Quantitatively Measure Access Control Mechanisms across Different Operating Systems
@article{Cheng2013QuantitativelyMA,
title={Quantitatively Measure Access Control Mechanisms across Different Operating Systems},
author={Liang Cheng and Yang Zhang and Zhihui Han},
journal={2013 IEEE 7th International Conference on Software Security and Reliability},
year={2013},
pages={50-59}
}Access control mechanisms (ACM) play a critical role in protecting operating systems from malicious attacks. A variety of ACMs have been proposed till date, including discretionary access control (DAC) and mandatory access control (MAC). However, it is often challenging to evaluate and compare the quality of protection (QoP) of ACMs, especially when they are deployed on different platforms. In this paper, we propose an approach to quantitatively measure and compare the quality of ACMs. We… Expand
3 Citations
Information Security Practice and Experience
- Computer Science
- Lecture Notes in Computer Science
- 2015
An automated and systematic approach to address how to correct the misconfigurations based on capability dependency graph generating and MaxSAT solving and presents a notation called normal capability loss to aid an administrator to select an optimal hardening solution leading to minimum system usability loss. Expand
Operating System Security Policy Hardening via Capability Dependency Graphs
- Computer Science
- ISPEC
- 2015
An automated and systematic approach to address how to correct the misconfigurations based on capability dependency graph generating and MaxSAT solving and presents a notation called normal capability loss to aid an administrator to select an optimal hardening solution leading to minimum system usability loss. Expand
Analyzing Security Threats to Virtual Machines Monitor in Cloud Computing Environment
- Computer Science
- 2017
This work describes security techniques for securing a VCCI, VMMs such as Encryption and Key Management (EKM), Access Control Mechanisms (ACMs), Virtual Trusted Platform Module (vTPM), Virtual Firewall (VF), and Trusted Virtual Domains (TVDs). Expand
References
SHOWING 1-10 OF 25 REFERENCES
Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems
- Computer Science
- NDSS
- 2009
The notion of vulnerability surfaces under attack scenarios as the measurement of protection quality is introduced, and a tool called VulSAN is implemented for computing such vulnerability surfaces. Expand
Towards analyzing complex operating system access control configurations
- Computer Science
- SACMAT '10
- 2010
A tool, WACCA, is proposed, to systematically analyze the Windows configurations and has a unique feature in that it models software vulnerabilities and therefore can find attacks that rely on exploiting these vulnerabilities. Expand
Windows Access Control Demystified ∗
- 2006
In the Secure Internet Programming laboratory at Princeton University, we have been investigating network security management by using logic programming. We developed a rule based framework —… Expand
Analyzing Integrity Protection in the SELinux Example Policy
- Computer Science
- USENIX Security Symposium
- 2003
The aim is to provide an access control model to express site security goals and resolve them against the SELinux policy, and to define a minimal trusted computing base (TCB) that satisfies Clark-Wilson integrity. Expand
NETRA:: seeing through access control
- Computer Science
- FMSE '06
- 2006
An augmented relational calculus is devised that naturally models both access control mechanisms and information-flow policies uniformly, and produces all access tuples in a given configuration that violate properties of interest. Expand
DDoS Detection and Traceback with Decision Tree and Grey Relational Analysis
- Computer Science
- 2009 Third International Conference on Multimedia and Ubiquitous Engineering
- 2009
A system to detect DDoS attacks based on a decision-tree technique and, after detecting an attack, to trace back to the approximate locations of the attacker with a traffic-flow pattern-matching technique is designed. Expand
EON: modeling and analyzing dynamic access control systems with logic programs
- Computer Science
- CCS
- 2008
EON, a logic-programming language and tool that can be used to model and analyze dynamic access control systems, is presented and it is shown that query evaluation in EON can be reduced to decidable query satisfiability in a fragment of Datalog. Expand
Verifying information flow goals in Security-Enhanced Linux
- Computer Science
- J. Comput. Secur.
- 2005
A formalization of the access control mechanism of the SELinux security server, together with a labeled transition system representing an Selinux configuration, provides the framework for determining information flow security goals achieved by systems running a secure O/S, specifically systems running Security-Enhanced Linux. Expand
Policy management using access control spaces
- Computer Science
- TSEC
- 2003
A prototype system, called Gokyo, that computes access control spaces and identifies the unknown subspace to assist system administrators in developing more complete policy specifications and enables system administrators to resolve conflicts in a variety of ways in order to preserve the simplicity of constraint specification. Expand
A logical specification and analysis for SELinux MLS policy
- Computer Science
- SACMAT '07
- 2007
This work has modeled the SELinux MLS policy using a logical specification and implemented that specification in the Prolog language and developed some analyses for testing the properties of a given policy as well an algorithm to determine whether one policy is compliant with another. Expand