微信服务号

微信订阅号

2025-4-3- 21
Home > Archive>Volume 20, Issue 7, 2009 >1953-1966
PDF HTML XML Export Cite reminder
Groupability in Security Policy Models
Author:
Affiliation:

  • Article
    • | |
  • Metrics
    • |
  • Reference [35]
    • |
  • Related
    • |
  • Cited by
    • | |
  • Comments
    Abstract:

    Dynamic policy supporting and authorization granularity are two key issues in access control. Present researches only compared the expressiveness of policies, but never considered the policy’s structure and the granularity of authorization, which makes it difficult to support the dynamic policy and satisfy the least privilege requirement. As this paper points out that Lampson’s access matrix is the most fine-grained access control model,the other security policies need to group access matrix according to their different application requirements. By defining a descriptive framework of Groupability Basing on Security Labels (GroSeLa), generic security policies can be mapped into Lampson’s access matrix. GroSeLa framework consists of a set of fundamental components and an extension. The fundamental components give all policy’s structure for grouping matrix, and the extension reveals all necessary administrative requirements for supporting dynamic policy completely. Based on GroSeLa, this paper proposes five grouping dimensions for evaluating security policies, including grouping factors, dynamic factors, policy scale, authorization granularity and separation of duty supporting. The paper also compares four classicsecurity policies, namely ACL (access control list), BLP (Bell LaPadula), DTE (domain and type enforcement) andRBAC (role-based access control). To the best of these knowledge, it is studied that the difference onexpressiveness, usability and authorization granularity of different security policies are from the aspect of grouping access matrix.

    Reference
    [1] Saltzer J H, Schroeder M D. The protection of information in computer systems. Proc. of the IEEE, 1975,63(9):1278?1308.
    [2] Schneider F B. Least privilege and more. IEEE Security & Privacy, 2003,1(5):55?59.
    [3] Portable Applications Standards Committee of IEEE Computer Society, Standards Project. Draft Standard for Information Technology-Portable Operating System Interface (POSIX), PSSG Draft 17. New York: IEEE, Inc., 1997.
    [4] Ji QG, Qing SH, He YP. A new formal model for privilege control with supporting POSIX capability mechanism. Science in China (Series F), 2005,48(1):46?66.
    [5] Liang B. Research on trusted process mechanism and related problems [Ph.D. Thesis]. Beijing: Institute of Software, the Chinese Academy of Sciences, 2004 (in Chinese with English abstract).
    [6] Lampson BW. Protection. Operating Systems Review, 1974,8(1):18?24.
    [7] Solworth JA, Sloan RH. Security property based administrative controls. In: Samarati P, Ryan P, Gollmann D, Molva R, eds. Proc. of the 9th European Symp. on Research in Computer Security. LNCS 3193, Sophia Antipolis: Springer-Verlag, 2004. 244?259.
    [8] Wu YJ. Research on key technologies of dynamic policy support in secure operating system [Ph.D. Thesis]. Beijing: Institute of Software, the Chinese Academy of Sciences, 2006 (in Chinese with English abstract).
    [9] Ji QG, Qing SH, He YP. An improved dynamically modified confidentiality policies models. Journal of Software, 2004,15(10):1547?1557 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/15/1547.htm
    [10] Li N, Mao Z. Administration in role-based access control. In: Deng R, Samarati P, eds. Proc. of the 2nd ACM Symp. on Information, Computer and Communications Security, Conf. on Computer and Communications Security, SESSION: Access Control. Singapore: ACM, 2007. 127?138.
    [11] Spencer R, Smalley S, Loscocco P, Hibler M, Andersen D, Lepreau J. The flask security architecture: System support for diverse security policies. In: Proc. of the 8th USENIX Security Symp. Washington: USENIX Association, 1999. 123?139. http://unix.hensa.ac.uk/sites/ftp.wiretapped.net/pub/security/operating-systems/selinux/papers/the-flask-security-architecture.pdf
    [12] Sasturkar A, Yang P, Stoller SD, Ramakrishnan CR. Policy analysis for administrative role based access control. In: Proc. of the 19th IEEE Workshop on Computer Security Foundations. Washington: IEEE Computer Society, 2006. 124?138. http://www.cs.binghamton.edu/~pyang/csfw-2006-TR.pdf
    [13] Department of Defense. Trusted Computer System Evaluation Criteria. National Computer Security Center, 1985.
    [14] Bell DE, LaPadula LJ. Secure computer systems: A mathematical model. Technical Report, ESD-TR-73-278, Vol. 2, ESD/AFSC, 1973.
    [15] Clark DD, Wilson DR. A comparison of commercial and military computer security policies. In: Proc. of the IEEE Symp. on Security and Privacy. New York: IEEE Computer Society Press, 1987. 184?194.
    [16] Lee B, Sterne DF, Sherman DL, Walker KM, Haghighat SA. A domain and type enforcement UNIX prototype. In: Proc. of the 5th USENIX UNIX Security Symp. Salt Lake City: USENIX Association, 1996. 127?140. https://www.usenix.org/publications/library/ proceedings/security95/full_pape rs/badger.pdf
    [17] Sandhu RS, Coyne EJ, Feinstein HL, Younan CE. Role-Based access control models. Computer, 1996,29(2):38?47.
    [18] Smalley S. Configuring the SELinux policy. NAI Technical Report, 02-007, NAI Labs., 2002.
    [19] Zanin G, Mancini LV. Towards a formal model for security policies specification and validation in the SELinux system. In: Proc. of the 9th ACM Symp. on Access Control Models and Technologies. Yorktown Heights, New York: ACM, 2004. 136?145. http://infosecurity.org.cn/content/secbase/sec_poli_spec_valid.pdf
    [20] Park J, Sandhu R. The UCONABC usage control model. ACM Trans. on Information and Systems Security, 2004,7(1):128?174.
    [21] Tidswell J, Potter J. An approach to dynamic domain and type enforcement. In: Varadharajan V, Pieprzyk J, Mu Y, eds. Proc. of the 2nd Australasian Conf. on Information Security and Privacy. LNCS 1270, London: Springer-Verlag, 1997. 26?37.
    [22] Sandhu RS, Bahamidipati V, Coyne E, Ganta S, Youman C. The ARBAC97 model for role-based administration of roles: Preliminary description and outline. In: Proc. of the 2nd ACM Workshop on Role-Based Access Control. Fairfax: ACM, 1997. 41?50. http://eprints.kfupm.edu.sa/68894/1/68894.pdf
    [23] Crampton J, Loizou G. Administrative scope and role hierarchy operations. In: Proc. of the 7th ACM Symp. on Access Control Models and Technologies. Monterey: ACM, 2002. 145?154. http://www.isg.rhul.ac.uk/~jason/Pubs/sacmat02.pdf
    [24] Harrison MA, Ruzzo WL, Ullman JD. Protection in operating systems. Communications of the ACM, 1976,19(8):461?471.
    [25] Li N, Tripunitara MV. On safety in discretionary access control. In: Proc. of the 2005 IEEE Symp. on Security and Privacy. Washing: IEEE Computer Society, 2005. 96?109. https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/ 2005-20.pdf
    [26] Jaeger T, Zhang XL. Policy management using access control spaces. ACM Trans. on Information and System Security, 2003,6(3):327?364.
    [27] Eβmayr W, Kastner F, Pernul G, Preishaber S, Tjoa AM. Authorization and access control in IRO-DB. In: Su SYW, ed. Proc. of the 12th Int’l Conf. on Data Engineering. Washington: IEEE Computer Society, 1996. 40?47.
    [28] Ferraiolo DF, Cugini J, Kuhn DR. Role-Based access control (RBAC): Features and motivations. In: Proc. of the Computer Security Applications Conf. New Orleans: IEEE Computer Society Press, 1995. 241?248. http://www.csrc.nist.gov/groups/SNS/ rbac/documents/ferraiolo-cugini-kuhn-95.pdf
    [29] Secure Computing Corporation. DTOS generalized security policy specification. CDRL Sequence No.A019, Secure Computing Corporation, 1997.
    [30] Tolone W, Ahn GJ, Pai T, Hong SP. Access control in collaborative systems. ACM Computing Surveys, 2005,37(1):29?41.
    [31] Bertino E, Catania B, Ferrari E, Perlasca P. A logical framework for reasoning about access control models. ACM Trans. on Information and System Security, 2003,6(1):71?127.
    [32] McVoy L, Staelin C. lmbench: Portable tools for performance analysis. In: Proc. of the Annual Technical Conf. on USENIX 1996 Annual Technical Conf. San Diego: USENIX Association, 1996. 279?284. http://www.usenix.org/publications/library/proceedings/sd96/full_papers/mcvo y.ps 附中文参考文献:
    [5] 梁彬.可信进程机制及相关问题研究[博士学位论文].北京:中国科学院软件研究所,2004.
    [8] 武延军.安全操作系统动态策略支持的关键技术研究[博士学位论文].北京:中国科学院软件研究所,2006.
    [9] 季庆光,卿斯汉,贺也平.一个改进的可动态调节的机密性策略模型.软件学报,2004,15(10):1547?1557. http://www.jos.org.cn/1000-9825/15/1547.htm
    Related
    Cited by
Get Citation

蔡嘉勇,卿斯汉,刘 伟.安全策略模型聚合性评估方法.软件学报,2009,20(7):1953-1966

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:December 28,2007
  • Revised:February 27,2008
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2032470Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063