Abstract
Type Enforcement (TE) and Role-Based Access Control (RBAC) are both applied widely in operating system security. Addressing the complexity of security configuration caused by the combination of TE and RBAC, this paper proposes a TE access control model featuring loose-coupled role authorization, named as RS-TEAC. In the model, the role-relevant subject domain transition is exploited to enable subjects with different roles entering their corresponding security domain. Hence the access control based on role authorization is achieved. The RS-TEAC model is implemented in Linux, and its effectiveness and performance are tested through a series of applications and experiments.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M.: A domain and type enforcement UNIX prototype. Usenix Computing Systems 9(1), 47–83 (1996)
Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the Linux operating system. NSA Technical Report (2001)
Loscocco, P.A., Smalley, S.D.: Meeting Critical Security Objectives with Security-Enhanced Linux. In: Proceedings of the 2001 Ottawa Linux Symposium (2001)
Sarna-starosta, B., Stoller, S.D.: Policy analysis for security enhanced Linux. In: Proceedings of the Workshop on Issues in the Theory of Security (WITS) (2004)
Jaeger, T., Zhang, X., Edwards, A.: Policy management using access control spaces. CM Transactions On Information and System Security (TISSEC) 6(3), 327–364 (2003)
Kuliniewicz, P.: SENG:An Enhanced Policy Language for SELinux. In: SELinux Symposium (2006)
Jaeger, T., Sailer, R., Zhang, X.: Analyzing Integrity Protection in the SELinux Example Policy. In: Proceedings of the 12th USENIX Security Symposium, SSYM (2003)
Zanin, G., Mancini, L.V.: Towards a Formal Model for Security Policies Specification and Validation in the SELinux System. In: Proceedings of the Ninth ACM Symposium on Access Control Models and Technologies (SACMAT) (2004)
Guttman Joshua, D., Herzog Amy, L., Ramsdell John, D.: SLAT:Information flow in security enhanced Linux (2005), http://www.nsa.gov/SELinux
Yang, Z.: A Information-Flow-Based Verification Solution with Security Sensitivity to Check Security Policy of SELinux. Chinese Journal of Computers 32(4), 709–720 (2008)
Wu, Y., Zhao, C.: Research on Role-Permission Assignment in SELinux. Journal of Computer Research and Development, Z2 (2006)
Zhao, Q., Sun, Y., Zhang, X.: Research and Implementation of Role-Based Domain and Type Enforcement Access Control Model. Acta Electronica Sinica 31(6), 842–846 (2003)
He, J., Guo, X., Qin, S.: An Approach to Enforcing Clark-Wilson Model Based on type Enforcement. Acta Electronica Sinica 36(2), 216–223 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ding, Y., Fu, H., Wei, L., He, L., Daib, H., Wu, Q. (2013). A Lightweight Type Enforcement Access Control Approach with Role Based Authorization. In: Yuan, Y., Wu, X., Lu, Y. (eds) Trustworthy Computing and Services. ISCTCS 2012. Communications in Computer and Information Science, vol 320. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35795-4_65
Download citation
DOI: https://doi.org/10.1007/978-3-642-35795-4_65
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35794-7
Online ISBN: 978-3-642-35795-4
eBook Packages: Computer ScienceComputer Science (R0)