Skip to main content
Springer Nature Link
Log in

A formal model for integrity protection based on DTE technique

  • Published:
Science in China Series F: Information Sciences Aims and scope Submit manuscript

Abstract

In order to provide integrity protection for the secure operating system to satisfy the structured protection class’ requirements, a DTE technique based integrity protection formalization model is proposed after the implications and structures of the integrity policy have been analyzed in detail. This model consists of some basic rules for configuring DTE and a state transition model, which are used to instruct how the domains and types are set, and how security invariants obtained from initial configuration are maintained in the process of system transition respectively. In this model, ten invariants are introduced, especially, some new invariants dealing with information flow are proposed, and their relations with corresponding invariants described in literatures are also discussed. The thirteen transition rules with well-formed atomicity are presented in a well-operational manner. The basic security theorems correspond to these invariants and transition rules are proved. The rationalities for proposing the invariants are further annotated via analyzing the differences between this model and ones described in literatures. At last but not least, future works are prospected, especially, it is pointed out that it is possible to use this model to analyze SE-Linux security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Jueneman R R. Integrity controls for military and commercial applications. In: Fourth Aerospace Computer Security Applications Conference. Florida: IEEE Computer Society Press, 1988. 298–322

    Chapter  Google Scholar 

  2. Ruthberg Z G, Polk W T. Report of the Invitational Workshop on Data Integrity, National Institute of Standards and Technology. NIST Special Publication, September, 1989. 500–168

  3. Mayfield T, Boore J M, Welke S R. Integrity-oriented control objectives: Proposed revision to the trusted computer systems evaluation criteria (TCSEC, DoD5200.28.STD), IDA document D-967, prepared for National Security Agency (US, available at http://www.mirrors.wiretapped.net/security/inf/reference/ncse-publications/C-TR-111-91.pdf

  4. Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional requirements, ISO/IEC 15408-2, 1999, International Standards Organization

  5. Abrams M D, Joyce M V. Trusted system concepts. Computers and Security, 1995, 14(1): 45–56

    Article  Google Scholar 

  6. Bell D E. Multipolicy machine Model. In: Proceedings of the 1994 ACM SIGSAC on New Security Paradigms Workshop. Little Compton, RI USA, August 1994, 2–9

  7. Mayfield T, Roskos J E, Welke S R, et al. Integrity in automated information systems, NCSC Technical Report, National Computer Security Center, 1991, 91

  8. Sandhu R S. On five definitions of data integrity. In: Keefe T F, Landwehr C E, eds. Database Security, VII: Status and Prospects. Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Guntersville, Alabama, 1993. 257–267

    Google Scholar 

  9. LaPadula L J. Rule-set modeling of a trusted computer system. In: Abrams M D, Jajodia S, Podell H J, eds. Information Security: An Integrated Collection of Essays. Los Alamitos: IEEE Computer Society Press, 1995. 187–226

    Google Scholar 

  10. Kargar P A, Austel V, Toll D. A new mandatory security policy combining secrecy and integrity. IBM research report RC21717, 2000

  11. Fraser T. LOMAC: Low Water-Mark Integrity Protection for COTS Environments. NAI Labs report 0775, 2000

  12. Ott A. The Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension. In: 8th International Linux Kongress, Enschede, November 2001. Available at http://www.rsbac.org/doc/media/linux-kongress/linux-kongress.html.

  13. Smith R E. Sidewinder: Defense in Depth using Type Enforcement. Secure Computing Corporation Report, 2000

  14. Badger L, Sterne D F, Sherman D L, et al. Practical domain and type enforcement for UNIX. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA: IEEE Computer Society Press, 1995. 66–77

    Google Scholar 

  15. Walker K M, Sterne D F, Badger M L, et al. Confining root programs with domain and type enforcement (DTE). In: Proceedings of 1996 Usenix Security Symposium, San Jose, CA, 1996. Available at http://www.usenix.org/publications/library/proceedings/sec96/walker.html.

  16. Tidswell J E, Potter J M. An approach to dynamic domain and type enforcement, Lecture Notes in Computer Science, Volume 1270. In: Proceedings of the 2nd Australasian Conference on Information Security and Privacy, July 1997, 26–37

  17. Boebert W E, Kain R Y, Young W D. Secure computing: The secure Ada target approach, Advance in Computer System Security. Volume 3. Turn R, ed. Boston/London: Artech House, INC, 1988

    Google Scholar 

  18. Cohen F. Computer viruses: theory and experiments, Advance in Computer System Security, Volume 3, Turn R, ed. Boston/London: Artech House, INC, 1988

    Google Scholar 

  19. Lee T M P. Using mandatory integrity to enforce ‘commercial’ security. In: Proceedings of IEEE Symposium on Security and Privacy, 1988, 140–146

  20. Thomsen D J. Role-based application design and enforcement. In: Jajodia S, Landwehr C E, eds. Database Security, IV: Status and Prospects, North-Holland, 1991. 151–168

    Google Scholar 

  21. Nyanchama M. Commercial integrity, roles and object orientation. Ph.D dissertation. The University of Western Ontario, London, Ontario, 1994

    Google Scholar 

  22. Lipner S. Non-discretionary control for commercial applications. In: Proceedings of IEEE 1982 Symposium on Research in Security and Privacy, April 1982, 2–10

  23. Fraser T, Badger L. Ensuring continuity during dynamic security policy reconfiguration in DTE. In: Proceedings of 1998 IEEE Symposium on Research in Security and Privacy, Oakland, CA: IEEE Computer Society Press, 1998. 15–26

    Google Scholar 

  24. Haigh J T, Young W D. Extending the noninterference version of MLS for SAT. In: Proceedings of 1986 IEEE Symposium on Research in Security and Privacy, Oakland, CA: IEEE Computer Society Press, 1986, 232–239

    Google Scholar 

  25. Ji Q G, Tang L Y, Sheng Q N, ERCIST OS V4.0 security policy formal model and its applications (in Chinese), Engineering Research Center for Information Security Technology, the technical documentation of the “structured protection class” secure operating system, Mar. 2003

  26. Jaeger T, Tidswell J E. Practical safety in flexible access control models. ACM Transactions on Information and System Security, 2001, 4(2): 158–190

    Article  Google Scholar 

  27. Hoffman J. Implementing RBAC on a type enforced system Proc. 13th Annual Computer Security Applications Conference, December 1997, 158–163

Download references

Author information

Authors and Affiliations

  1. Engineering Research Center for Information Security Technology, Institute of Software, Chinese Academy of Sciences, Beijing, 100080, China

    Ji Qingguang & Qing Sihan

  2. Infrastructure Software Engineering Center, Institute of Software, Chinese Academy of Sciences, Beijing, 100080, China

    He Yeping

Authors
  1. Ji Qingguang
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Qing Sihan
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. He Yeping
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Ji Qingguang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ji, Q., Qing, S. & He, Y. A formal model for integrity protection based on DTE technique. SCI CHINA SER F 49, 545–565 (2006). https://doi.org/10.1007/s11432-006-2014-6

Download citation

  • Received:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11432-006-2014-6

Keywords