Quantitatively Measure Access Control Mechanisms across Different Operating Systems
@article{Cheng2013QuantitativelyMA, title={Quantitatively Measure Access Control Mechanisms across Different Operating Systems}, author={Liang Cheng and Yang Zhang and Zhihui Han}, journal={2013 IEEE 7th International Conference on Software Security and Reliability}, year={2013}, pages={50-59} }
Access control mechanisms (ACM) play a critical role in protecting operating systems from malicious attacks. A variety of ACMs have been proposed till date, including discretionary access control (DAC) and mandatory access control (MAC). However, it is often challenging to evaluate and compare the quality of protection (QoP) of ACMs, especially when they are deployed on different platforms. In this paper, we propose an approach to quantitatively measure and compare the quality of ACMs. We…
3 Citations
Information Security Practice and Experience
- Computer ScienceLecture Notes in Computer Science
- 2015
An automated and systematic approach to address how to correct the misconfigurations based on capability dependency graph generating and MaxSAT solving and presents a notation called normal capability loss to aid an administrator to select an optimal hardening solution leading to minimum system usability loss.
Operating System Security Policy Hardening via Capability Dependency Graphs
- Computer ScienceISPEC
- 2015
An automated and systematic approach to address how to correct the misconfigurations based on capability dependency graph generating and MaxSAT solving and presents a notation called normal capability loss to aid an administrator to select an optimal hardening solution leading to minimum system usability loss.
Analyzing Security Threats to Virtual Machines Monitor in Cloud Computing Environment
- Computer Science
- 2017
This work describes security techniques for securing a VCCI, VMMs such as Encryption and Key Management (EKM), Access Control Mechanisms (ACMs), Virtual Trusted Platform Module (vTPM), Virtual Firewall (VF), and Trusted Virtual Domains (TVDs).
References
SHOWING 1-10 OF 24 REFERENCES
Analyzing and Comparing the Protection Quality of Security Enhanced Operating Systems
- Computer ScienceNDSS
- 2009
The notion of vulnerability surfaces under attack scenarios as the measurement of protection quality is introduced, and a tool called VulSAN is implemented for computing such vulnerability surfaces.
Towards analyzing complex operating system access control configurations
- Computer ScienceSACMAT '10
- 2010
A tool, WACCA, is proposed, to systematically analyze the Windows configurations and has a unique feature in that it models software vulnerabilities and therefore can find attacks that rely on exploiting these vulnerabilities.
Windows Access Control Demystified ∗
- Computer Science
- 2006
A rule based framework to perform end-to-end, automatic analysis of multi-host, multi-stage attacks on a large network where hosts run different operating systems, and proposes tools such as the authors' as a vehicle for software developers and system administrators to model and debug the complex interactions of access control on installations under Windows.
Analyzing Integrity Protection in the SELinux Example Policy
- Computer ScienceUSENIX Security Symposium
- 2003
The aim is to provide an access control model to express site security goals and resolve them against the SELinux policy, and to define a minimal trusted computing base (TCB) that satisfies Clark-Wilson integrity.
DDoS Detection and Traceback with Decision Tree and Grey Relational Analysis
- Computer Science2009 Third International Conference on Multimedia and Ubiquitous Engineering
- 2009
A system to detect DDoS attacks based on a decision-tree technique and, after detecting an attack, to trace back to the approximate locations of the attacker with a traffic-flow pattern-matching technique is designed.
EON: modeling and analyzing dynamic access control systems with logic programs
- Computer ScienceCCS
- 2008
EON, a logic-programming language and tool that can be used to model and analyze dynamic access control systems, is presented and it is shown that query evaluation in EON can be reduced to decidable query satisfiability in a fragment of Datalog.
Verifying information flow goals in Security-Enhanced Linux
- Computer ScienceJ. Comput. Secur.
- 2005
A formalization of the access control mechanism of the SELinux security server, together with a labeled transition system representing an Selinux configuration, provides the framework for determining information flow security goals achieved by systems running a secure O/S, specifically systems running Security-Enhanced Linux.
A logical specification and analysis for SELinux MLS policy
- Computer ScienceSACMAT '07
- 2007
This work has modeled the SELinux MLS policy using a logical specification and implemented that specification in the Prolog language and developed some analyses for testing the properties of a given policy as well an algorithm to determine whether one policy is compliant with another.
Towards a formal model for security policies specification and validation in the selinux system
- Computer ScienceSACMAT '04
- 2004
This paper presents a formal model, called SELAC, for analyzing an arbitrary security policy configuration for the SELinux system and defines semantics for the constructs of the Selinux configuration language and model the relationships occurring among sets of configuration rules.
A Black-Box Tracing Technique to Identify Causes of Least-Privilege Incompatibilities
- Computer ScienceNDSS
- 2005
Most Windows users run all the time with Admin privileges. This significantly increases the vulnerability of Windows systems because the compromise of any user-level application becomes a system…