint results in a policy compilation error, whereas policy conflicts are resolved at runtime. As we have found in the past, when constraint conflicts occur in a specification a variety of resolutions are both possible and practical. In this paper, we detail some key formal properties of constraint conflicts and show how these are useful in guiding conflict resolution. We use the SELinux example policy for Linux 2.4.19 as the source of our constraint conflicts and resolution examples. The formal properties are used to guide the selection of resolutions and provide a basis for a resolution language that we apply to resolve conflicts in the SELinux example policy.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Gail-Joon Ahn , Ravi Sandhu, Role-based authorization constraints specification, ACM Transactions on Information and System Security (TISSEC), v.3 n.4, p.207-226, Nov. 2000  [doi>10.1145/382912.382913]
 
2
L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker, and S. A. Haghighat. A Domain and Type Enforcement UNIX prototype. In Proceedings of the 1995 USENIX Security Symposium, 1995.
 
3
D. Bell and L. LaPadula. Secure Computer Systems: Mathematical Foundations (Volume 1). Mitre Technical Report, ESD-TR-73-278, 1973.
4
Salem Benferhat , Rania El Baida , Frédéric Cuppens, A stratification-based approach for handling conflicts in access control, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775437]
 
5
K. J. Biba. Integrity considerations for secure computer systems. Technical Report MTR-3153, Mitre Corporation, Mitre Corp, Bedford MA, June 1975.
 
6
W. E. Boebert and R. Y. Kain. A Practical Alternative to Hierarchical Integrity Policies. In Proceedings of the 8th National Computer Security Conference, Gaithersburg, Maryland, 1985.
 
7
D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In Proceedings of the 1987 IEEE Symposium on Security and Privacy, 1987.
8
Jason Crampton, Specifying and enforcing constraints in role-based access control, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775419]
9
David F. Ferraiolo , R. Chandramouli , Gail-Joon Ahn , Serban I. Gavrila, The role control center: features and case studies, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775415]
 
10
E. Ferrari and B. Thuraisingham. Secure database systems. In O. Diaz and M. Piattini, editors, Advanced Databases: Technology and Design, 2000.
 
11
Timothy Fraser, LOMAC: Low Water-Mark Integrity Protection for COTS Environments, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.230, May 14-17, 2000
12
Trent Jaeger , Jonathon E. Tidswell, Practical safety in flexible access control models, ACM Transactions on Information and System Security (TISSEC), v.4 n.2, p.158-190, May 2001  [doi>10.1145/501963.501966]
 
13
T. Jaeger, A. Edwards, and X. Zhang. The access control spaces model. ACM Transactions on Information and System Security (TISSEC), 6(3), August 2003.
 
14
T. Jaeger, R. Sailer, and X. Zhang. Analyzing integrity protection in the SELinux example policy. In Proceedings of the 12th USENIX Security Symposium, August 2003.
 
15
Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.31, May 04-07, 1997
 
16
LinuxSecurity.com Advisories. www.linuxsecurity.com/advisories/turbolinux advisory-587.html, July 2000.
 
17
Patrick McDaniel , Atul Prakash, Methods and Limitations of Security Policy Reconciliation, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.73, May 12-15, 2002
 
18
National Security Agency. Security-Enhanced Linux (SELinux). http://www.nsa.gov/selinux, 2003.
 
19
J. Ramsdell. SELinux Analysis Tools www.ccs.neu.edu/home/ramsdell/tools/selinux/slat-1.0.1.tar.gz, 2003.
 
20
S. Smalley and T. Fraser. A security policy configuration for Security-Enhanced Linux. Available at http://www.nsa.gov/selinux, 2003.
 
21
Tresys Technology. Security-Enhanced Linux research. www.tresys.com/selinux.html, 2003.
 
22
Security Policy Reconciliation in Distributed Computing Environments, Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'04), p.137, June 07-09, 2004
 
23
Chris Wright , Crispin Cowan , Stephen Smalley , James Morris , Greg Kroah-Hartman, Linux Security Modules: General Security Support for the Linux Kernel, Proceedings of the 11th USENIX Security Symposium, p.17-31, August 05-09, 2002

CITED BY  7
Luis Franco , Tony Sahama , Peter Croll, Security enhanced Linux to enforce mandatory access control in health information systems, Proceedings of the second Australasian workshop on Health data and knowledge management, January 01-01, 2008, Wollongong, NSW, Australia
Lawrence Teo , Gail-Joon Ahn, Supporting access control policies across multiple operating systems, Proceedings of the 43rd annual southeast regional conference, March 18-20, 2005, Kennesaw, Georgia
Trent Jaeger , Reiner Sailer , Umesh Shankar, PRIMA: policy-reduced integrity measurement architecture, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
Lawrence Teo , Gail-Joon Ahn, Managing heterogeneous network environments using an extensible policy framework, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
Trent Jaeger , Reiner Sailer , Yogesh Sreenivasan, Managing the risk of covert information flows in virtual machine systems, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Wenjuan Xu , Mohamed Shehab , Gail-Joon Ahn, Visualization based policy analysis: case study in SELinux, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Michael LeMay , Omid Fatemieh , Carl A. Gunter, PolicyMorph: interactive policy transformations for a logical attribute-based access control framework, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection

  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.2 Social Issues


General Terms:
Design, Management, Security


Keywords:
access control models, constraint models, policy design

Collaborative Colleagues:
Trent Jaeger: colleagues
Reiner Sailer: colleagues
Xiaolan Zhang: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player