Abstract
New commercial operating systems e.g., Windows 7 and 8, and research operating systems such as Asbestos and Flume, include labels for integrity/confidentiality protection. Unlike the strict Bell-LaPadula mandatory access controls, these labels are allowed to change in controlled ways by users and applications. The implications of these dynamic changes need to be examined carefully, and existing formalisms cannot express or help us understand their impact on access control safety. We present a logic-programming framework to specify, analyze and automatically verify such dynamic access control models. We study the problem of reachability (equivalently safety) in these models and show that they are undecidable in the general case. We also identify an expressive fragment of this formalism that has a sound and complete decision procedure. We build a theory (and tools) for reasoning about information-flow in the general context, and show its application on real-world use-cases. We are able to highlight several important vulnerabilities in these models, as well as suggest design changes that can be provably validated.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: On protection in operating systems. In: SOSP 1975: Proceedings of the Fifth ACM Symposium on Operating Systems Principles, pp. 14–24 (1975)
Denning, D.: Cryptography and Data Security. Addison Wesley (1982)
Lampson, B.W.: Protection. In: Proc. Fifth Princeton Symposium on Information Sciences and Systems (1971)
Jones, A.K., Lipton, R.J., Snyder, L.: A linear time algorithm for deciding security. In: Symposium on Foundations of Computer Science, pp. 33–41 (1976)
Bishop, M.: Theft of information in the take-grant protection model. In: CSFW, pp. 194–218 (1988)
Hicks, B., Rueda, S., St. Clair, L., Jaeger, T., McDaniel, P.: A logical specification and analysis for selinux mls policy. ACM Trans. Inf. Syst. Secur. 13, 26:1–26:31 (2010)
Mao, Z., Li, N., Chen, H., Jiang, X.: Trojan horse resistant discretionary access control. In: SACMAT, pp. 237–246 (2009)
Vandebogart, S., Efstathopoulos, P., Kohler, E., Krohn, M., Frey, C., Ziegler, D., Kaashoek, F., Morris, R., Mazières, D.: Labels and event processes in the asbestos operating system. ACM Trans. Comput. Syst. 25(4), 11 (2007)
Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making information flow explicit in histar. In: OSDI 2006: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, p. 19. USENIX Association, Berkeley (2006)
Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations and model. Technical Report M74-244, MITRE Corp. (1975)
Biba, K.J.: Integrity considerations for secure computer systems. Technical Report TR-3153, MITRE Corp. (1977)
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
Loscocco, P., Smalley, S., Muckelbauer, P., Taylor, R., Turner, J., Farrell, J.: The inevitability of failure: The flawed assumption of security in modern computing environments. Technical report, United Stated National Security Agency, NSA (1995)
Naldurg, P., Schwoon, S., Rajamani, S., Lambert, J.: Netra: seeing through access control. In: FMSE 2006: Proceedings of the Fourth ACM Workshop on Formal Methods in Security, pp. 55–66 (2006)
Ramakrishnan, R., Gehrke, J.: Database Management Systems. McGraw-Hill Science/Engineering/Math. (2002)
Sarna-Starosta, B., Stoller, S.D.: Policy analysis for security-enhanced linux. In: Proceedings of the 2004 Workshop on Issues in the Theory of Security, WITS, pp. 1–12 (April 2004), http://www.cs.sunysb.edu/~stoller/WITS2004.html
Dougherty, D.J., Fisler, K., Krishnamurthi, S.: Specifying and Reasoning About Dynamic Access-Control Policies. In: Furbach, U., Shankar, N. (eds.) IJCAR 2006. LNCS (LNAI), vol. 4130, pp. 632–646. Springer, Heidelberg (2006)
Guttman, J., Herzog, A.: Rigorous automated network security management (2004)
Lampson, B.W.: Protection. ACM Operating Systems Rev. 8(1), 18–24 (1974)
Chaudhuri, A., Naldurg, P., Rajamani, S.K., Ramalingam, G., Velaga, L.: Eon: modeling and analyzing dynamic access control systems with logic programs. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 381–390 (2008)
Levy, A., Mumick, I.S., Sagiv, Y., Shmueli, O.: Equivalence, query-reachability and satisfiability in Datalog extensions. In: PODS 1993: Proc. Principles of Database Systems, pp. 109–122. ACM Press (1993)
Halevy, A.Y., Mumick, I.S., Sagiv, Y., Shmueli, O.: Static analysis in datalog extensions. J. ACM 48(5), 971–1012 (2001)
Naldurg, P., Raghavendra, K.R.: Seal: a logic programming framework for specifying and verifying access control models. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011, pp. 83–92 (2011)
Paveza, R.: User-prompted elevation of unintended code in windows vista. World Wide Web Electronic Publication (2009)
Barker, S., Leuschel, M., Varea, M.: Efficient and flexible access control via jones-optimal logic program specialisation. Higher Order Symbol. Comput. 21, 5–35 (2008)
Barker, S., Stuckey, P.J.: Flexible access control policy specification with constraint logic programming. ACM Trans. Inf. Syst. Secur. 6, 501–546 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Naldurg, P. (2012). Foundations of Dynamic Access Control. In: Venkatakrishnan, V., Goswami, D. (eds) Information Systems Security. ICISS 2012. Lecture Notes in Computer Science, vol 7671. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35130-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-35130-3_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35129-7
Online ISBN: 978-3-642-35130-3
eBook Packages: Computer ScienceComputer Science (R0)