Loading…
Combining Discretionary Policy with Mandatory Information Flow in Operating Systems
Discretionary Access Control (DAC) is the primary access control mechanism in today’s major operating systems. It is, however, vulnerable to Trojan Horse attacks and attacks exploiting buggy software. We propose to combine the discretionary policy in DAC with the dynamic information flow techniques...
Saved in:
Published in: | ACM transactions on information and system security 2011-11, Vol.14 (3), p.1-27 |
---|---|
Main Authors: | , , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites Items that cite this one |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Discretionary Access Control (DAC) is the primary access control mechanism in today’s major operating systems. It is, however, vulnerable to Trojan Horse attacks and attacks exploiting buggy software. We propose to combine the discretionary policy in DAC with the dynamic information flow techniques in MAC, therefore achieving the best of both worlds, that is, the DAC’s easy-to-use discretionary policy specification and MAC’s defense against threats caused by Trojan Horses and buggy programs. We propose the Information Flow Enhanced Discretionary Access Control (IFEDAC) model that implements this design philosophy. We describe our design of IFEDAC, and discuss its relationship with the Usable Mandatory Integrity Protection (UMIP) model proposed earlier by us. In addition, we analyze their security property and their relationships with other protection systems. We also describe our implementations of IFEDAC in Linux and the evaluation results and deployment experiences of the systems. |
---|---|
ISSN: | 1094-9224 1557-7406 |
DOI: | 10.1145/2043621.2043624 |