Skip to main content
Springer Nature Link
Log in

Security Policy Descriptions Through the Use of Control Structure of a Target Program

  • Conference paper
Software Security - Theories and Systems (ISSS 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3233))

Included in the following conference series:

  • 340 Accesses

Abstract

Running a program under surveillance by a reference monitor system is a promising approach to secure use of programs. However, with the existing reference monitor systems, it is difficult to make a security policy description that adequately conforms to the Least Privilege Principle. In this paper, we propose a novel mechanism of implementing reference monitor systems. Our mechanism utilizes information obtained by analyzing a target program before it is used. Our mechanism enables one to make security policy descriptions in a fine-grained manner, allowing persistence of the Least Privilege Principle. Our proposal includes a graphical user interface (GUI) tool that helps the user to describe the security policy. We describe implementation of a reference monitor system using our mechanism and implementation of the GUI tool. We measured the performance of our mechanism on a micro benchmark and macro benchmark.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. One, A.: Smashing The Stack For Fun And Profit. Phrack 49 (1996), http://www.phrack.org/show.php?p=49&a=14

  2. Anderson, J.P.: Computer Security Technology Planning Study. Technical report, Hanscom AFB, Bedford, MA (1972)

    Google Scholar 

  3. Saltzer, J.H., Sheroeder, M.D.: The Protection of Information in Computer Systems. Proceedings of the IEEE 63 (1975)

    Google Scholar 

  4. Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker. In: Proceedings of the 6th USENIX Security Symposium, San Jose (1996)

    Google Scholar 

  5. Gong, L., Schemers, R.: Implementing Protection Domains in the Java Development Kit 1.2. In: Proceedings of the Internet Society Symposium on Network and Distributed System Security, San Diego, California (1998)

    Google Scholar 

  6. Acharya, A., Raje, M.: MAPbox: Using Parameterized Behavior Classes to Confine Untrusted Applications. In: Proceedings of the 9th USENIX Security Symposium, Denver (2000)

    Google Scholar 

  7. Cowan, C., Beattie, S., Kroah-Hartman, G., Pu, C., Wagle, P., Gligor, V.: SubDomain: Parsimonious Server Security. In: Proceedings of the 14th Systems Administration Conference (LISA 2000), New Orleans (2000)

    Google Scholar 

  8. Kato, K., Oyama, Y.: SoftwarePot: An Encapsulated Transferable File System for Secure Software Circulation. Technical Report ISE-TR-02-185, Institute of Information Sciences and Electronics, University of Tsukuba (2002)

    Google Scholar 

  9. Kato, K., Oyama, Y., Kanda, K., Matsubara, K.: Software Circulation Using Sandboxed File Space - Previous Experience and New Approach. In: Proceedings of the 8th ECOOP Workshop on Mobile Object Systems (2002)

    Google Scholar 

  10. Gong, L.: Inside Java2 Platform Security. Addison-Wesley, Reading (1999)

    Google Scholar 

  11. Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient Software-Based Fault Isolation. In: Proceedings of the 14th ACM Symposium on Operating System Principles (SOSP 1993), Asheville, pp. 203–216 (1993)

    Google Scholar 

  12. Takahashi, M., Kono, K., Masuda, T.: Efficient Kernel Support of Fine-Grained Protection Domains for Mobile Code. In: Proceedings of the 19th International Conference on Distributed Computing Systems (ICDCS 1999), Austin, pp. 64–73 (1999)

    Google Scholar 

  13. Chiueh, T.-c., Venkitachalam, G., Pradhan, P.: Integrating segmentation and paging protection for safe, efficient and transparent software extensions. In: Proc. of the17th ACM Symp. on Operating Systems Principles (1999)

    Google Scholar 

  14. Free Software Foundation: binutils, http://www.gnu.org/directory/binutils.html

  15. IBM Corp.: Graph Foundation Classes for Java, http://alphaworks.ibm.com/tech/gfc

  16. Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors. In: Proceedings of the IEEE Symposium on Security and Privacy (2001)

    Google Scholar 

  17. Oyama, Y., Kato, K.: SecurePot: Secure Execution System using System Call Hook. In: The 18th annual convention of Japan Society for Software Science and Technology (2001) (in Japanese)

    Google Scholar 

  18. Check Point Software Technologies Ltd.: Visual Policy Editor, http://www.checkpoint.com/products/management/vpe.html

  19. Evans, D., Twyman, A.: Flexible Policy-Directed Code Safety. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, IEEE Computer Society, Technical Committee on Security and Privacy, pp. 32–45. IEEE Computer Society Press, Los Alamitos (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Doctoral Program in Engineering, University of Tsukuba, 1-1-1 Tennoudai, Tsukuba, Ibaraki, 305-8573, Japan

    Hirotake Abe

  2. Institute of Information Sciences and Electronics, University of Tsukuba, 1-1-1 Tennoudai, Tsukuba, Ibaraki, 305-8573, Japan

    Kazuhiko Kato

  3. CREST, Japan Science and Technology Agency,  

    Kazuhiko Kato

Authors
  1. Hirotake Abe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kazuhiko Kato
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Japan Advanced Institute of Science and Technology, (JAIST),  

    Kokichi Futatsugi

  2. Faculty of Science and Technology, Tokyo University of Science, Yamazaki 2641, Noda, Chiba, Japan

    Fumio Mizoguchi

  3. Tokyo Institute of Technology,  

    Naoki Yonezaki

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Abe, H., Kato, K. (2004). Security Policy Descriptions Through the Use of Control Structure of a Target Program. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds) Software Security - Theories and Systems. ISSS 2003. Lecture Notes in Computer Science, vol 3233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-37621-7_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-37621-7_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23635-1

  • Online ISBN: 978-3-540-37621-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics