Skip to main content

Advertisement

Log in

A component-based policy-neutral architecture for kernel-level access control

  • Published:
annals of telecommunications - annales des télécommunications Aims and scope Submit manuscript

Abstract

Protection should fundamentally be flexible for devices roaming in Beyond 3G networks. In this federation of heterogeneous access networks, each sub-network comes with its own security requirements, policies, and protocols. Foundational element of device security, the embedded OS itself, should become adaptable to make it possible to tune its protection mechanisms to the current security context, notably to support multiple authorization policies. We show how flexibility can be applied to the kernel authorization architecture by adopting a component-based OS design, the component serving as single abstraction for reconfiguration and security. We present a policy-neutral access control architecture called CRACKER (Component-based Reconfigurable Access Control for KERnels) for component-based operating systems. CRACKER supports a wide range of authorization policies, and permits policy reconfiguration, in the same or in different security models. Specified in the Fractal component model, and implemented in the Think OS, CRACKER illustrates how flexible kernel authorization can be realized while maintaining acceptable system performance.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25

Similar content being viewed by others

References

  1. Abrams M, Eggers K, La Padula L, Olson I (1990) A generalized framework for access control: an informal description. Proceedings of the National Computer Security Conference

  2. Badger L, Sterne D, Sherman D, Walker K, Haghinghat S (1995) Practical domain and type enforcement for UNIX. Proceedings of the IEEE Symposium on Security and Privacy, pp 66–77

  3. Bell D, La Padula L (1975) Secure computer system: unified exposition and Multics interpretation. Technical report no MTR-2997. MITRE Corporation, Bedford, MA

    Google Scholar 

  4. Bernaschi M, Gabrielli E, Mancini L (2002) REMUS: a security-enhanced operating system. ACM Trans Inf Syst Secur 5(1):36–61

    Article  Google Scholar 

  5. Bershad B, Savage S, Pardyak P, Sirer E, Fiuczinski M, Becker D, Eggers S, Chambers C (1995) Extensibility, safety and performance in the SPIN operating system. Proceedings of the ACM Symposium on Operating System Principles (SOSP), pp 267–283

  6. Bertino E, Catania B, Ferrari E, Perlasca P (2003) A logical framework for reasoning about access control models. ACM Trans Inf Syst Secur 6(1):71–127

    Article  Google Scholar 

  7. Biba K (1977) Integrity considerations for secure computer systems. Technical Report no. MTR-3153. MITRE Corporation, Bedford, MA

    Google Scholar 

  8. Boebert W, Kain R (1985) A practical alternative to hierarchical integrity policies. Proceedings of the National Computer Security Conference, pp 18–27

  9. Brewer D, Nash M (1989) The Chinese wall security policy. Proceedings of the IEEE Symposium on Security and Privacy, pp 206–214

  10. Bruneton E, Coupaye T, Leclerc M, Quema V, Stefani J-B (2006) The Fractal component model and its support in Java. Software—practice and experience (SP&E). Special issue on Experiences with Auto-adaptive and Reconfigurable Systems 36(11–12):1257–1284

  11. Chess D, Palmer C, White S (2003) Security in an autonomic computing environment. IBM Syst J 42(1):107–118

    Google Scholar 

  12. Claudel B, De Palma N, Lachaize R, Hagimont D (2006) Self-protection for distributed component-based applications. International Symposium on Stabilization, Safety, and Security of Distributed Systems, formerly Symposium on Self-stabilizing Systems (SSS), pp 184–198

  13. Damiani M, Bertino E, Catania B, Perlasca P (2007) GEO-RBAC: a spatially-aware RBAC. ACM Trans Inf Syst Secur 10(1):3–42

    Article  Google Scholar 

  14. David PC, Ledoux T (2005) WildCAT: a generic framework for context-aware applications. Proceedings of the International Workshop on Middleware for Pervasive and Ad-Hoc Computing (MPAC)

  15. De Capitani Di Vimercati S, Samarati P, Jajodia S (2005) Policies, models, and languages for access control. Proceedings of the International Workshop on Databases in Networked Information Systems (DNIS), pp. 225–237

  16. Dennis JB, Van Horn E (1966) Programming semantics for multi-programmed computations. Commun ACM 9(3):143–154

    Article  MATH  Google Scholar 

  17. Edwards A, Jaeger T, Zhang X (2002) Runtime verification of authorization hook placement for the Linux security modules framework. Proceedings of the ACM Conference on Computer and Communications Security (CCS) pp 225–234

  18. Engler D, Kaashoek M, O’Toole J (1995) Exokernel: an operating system architecture for application-level resource management. Proceedings of the ACM Symposium on Operating System Principles (SOSP) pp 251–266

  19. Fassino J-P, Jarboui T, Lacoste M (2008) An access control system and method, a component-based kernel including it, and its use. US Patent Application no. 11,792,900

  20. Fassino J-P, Stefani J-B, Lawall J, Muller G (2002) Think: a software framework for component-based operating system kernels. Proceedings of the USENIX Annual Technical Conference, pp 73–86

  21. Ferraiolo D, Sandhu R, Gavrila S, Kuhn D, Chandramouli R (2001) Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur 4(3):224–274

    Article  Google Scholar 

  22. Ganek A, Corbi T (2003) The dawning of the autonomic computing era. IBM Syst J 42(1):5–18

    Article  Google Scholar 

  23. Georganopoulos N, Farnham T, Burgess R, Scholer T, Sessler J, Warr P, Golubicic Z, Platbrood F, Souville B, Buljore S (2004) Terminal-centric view of software reconfigurable system architecture and enabling components and technologies. IEEE Commun Mag 42(5):100–110

    Article  Google Scholar 

  24. Gligor V, Gavrila S, Ferraiolo D (1998) On the formal definition of separation-of-duty policies and their composition. Proceedings of the IEEE Symposium on Security and Privacy, pp 172–183

  25. Grimm R, Bershad B (2001) Separating access control policy enforcement and functionality in extensible systems. ACM Trans Comput Syst 19(1):36–70

    Article  Google Scholar 

  26. Halfhill T (2003) ARM Dons Armor: TrustZone security extensions strengthen ARMv6 Architecture. Microprocessor Report, August 25th

  27. Hardy N (1985) The KeyKOS architecture. Oper Syst Rev 19(4):8–25

    Article  MathSciNet  Google Scholar 

  28. Hewlett-Packard. Jena: a semantic web framework for Java. http://jena.sourceforge.net/

  29. Jaeger T, Liedtke J, Islam N (1998) Operating system protection for fine-grained programs. Proceedings of the USENIX Security Symposium, pp 143–157

  30. Jajodia S, Samarati P, Subrahmanian V (1997) A logical language for expressing authorizations. Proceedings of the IEEE Symposium on Security and Privacy, pp 31–42

  31. Jajodia S, Samarati P, Sapino M, Subrahmanian V (2001) Flexible support for multiple access control policies. ACM Trans Database Syst 26(2):214–260

    Article  MATH  Google Scholar 

  32. Jarboui T, Lacoste M, Wadier P (2006) A component-based policy-neutral authorization architecture. Actes de la 5ème Conférence Française sur les Systèmes d’Exploitation (CFSE)

  33. Kim A, Luo J, Kang M (2005) Security ontology for annotating resources. Proceedings of the International Conference on Ontologies, Databases, and Application of Semantics (ODBASE)

  34. Kon F, Campbell R, Mickunas M, Nahrstedt K, Ballesteros F (2000) 2K: A distributed operating system for dynamic heterogeneous environments. IEEE International Symposium on High Performance Distributed Computing (HPDC), pp 201–210

  35. Krieger O, Auslander M, Rosenburg B, Wisniewski R, Xenidis J, Da Silva D, Ostrowski M, Appavoo J, Butrico M, Mergen M, Waterland A, Uhlig V (2006) K42: building a complete operating system. Proceedings of the EUROSYS 2006 Conference, Operating Systems Review 40(4):133–146

  36. Krohn M, Efstathopoulos P, Frey C, Kaashoek F, Kohler E, Mazieres D, Morris R, Osborne M, Vandebogart S, Ziegler D (2005) Make least privilege a right (not a privilege). Proceedings of the Hot Topics in Operating Systems Symposium (HotOS)

  37. Kuz T, Liu Y, Gorton I, Heiser G (2007) CAmkES: a component model for secure microkernel-based embedded systems. J Syst Softw 80(5):687–699

    Article  Google Scholar 

  38. Lacoste M, Privat G, Ramparany F (2007) Evaluating confidence in context for context-aware security. Proceedings of the European Conference on Ambient Intelligence (AmI)

  39. Levy H (1984) Capability-based computer systems. Digital Press, Bedford, MA

  40. Liedtke J (1995) On micro-kernel construction. Proceedings of the ACM Symposium on Operating System Principles (SOSP)

  41. Lin Z, Wang C, Mao B, Xie L (2005) A policy flexible architecture for secure operating systems. Oper Syst Rev 39(3):24–33

    Article  Google Scholar 

  42. Loscocco P, Smalley S (2001) Integrating flexible support for security policies into the Linux operating system. Proceedings of the USENIX Annual Technical Conference, pp 29–42

  43. Loscocco P, Smalley S, Muckelbauer P, Taylor R, Turner S, Farrell J (1998) The inevitability of failure: the flawed assumption of security in modern computing environments. Proceedings of the National Information Systems Security Conference, pp 303–314

  44. Minear S (1995) Providing policy control over object operations in a Mach-based system. Proceedings of the USENIX Security Symposium, pp 141–156

  45. MOTOROLA LABS. IST E2R II Project, http://e2r2.motlabs.com/

  46. Ott A (2001) The rule set based access control (RSBAC) Linux kernel security extension. Proceedings of the International Linux Kongress

  47. Park J, Sandhu R (2004) The UCON ABC usage control model. ACM Trans Inf Syst Secur 7(1):128–174

    Article  Google Scholar 

  48. Polakovic J, Mazare S, Stefani J-B, David PC (2007) Experience with implementing safe reconfigurations in component-based embedded systems. Proceedings of the International ACM Symposium on Component-Based Software Engineering (CBSE), pp 240–255

  49. Polakovic J, Ozcan AE, Stefani J-B (2006) Building reconfigurable component-based OS with Think. Proceedings of the EUROMICRO Conference on Software Engineering and Advanced Applications, pp 178–185

  50. Rippert C, Stefani J-B (2002) Think: a secure distributed systems architecture. Proceedings of the ACM SIGOPS European Workshop

  51. Rozier M, Abrossimov V, Armand F, Boule I, Gien M, Guillemont M, Hermann F, Kaiser C, Langlois S, Leonard P, Neuhauser W (1988) Chorus distributed operating system. Comput Syst 1(4):305–370

    Google Scholar 

  52. Saltzer J, Schroeder M (1975) The protection of information in computer systems. Proceedings of the IEEE 63(9):1278–1308

  53. Saxena A, Lacoste M, Jarboui T, Lucking U, Steinke B (2007) A software framework for autonomic security in pervasive environments. Proceedings of the International Conference on Information Systems Security (ICISS)

  54. Schroeder M, Saltzer J (1971) A hardware architecture for implementing protection rings. Proceedings of the ACM Symposium on Operating System Principles (SOSP)

  55. Seltzer M, Endo Y, Small C, Smith K (1996) Dealing with disaster: surviving misbehaved kernel extensions. Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp 213–228

  56. Shapiro J, Hardy N (2002) EROS: a principle-driven operating system from the ground up. IEEE Softw 19(1):26–33

    Article  Google Scholar 

  57. Shapiro J, Smith J, Farber D (1999) EROS: a fast capability system. Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), pp 170–185

  58. Shapiro J, Weber S (2000) Verifying the EROS confinement mechanism. Proceedings of the IEEE Symposium on Security and Privacy, pp 166–176

  59. Spencer R, Smalley S, Loscocco P, Hibler M, Andersen D, Lepreau J (1999) The Flask security architecture: system support for diverse security policies. Proceedings of the USENIX Security Symposium

  60. Suh S (2007) Secure architecture and implementation of Xen on ARM for mobile devices. Xen Summit, April

  61. Szyperski C (2002) Component software systems. Addison-Wesley, New York

    Google Scholar 

  62. Tanenbaum A, Mullender S, Van Renesse R (1986) Using sparse capabilities in a distributed operating system. Proceedings of the International Symposium on Distributed Computing Systems (ICDCS), pp 558–563

  63. Trinpunitara M, Li N (2004) Comparing the expressive power of access control models. Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp 62–71

  64. Vandebogart S, Efstathopoulos P, Kohler E, Krohn M, Frey C, Ziegler D, Kaashoek F, Morris R, Mazieres D (2007) Labels and event processes in the Asbestos operating system. ACM Trans Comput Syst 25(4):11.1–11.43

    Article  Google Scholar 

  65. Wallach D, Balfanz D, Dean S, Felten E (1997) Extensible security architectures for Java. Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), pp 116–128

  66. Watson R, Morrison W, Vance C, Feldman B (2003) The Trusted BSD MAC framework: extensible kernel access control for FreeBSD 5.0. Proceedings of the USENIX Annual Technical Conference, pp 285–296

  67. Wright C, Cowan R, Smalley S, Morris J, Kroah-Hartman G (2002) Linux security modules: general security support for the Linux kernel. Proceedings of the USENIX Security Symposium

  68. Zanin G, Mancini L (2004) Towards a formal model for security policies specification and validation in the SELinux System. Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp 136–145

  69. Zeldovich N, Boyd-Wickizer S, Kohler E, Mazieres D (2006) Making information flow explicit in HiStar. Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI)

  70. Zeldovich N, Boyd-Wickizer S, Mazieres D (2008) Securing distributed systems with information flow control. Proceedings of the Symposium on Networked Systems Design and Implementation (NSDI)

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Marc Lacoste.

Additional information

This work was performed in project E2R II which has received research funding from the Community’s Sixth Framework program. This paper reflects only the authors’ views and the Community is not liable for any use that may be made of the information contained therein. The contributions of colleagues from the E2R II consortium are hereby acknowledged.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lacoste, M., Jarboui, T. & He, R. A component-based policy-neutral architecture for kernel-level access control. Ann. Telecommun. 64, 121–146 (2009). https://doi.org/10.1007/s12243-008-0071-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-008-0071-0

Keywords

Navigation