A new formal model for privilege control with supporting POSIX capability mechanism

Science in China, Series F: Information Sciences

Volumn 48, Issue 1, 2005, Pages 46-66

  Ji, Qingguang ^a   Qing, Sihan ^a   He, Yeping ^a  

^a INSTITUTE OF SOFTWARE   (China)

Author keywords

Capability; Domain; Formal model; Least privilege; Role

Indexed keywords

EID: 33744762747     PISSN: 10092757     EISSN: None     Source Type: Journal    
DOI: 10.1360/03yf0244     Document Type: Article

References (25)

1. Curry, D. A., Improving the security of your UNIX system, Technology report ITSTD-721-FR-90-21, SRI International, April 1990.
2. IBM server group. Addressing secrity issues in Linux, A Linux White Paper, 2000.
3. Data General, Managing security on DG/UX system, manual 093-701138-04, Data General Corporation, Westboro, MA01580, Nov. 1996.
4. Cowan, C., Beattie, S., Kroach-Hartman, G. et al., SubDomain: parsimonious server security, 14th USENIX Systems Administration Conference (LISA 2000), New Orleans, LA, December 2000.
5. Chandramouli, R., A framework for multiple authorization types in a healthcare application system, in Proc. 17th Annual Computer Security Applications Conference, December 2001,137-148.
6. Huffman, J., Implementing RBAC on a type enforced system, In Proc. 13th Annual Computer Security Applications Conference, December 1997, 158-163.
7. Sandhu, R.S., Coyne, E. J., Feinstein, H. L. et al., Role based access control models, IEEE Computer, February 1996, 29(2): 38-47.
8. Ferraiolo, D. F., Sandhu, R., Gavrila, S. et al., Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security, August 2001, 4(3): 224-274.
9. Dalton, C., Choo, T. H., An operating system approach to securing e-services, Communication of the ACM, 2001, 44(2): 58-66.
10. Baldwin, R. W., Naming and grouping privileges to simplify security management in large database, in Proceedings of IEEE Symposium on Security and Privacy, 1990, 116-132.
11. Steme, D. F., Tally, G. W., McDonell, C. D. et al., Scalable access control for distributed object systems, in Proceedings of the 8th USENIX Security Symposium, Washington,D.D., USA, August 1999.
12. Christias Panagiotis, J., UNIX ON-LINE Man Pages: Capability(4), 1994, available at http://www.mcsr.olemiss.edu/cgi-bin/man-cgi?capabilities.
13. Dave, W., Linux Capabilities FAQ v0.2, available at ftp.guardian.no/pub/free/capabilities/capfaq.txt.
14. Knight, G., LinSec-Linux Security Protection System, April 2002, available at http://www.linsec.org/doc/final/final.pdf.
15. Kuhn, D. R., Mutual exclusion as a means of implementing separation of duty requirements in role-based access control systems, in Proceedings of the 2nd ACM Workshop on Role-Based Access Control, New York: ACM Press, 1997, 23-30.
16. Spivey, J. M., The Z Notation - A Reference Manual, Prentice-Hall, second edition, 1992.
17. Gavrila, S. I., Barkley, J. F., Formal specification for role based access control user/role and role/role relationship management, in Proceedings of the 3nd ACM Workshop on Role-Based Access Control, New York: ACM Press, 1998, 81-90.
18. Ferraiolo, D. F., Barkley, J. F., Kuhn, D. R., A role-based access control model and reference implementation within a corporate intranet, ACM Transactions on Infoemation and System Security, February 1999, 2(1): 34-64.
19. Clark, D. D., Wilson, D. R., A comparison of commercial and military security policies, in Proceedings of 1987 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, April 1987, 184-238.
20. Ferraiolo, D. F., Cugini, J. A., Kuhn, D. R., Role-based control(RBAC): features and motivations, in Proceedings 11th Annual Computer Security Applications Conference, December 1995, 241-248.
21. Smalley, S. D., Configuring the SELinux policy, Technical report#02-007, NAI Labs, June 2002.
22. JI Qingguang, Study on Formalization Design for High-Level Secure Operating system (in Chinese), Ph.D. Dissertation, Institute of Software, Chinese Academy of Sciences, 2004.
23. Haigh, J.T., Modeling database security requirements, in Database Security: Status and Prospects (ed. Landwehr, C. E.), Amsterdam: North-Holland, 1988, 45-56.
24. Thomsen, D. J., Role-based application design and enforcement, in Database Security, IV: Status and Prospects (eds. Jajodia, S., Landwehr, Carl, E.), Amsterdam: North-Holland 1991, 151-168.
25. Loscocco, P. A., Smalley, S. D., Integrating flexiable support for security policies into the Linux operating system, Technical report, NAI Labs, April 2001.