Skip to main content
SpringerLink
Log in

The Entity Labeling Pattern for Modeling Operating Systems Access Control

  • Conference paper
  • First Online:
E-Business and Telecommunications (ICETE 2015)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 585))

Included in the following conference series:

Abstract

To meet tightening security requirements, modern operating systems enforce mandatory access control based on formal security policies. To ensure the critical property of policy correctness, formal methods and models for both their specification and verification are used. The variety of these approaches reflects the diversity and heterogeneity of policy semantics, which makes policy engineering an intricate and error-prone process. Therefore, a common formal framework is needed that unifies both diverse access control systems on the one hand and diverse formal criteria of correctness on the other hand.

This paper presents a step towards this goal. We propose to leverage core-based model engineering, a uniform approach to policy formalization, and refine it by adding typical semantic abstractions of contemporary policy-controlled operating systems. This results in a simple, yet highly flexible framework for formalization, specification and analysis of operating system security policies. We substantiate this claim by applying our method to the SELinux system and demonstrating the practical usage of the resulting model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    To distinguish from SELinux “constraints” mentioned in Sect. 3.2, we will keep calling them policy constraints, while the term model constraints exclusively refers to the abstract EL component discussed here.

  2. 2.

    For a minimal example, we did not include MLS and policy constraints in this model. To do this, additional label sets and label assignments for “classification” and “category”, an authorization rule for the MLS dominance relation and another set of model constraints for expressing policy constraints is needed.

  3. 3.

    In practice, there is another choice to make here: either modeling library wrapper functions only, or including the syscall interface of the Linux kernel. Again, the decision depends on whether our respective analysis scenario includes applications that directly use syscalls. We will not further go into detail on when to prefer which degree of detail, and assume in the following that both are modeled.

  4. 4.

    SELinux uses the term “parent entity” to generalize the concept of label inheritance: whenever a process is created, e is its parent process; whenever a file or directory is created, it is the respective parent directory.

  5. 5.

    Technically, there is another, isomorphic mapping of file types to object classes that yields \( cl _{q_0}(i)\) based on \( ft \).

References

  1. Amthor, P., Kühnhauser, W.: An information flow view on privacy in social networks. ACM Trans. Internet Technol., 0: 1–0: 17 (2015). (under review)

    Google Scholar 

  2. Amthor, P., Kühnhauser, W.E., Pölck, A.: Model-based safety analysis of SELinux security policies. In: Samarati, P., Foresti, S., Hu, J., Livraga, G. (eds.) Proceedings of 5th International Conference on Network and System Security, pp. 208–215. IEEE (2011)

    Google Scholar 

  3. Amthor, P., Kühnhauser, W.E., Pölck, A.: Heuristic safety analysis of access control models. In: Proceedings of the 18th ACM Symposium on Access Control Models and Technologies, SACMAT 2013, pp. 137–148. ACM, New York (2013). http://doi.acm.org/10.1145/2462410.2462413

  4. Amthor, P., Kühnhauser, W.E., Pölck, A.: WorSE: a workbench for model-based security engineering. Comput. Secur. 42, 40–55 (2014). http://www.sciencedirect.com/science/article/pii/S0167404814000066

    Article  Google Scholar 

  5. Barker, S.: The next 700 access control models or a unifying meta-model? In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 187–196. ACM, New York (2009)

    Google Scholar 

  6. Bell, D., LaPadula, L.: Secure Computer System: Unified Exposition and Multics Interpretation. Technical report AD-A023 588, MITRE, March 1976

    Google Scholar 

  7. Bugiel, S., Heuser, S., Sadeghi, A.R.: Flexible and fine-grained mandatory access control on android for diverse security and privacy policies. In: 22nd USENIX Security Symposium (USENIX Security 2013), USENIX, August 2013

    Google Scholar 

  8. Conti, M., Crispo, B., Fernandes, E., Zhauniarovich, Y.: Crêpe: a system for enforcing fine-grained context-related policies on android. IEEE Trans. Inf. Forensics Secur. 7(5), 1426–1438 (2012)

    Article  Google Scholar 

  9. Faden, G.: Multilevel filesystems in solaris trusted extensions. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, SACMAT 2007, pp. 121–126. ACM, New York (2007). http://doi.acm.org/10.1145/1266840.1266859

  10. Ferraiolo, D., Atluri, V., Gavrila, S.: The policy machine: a novel architecture and framework for access control policy specification and enforcement. J. Syst. Archit. EUROMICRO J. 57(4), 412–424 (2011)

    Article  Google Scholar 

  11. Ferrara, A.L., Madhusudan, P., Parlato, G.: Policy analysis for self-administrated role-based access control. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013 (ETAPS 2013). LNCS, vol. 7795, pp. 432–447. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  12. Fong, P.W., Siahaan, I.: Relationship-based access control policies and their policy languages. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011, pp. 51–60. ACM, New York (2011). http://doi.acm.org/10.1145/1998441.1998450

  13. Grimes, R.A., Johansson, J.M.: Windows Vista Security: Securing Vista Against Malicious Attacks. John Wiley & Sons Inc, New York (2007)

    Google Scholar 

  14. Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976). http://doi.acm.org/10.1145/360303.360333

    Article  MathSciNet  MATH  Google Scholar 

  15. Kafura, D., Gracanin, D.: An information flow control meta-model. In: Proceedings of the 18th ACM Symposium on Access Control Models and Technologies, SACMAT 2013, pp. 101–112. ACM, New York (2013). http://doi.acm.org/10.1145/2462410.2462414

  16. Kuhn, D., Coyne, E., Weil, T.: Adding attributes to role-based access control. IEEE Comput. 43(6), 79–81 (2010)

    Article  Google Scholar 

  17. Kühnhauser, W.E., Pölck, A.: Towards access control model engineering. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 379–382. Springer, Heidelberg (2011). http://dx.doi.org/10.1007/978-3-642-25560-1_27

    Chapter  Google Scholar 

  18. Loscocco, P.A., Smalley, S.D.: Integrating flexible support for security policies into the linux operating system. In: Cole, C. (ed.) 2001 USENIX Annual Technical Conference, pp. 29–42 (2001)

    Google Scholar 

  19. Naldurg, P., Raghavendra, K.: SEAL: a logic programming framework for specifying and verifying access control models. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011, pp. 83–92. ACM, New York (2011). http://doi.acm.org/10.1145/1998441.1998454

  20. Park, S.M., Chung, S.M.: Privacy-preserving attribute-based access control for grid computing. Int. J. Grid Util. Comput. 5(4), 286–296 (2014). http://dx.org/10.1504/ijguc.2014.065372

    Article  Google Scholar 

  21. PeBenito, C.J., Mayer, F., MacMillan, K.: Reference policy for security enhanced linux. In: Proceedings of the 3rd Annual SELinux Symposium (2006)

    Google Scholar 

  22. Pölck, A.: Small TCBs of Policy-controlled Operating Systems. Universitätsverlag Ilmenau, May 2014

    Google Scholar 

  23. Russello, G., Conti, M., Crispo, B., Fernandes, E.: MOSES: Supporting operation modes on smartphones. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, SACMAT 2012, pp. 3–12. ACM, New York (2012). http://doi.acm.org/10.1145/2295136.2295140

  24. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: Proceedings 5th ACM Workshop on Role-Based Access Control, pp. 47–63. ACM, New York (2000). ISBN 1-58113-259-X

    Google Scholar 

  25. Sandhu, R.S.: The typed access matrix model. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, SP 1992, pp. 122–136. IEEE Computer Society, Washington, DC (1992). http://dl.acm.org/citation.cfm?id=882488.884182

  26. Sarna-Starosta, B., Stoller, S.D.: Policy analysis for security-enhanced linux. In: Proceedings of the 2004 Workshop on Issues in the Theory of Security (WITS) (2004)

    Google Scholar 

  27. Shebaro, B., Oluwatimi, O., Bertino, E.: Context-based access control systems for mobile devices. IEEE Trans. Dependable Secure Comput. PP(99), 1 (2014)

    Google Scholar 

  28. Shen, H.: A semantic-aware attribute-based access control model for web services. In: Hua, A., Chang, S.-L. (eds.) ICA3PP 2009. LNCS, vol. 5574, pp. 693–703. Springer, Heidelberg (2009). http://dx.doi.org/10.1007/978-3-642-03095-6_65

    Chapter  Google Scholar 

  29. Smalley, S., Craig, R.: Security Enhanced (SE) android: bringing flexible MAC to android. In: 20th Annual Network & Distributed System Security Symposium (NDSS), February 2013

    Google Scholar 

  30. Smalley, S.D.: Configuring the SELinux Policy. Technical report 02–007, NAI Labs, February 2005

    Google Scholar 

  31. Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The flask security architecture: system support for diverse security policies. In: Proceedings 8th USENIX Security Symposium (1999)

    Google Scholar 

  32. Stoller, S.D., Yang, P., Gofman, M., Ramakrishnan, C.R.: Symbolic reachability analysis for parameterized administrative role based access control. Comput. Secur. 30(2–3), 148–164 (2011)

    Article  Google Scholar 

  33. Tripunitara, M.V., Li, N.: The foundational work of harrison-ruzzo-ullman revisited. IEEE Trans. Dependable Secur. Comput. 10(1), 28–39 (2013). http://dx.org/10.1109/TDSC.2012.77

    Article  Google Scholar 

  34. Watson, R., Vance, C.: Security-Enhanced BSD. Technical report, Network Associates Laboratories, Rockville, MD, USA, July 2003

    Google Scholar 

  35. Watson, R.N.M.: A decade of OS access-control extensibility. ACM Queue 11(1), 20:20–20:41 (2013). http://doi.acm.org/10.1145/2428616.2430732

    Google Scholar 

  36. Xu, W., Shehab, M., Ahn, G.J.: Visualization-based policy analysis for SELinux: framework and user study. Int. J. Inf. Secur. 12(3), 155–171 (2013). http://dx.org/10.1007/s10207-012-0180-7

    Article  Google Scholar 

  37. Yuan, E., Tong, J.: Attributed Based Access Control (ABAC) for web services. In: Proceedings of the IEEE International Conference on Web Services, ICWS 2005, pp. 561–569. IEEE Press, Washington, DC (2005)

    Google Scholar 

  38. Zanin, G., Mancini, L.V.: Towards a formal model for security policies specification and validation in the SELinux system. In: Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, pp. 136–145, ACM (2004)

    Google Scholar 

  39. Zhang, X., Li, Y., Nalla, D.: An attribute-based access matrix model. In: Proceedings 2005 ACM Symposium on Applied Computing, SAC 2005, pp. 359–363. ACM, New York (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ilmenau University of Technology, P.O. Box 100565, 98684, Ilmenau, Germany

    Peter Amthor

Authors
  1. Peter Amthor
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peter Amthor .

Editor information

Editors and Affiliations

  1. Dept. of Computer & Info Science, Fordham University, Bronx, New York, USA

    Mohammad S. Obaidat

  2. IUT, University of Haute Alsace, Colmar, France

    Pascal Lorenz

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Amthor, P. (2016). The Entity Labeling Pattern for Modeling Operating Systems Access Control. In: Obaidat, M., Lorenz, P. (eds) E-Business and Telecommunications. ICETE 2015. Communications in Computer and Information Science, vol 585. Springer, Cham. https://doi.org/10.1007/978-3-319-30222-5_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30222-5_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30221-8

  • Online ISBN: 978-3-319-30222-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation