Skip to main content
SpringerLink
Log in

A Compositional Multiple Policies Operating System Security Model

  • Conference paper
Information Security Applications (WISA 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4867))

Included in the following conference series:

Abstract

Multilevel security policies aim at only confidentiality assurance, with less consideration on integrity assurance and weakness in expressing channel control policies. Besides, the trusted subjects it introduces to handle the information flow “downgrade” have many security flaws. Moreover, increasing diversity of the computing environments results in various security requirements. However, current mainstream security models are aiming at only one or few requirements of them each. The Multi-Policy Views Security Model is presented, which is based on the MLS model, combining the domain and role attributes to the model, to enforce the expression power in channel control policies, make permission management more fine-grained and enhance the ability of confining the permission of the trusted subjects. Moreover, MPVSM has integrated the properties and functions of MLS, Domain-Type and Role Based models into one unified model. It is able to enforce multi-policy views in operating system in a flexible way.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bell, D., La Padula, L.: Secure Computer Systems: Mathematical Foundations. Technical Report MTR-2547, vol. I, MITRE Corporation (1975)

    Google Scholar 

  2. Amoroso, E., Nguyen, T., Weiss, J., et al.: Towards an Approach to Measuring Software Trust. In: 1991 IEEE Symposium on Research in Security and Privacy, pp. 198–218 (1991)

    Google Scholar 

  3. Organick, E.: The MULTICS System: An Examination of Its Structure. MIT Press, Cambridge (1972)

    Google Scholar 

  4. Karger, P.A., Zurko, M.E., Bonin, D.W., et al.: A VMM security kernel for the VAX architecture. In: 1990 IEEE Symposium on Security and Privacy, pp. 2–19 (1990)

    Google Scholar 

  5. Shapiro, J., Doerrie, M.S., Northup, E., et al.: Towards a Verified, General-Purpose Operating System Kernel. In: 1st NICTA Workshop on Operating System Verification (2004)

    Google Scholar 

  6. Biba, K.: Integrity Considerations for Secure Computer Systems. Technical Report MTR-3153, MITRE Corporation (1977)

    Google Scholar 

  7. Eswaran, K., Chamberlin, D.: Functional Specifications of Subsystem for Database Integrity. In: The International Conference on Very Large Data Bases (1975)

    Google Scholar 

  8. Berger, J.L., Picciotto, J., Woodward, J.P.L., Cummings, P.T.: Compartmented mode workstation: Prototype highlights. IEEE Transactions on Software Engineering, Special Section on Security and Privacy 16, 608–618 (1990)

    Article  Google Scholar 

  9. Badger, L., Sterne, D.F., Sherman, D.L., et al.: A Domain and Type Enforcement UNIX Prototype. In: 5th USENIX UNIX Security Symposium (1995)

    Google Scholar 

  10. Spencer, R., Smalley, S., Hibler, M., et al.: The Flask Security Architecture: System Support for Diverse Security Policies. In: 8th USENIX Security Symposium, pp. 123–139 (1999)

    Google Scholar 

  11. Lipner, S.: Non-Discretionary Controls for Commercial Applications. In: 1982 Symposium on Privacy and Security (1982)

    Google Scholar 

  12. Osborn, S., Sandhu, R., Munawer, Q.: Configuring Role-based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Transactions on Information and System Security 3, 85–106 (2000)

    Article  Google Scholar 

  13. Fraser, T.: LOMAC–low water-mark mandatory access control for Linux. In: 9th USENIX Security Symposium (1999)

    Google Scholar 

  14. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control. IEEE Computer 29 (1996)

    Google Scholar 

  15. Loscocco, P., Smalley, S.: Meeting critical security objectives with security-enhanced linux. In: Ottawa Linux Symposium 2001 (2001)

    Google Scholar 

  16. Goldberg, R.P.: Architecture of virtual machines. In: AFIPS National Computer Conference, vol. 42, pp. 309–318 (1973)

    Google Scholar 

  17. Efstathopoulos, P., Krohn, M., VanDeBogart, S., et al.: Labels and Event Processes in the Asbestos Operating System. In: 20th Symposium on Operating Systems Principles (2005)

    Google Scholar 

  18. Radhakrishnan, M., Solworth, J.A.: Application Support in the Operating System Kernel. In: ACM Symposium on Information, Computer and Communications Security (2006)

    Google Scholar 

  19. Shapiro, J.S., Smith, J.M., Farber, D.J.: EROS: A Fast Capability System. In: 17th ACM symposium on Operating systems principles (1999)

    Google Scholar 

  20. Saltzer, J.H., Schroeder, M.D.: The protection of information in computer system. Proceedings of the IEEE 63, 1278–1308 (1975)

    Article  Google Scholar 

  21. Key Logic. The KeyKOS/KeySAFE System Design (1989), http://www.agorics.com/Library/KeyKos/keysafe/Keysafe.html

  22. Rushby, J.: Noninterference, Transitivity, and Channel-Control Security Policies. Technical Report CSL-92-02, Computer Science Lab, SRI International (1992)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory for Novel Software Technology, Department of Computer Science and Technology, Nanjing University, 22 Hankou Road, Nanjing, 210093, China

    Lei Xia, Wei Huang & Hao Huang

Authors
  1. Lei Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wei Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hao Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Industrial Engineering, KAIST, 373-1, Guseong-dong, Yuseong-gu, 305-701, Daejeon, Korea

    Sehun Kim

  2. RSA Labs, EMC Corp. and Department of Computer Science, Columbia University,, USA

    Moti Yung

  3. Div. Computer Information of Software, Hanshin University, 411, Yangsan-dong, 447-791, Osan, Gyunggi, South Korea

    Hyung-Woo Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Xia, L., Huang, W., Huang, H. (2007). A Compositional Multiple Policies Operating System Security Model. In: Kim, S., Yung, M., Lee, HW. (eds) Information Security Applications. WISA 2007. Lecture Notes in Computer Science, vol 4867. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77535-5_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77535-5_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77534-8

  • Online ISBN: 978-3-540-77535-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation