Abstract
To discuss operating system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security; Type Enforcement in SELinux; anti-malware products; app sandboxing in Apple OS X, Apple iOS, and Google Android; and application-facing systems such as Capsicum in FreeBSD. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to ’security localization’ - the adaptation of operating-system security models to site-local or product-specific requirements.
- Abrams, M. D., Eggers, K. W., LaPadula, L. J., Olson, I. M. 1990. A generalized framework for access control: an informal description. In Proceedings of the 13th NIST-NCSC National Computer Security Conference: 135-143.Google Scholar
- Anderson, J. P. 1972. Computer Security Technology Planning Study. Technical report, Electronic Systems Division, Air Force Systems Command.Google Scholar
- Apple Inc. 2007. Kernel authorization. Technical Note TN2127; http://developer.apple.com/technotes/tn2005/tn2127.html.Google Scholar
- Badger, L., Sterne, D. F., Sherman, D. L., Walker, K. M., Haghighat, S. A. 1995. Practical domain and type enforcement for Unix. In Proceedings of the 1995 IEEE Symposium on Security and Privacy: 66. IEEE Computer Society. Google ScholarDigital Library
- Bell, D. E., and L. J. LaPadula. 1973. Secure computer systems: mathematical foundations and model. Technical Report M74-244. Mitre Corp., Bedford, MA.Google Scholar
- Biba, K. 1977. Integrity considerations for secure computer systems. Technical Report TR-3153. Mitre Corp., Bedford, MA.Google Scholar
- Boebert, W. E., Kain, R. Y. 1985. A practical alternative to hierarchical integrity policies. In Proceedings of the 8th National Computer Security Conference.Google Scholar
- Cantrill, B. M., Shapiro, M. W., Leventhal, A. H. 2004. Dynamic instrumentation of production systems. In Proceedings of the Usenix Annual Technical Conference, Berkeley, CA. Usenix Association. Google ScholarDigital Library
- Fraser, T., Badger, L., Feldman, M. 1999. Hardening COTS software with generic software wrappers. In Proceedings of the 1999 IEEE Symposium on Security and Privacy.Google Scholar
- Kleiman, S. R. 1986. Vnodes: an architecture for multiple file system types in Sun Unix. In Proceedings of the Summer 1986 Usenix Conference.Google Scholar
- Loscocco, P. A., Smalley, S. D. 2001. Integrating flexible support for security policies into the Linux operating system. In Proceedings of the Usenix Annual Technical Conference: 29-42. Usenix Association. Google ScholarDigital Library
- McKusick, M. K., Neville-Neil, G. V. 2004. The Design and Implementation of the FreeBSD Operating System. Pearson Education. Google ScholarDigital Library
- Neumann, P. G., Boyer, R. S., Feiertag, R. J., Levitt, K. N., Robinson, L. 1980. A provably secure operating system: the system, its applications, and proofs, second edition. Technical Report CSL-116. Computer Science Laboratory, SRI International.Google Scholar
- Ott, A. 2010. Rule-set-based access control (RSBAC) for Linux; http://www.rsbac.org/.Google Scholar
- Saltzer, J. H., Schroeder, M. D. 1975. The protection of information in computer systems. In Proceedings of the IEEE 63(9): 1278-1308.Google ScholarCross Ref
- Sebes, E. J. 1991. Overview of the architecture of Distributed Trusted Mach. In Proceedings of the Usenix Mach Symposium: 20-22. Usenix Association.Google Scholar
- Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J. 1999. The Flask security architecture: system support for diverse security policies. In Proceedings of the 8th Usenix Security Symposium: 123-139. Usenix Association. Google ScholarDigital Library
- Vance, C., Miller, T. C., Dekelbaum, R., Reisse, A. 2007. Security-enhanced Darwin: porting SELinux to Mac OS X. In Proceedings from the Third Annual Security Enhanced Linux Symposium.Google Scholar
- Watson, R. N. M. Exploiting concurrency vulnerabilities in system call wrappers. In Proceedings of the First Usenix Workshop on Offensive Technologies: 1-8. (2009) Usenix Association. Google ScholarDigital Library
- Watson, R. N. M. 2012. New approaches to operating system security extensibility. Technical Report UCAM-CL-TR-818. University of Cambridge Computer Laboratory.Google Scholar
- Watson, R. N. M., Anderson, J., Laurie, B., Kennaway, K. 2010. Capsicum: practical capabilities for Unix. In Proceedings of the 19th Usenix Security Symposium. Usenix Association. Google ScholarDigital Library
- Watson, R. N. M. Feldman, B., Migus, A., Vance, C. 2003. Design and implementation of the TrustedBSD MAC Framework. In Proceedings of the Third DARPA Information Survivability Conference and Exhibition (DISCEX). IEEE.Google Scholar
- Wright, C., Cowan, C., Morris, J., Smalley, S., Kroah-Hartman, G. 2002. Linux security modules: general security support for the Linux kernel. In Proceedings of the 11th Usenix Security Symposium. Usenix Association. Google ScholarDigital Library
Index Terms
- A Decade of OS Access-control Extensibility: Open source security foundations for mobile and embedded devices
Recommendations
A decade of OS access-control extensibility
Open source security foundations for mobile and embedded devices.
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Role-Based Access Control Models
Since the 1970s, computer systems have featured multiple applications and served multiple users, leading to heightened awareness of data security issues. System administrators and software developers focused on different kinds of access control to ...
Comments