Quantitatively Measure Access Control Mechanisms across Different Operating Systems

@article{Cheng2013QuantitativelyMA,
  title={Quantitatively Measure Access Control Mechanisms across Different Operating Systems},
  author={Liang Cheng and Yang Zhang and Zhihui Han},
  journal={2013 IEEE 7th International Conference on Software Security and Reliability},
  year={2013},
  pages={50-59}
}
  • L. Cheng, Y. Zhang, Zhihui Han
  • Published 2013
  • Computer Science
  • 2013 IEEE 7th International Conference on Software Security and Reliability
Access control mechanisms (ACM) play a critical role in protecting operating systems from malicious attacks. A variety of ACMs have been proposed till date, including discretionary access control (DAC) and mandatory access control (MAC). However, it is often challenging to evaluate and compare the quality of protection (QoP) of ACMs, especially when they are deployed on different platforms. In this paper, we propose an approach to quantitatively measure and compare the quality of ACMs. We… Expand
Information Security Practice and Experience
TLDR
An automated and systematic approach to address how to correct the misconfigurations based on capability dependency graph generating and MaxSAT solving and presents a notation called normal capability loss to aid an administrator to select an optimal hardening solution leading to minimum system usability loss. Expand
Operating System Security Policy Hardening via Capability Dependency Graphs
TLDR
An automated and systematic approach to address how to correct the misconfigurations based on capability dependency graph generating and MaxSAT solving and presents a notation called normal capability loss to aid an administrator to select an optimal hardening solution leading to minimum system usability loss. Expand
Analyzing Security Threats to Virtual Machines Monitor in Cloud Computing Environment
TLDR
This work describes security techniques for securing a VCCI, VMMs such as Encryption and Key Management (EKM), Access Control Mechanisms (ACMs), Virtual Trusted Platform Module (vTPM), Virtual Firewall (VF), and Trusted Virtual Domains (TVDs). Expand

References

SHOWING 1-10 OF 25 REFERENCES
Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems
TLDR
The notion of vulnerability surfaces under attack scenarios as the measurement of protection quality is introduced, and a tool called VulSAN is implemented for computing such vulnerability surfaces. Expand
Towards analyzing complex operating system access control configurations
TLDR
A tool, WACCA, is proposed, to systematically analyze the Windows configurations and has a unique feature in that it models software vulnerabilities and therefore can find attacks that rely on exploiting these vulnerabilities. Expand
Windows Access Control Demystified ∗
In the Secure Internet Programming laboratory at Princeton University, we have been investigating network security management by using logic programming. We developed a rule based framework —Expand
Analyzing Integrity Protection in the SELinux Example Policy
TLDR
The aim is to provide an access control model to express site security goals and resolve them against the SELinux policy, and to define a minimal trusted computing base (TCB) that satisfies Clark-Wilson integrity. Expand
NETRA:: seeing through access control
TLDR
An augmented relational calculus is devised that naturally models both access control mechanisms and information-flow policies uniformly, and produces all access tuples in a given configuration that violate properties of interest. Expand
DDoS Detection and Traceback with Decision Tree and Grey Relational Analysis
TLDR
A system to detect DDoS attacks based on a decision-tree technique and, after detecting an attack, to trace back to the approximate locations of the attacker with a traffic-flow pattern-matching technique is designed. Expand
EON: modeling and analyzing dynamic access control systems with logic programs
TLDR
EON, a logic-programming language and tool that can be used to model and analyze dynamic access control systems, is presented and it is shown that query evaluation in EON can be reduced to decidable query satisfiability in a fragment of Datalog. Expand
Verifying information flow goals in Security-Enhanced Linux
TLDR
A formalization of the access control mechanism of the SELinux security server, together with a labeled transition system representing an Selinux configuration, provides the framework for determining information flow security goals achieved by systems running a secure O/S, specifically systems running Security-Enhanced Linux. Expand
Policy management using access control spaces
TLDR
A prototype system, called Gokyo, that computes access control spaces and identifies the unknown subspace to assist system administrators in developing more complete policy specifications and enables system administrators to resolve conflicts in a variety of ways in order to preserve the simplicity of constraint specification. Expand
A logical specification and analysis for SELinux MLS policy
TLDR
This work has modeled the SELinux MLS policy using a logical specification and implemented that specification in the Prolog language and developed some analyses for testing the properties of a given policy as well an algorithm to determine whether one policy is compliant with another. Expand
...
1
2
3
...