Usable mandatory integrity protection for operating systems

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2007, Pages 164-178

  Li, Ninghui ^a   Mao, Ziqing ^a   Chen, Hong ^a  

^a PURDUE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER OPERATING SYSTEMS; COMPUTER PROGRAMMING LANGUAGES; INFORMATION RETRIEVAL; MATHEMATICAL MODELS;

ACCESS CONTROL SYSTEMS; SECURITY MODULES; USABLE MANDATORY INTEGRITY PROTECTION (UMIP);

ACCESS CONTROL;

EID: 34548763868     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2007.37     Document Type: Conference Paper

References (24)

1. Apparmor application security for linux. http://www.novell.com/linux/ security/apparmor/.
2. L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker, and S. A. Haghighat. A domain and type enforcement UNIX prototype. In Proc. USENIX Security Symposium, June 1995.
3. L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker, and S. A. Haghighat. Practical domain and type enforcement for UNIX. In Proc. IEEE Symposium on Security and Privacy, pages 66-77, May 1995.
4. K. J. Biba. Integrity considerations for secure computer systems. Technical Report MTR-3153, MITRE, April 1977.
5. D. Brumley and D. Song. PrivTrans: Automatically partitioning programs for privilege separation. In Proceedings of the USENIX Security Symposium, August 2004.
6. H. Chen, D. Dean, and D. Wagner. Setuid demystified. In Proc. USENIX Security Symposium, pages 171-190, Aug. 2002.
7. D. D. Clark and D. R. Wilson. A comparision of commercial and military computer security policies. In Proceedings of the 1987 IEEE Symposium on Security and Privacy, pages 184-194. IEEE Computer Society Press, May 1987.
8. C. Cowan, S. Beattie, G. Kroah-Hartman, C. Pu, P. Wagle, and V. D. Gligor. Subdomain: Parsimonious server security. In Proceedings of the 14th Conference on Systems Administration (LISA 2000), pages 355-368, Dec. 2000.
9. DOD. Trusted Computer System Evaluation Criteria. Department of Defense 5200.28-STD, Dec. 1985.
10. T. Fraser. LOMAC: Low water-mark integrity protection for COTS environments. In 2000 IEEE Symposium on Security and Privacy, May 2000.
11. Frequently Asked Questions for FreeBSD 4.X, 5.X, and 6.X. http://www.freebsd.org/doc/en_US.IS08859-1/books/faq/.
12. I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A secure environment for untrusted helper applications: Confining the wily hacker. In Proc. USENIX Security Symposium, pages 1-13, June 1996.
13. LIDS: Linux intrusion detection system. http://www.lids.org/.
14. P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In Proceedings of the FREENIX track: USENIX Annual Technical Conference, pages 29-42, June 2001.
15. M. D. Mcllroy and J. A. Reeds. Multilevel security in the unix tradition. Software-Practice and Experience, 22(8):673-694, Aug. 1992.
16. NSA. Security enhanced linux. http://www.nsa.gov/selinux/.
17. N. Provos. Improving host security with system call policies. In Proceedings of the 2003 USENIX Security Symposium, pages 252-272, August 2003.
18. N. Provos, M. Friedl, and P. Honeyman. Preventing privilege escalation. In Proceedings of the 2003 USENIX Security Symposium, pages 231-242, August 2003.
19. E. S. Raymond. The Art of UNIX Programming. Addison-Wesley Professional, 2003.
20. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278-1308, September 1975.
21. R. Sandhu. Good-enough security: Toward a pragmatic business-driven discipline. IEEE Internet Computing, 7(1):66-68, Jan. 2003.
22. U. Shankar, T. Jaeger, and R. Sailer. Toward automated information-flow integrity verification for security-critical applications. In Proceedings of the 2006 ISOC Networked and Distributed Systems Security Symposium, February 2006.
23. D. R. Wichers, D. M. Cook, R. A. Olsson, J. Crossley, P. Kerchen, K. N. Levitt, and R. Lo. Pad's: An access control list approach to anti-viral security. In Proceedings of the 13th National Computer Security Conference, pages 340-349, Oct. 1990.
24. C. Wright, C. Cowan, J. Morris, S. Smalley, and G. Kroah-Hartman. Linux security modules: General security support for the linux kernel. In Proc. USENIX Security Symposium, pages 17-31, 2002.