A component-based policy-neutral architecture for kernel-level access control

Annales des Telecommunications/Annals of Telecommunications

Volumn 64, Issue 1-2, 2009, Pages 121-146

  Lacoste, Marc ^a   Jarboui, Tahar ^a   He, Ruan ^a  

^a ORANGE LABS   (France)

Author keywords

Access control; Authorization; Component based architectures; Flexibility; Operating systems; Policy neutral authorization; Security kernels

Indexed keywords

AUTHORIZATION; COMPONENT-BASED ARCHITECTURES; FLEXIBILITY; OPERATING SYSTEMS; POLICY-NEUTRAL AUTHORIZATION; SECURITY KERNELS;

COMPUTER OPERATING SYSTEMS; HETEROGENEOUS NETWORKS; MOBILE TELECOMMUNICATION SYSTEMS; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 60849133598     PISSN: 00034347     EISSN: 19589395     Source Type: Journal    
DOI: 10.1007/s12243-008-0071-0     Document Type: Article

References (70)

1. Abrams M, Eggers K, La Padula L, Olson I (1990) A generalized framework for access control: an informal description. Proceedings of the National Computer Security Conference
2. Badger L, Sterne D, Sherman D, Walker K. Haghinghat S (1995) Practical domain and type enforcement for UNIX. Proceedings of the IEEE Symposium on Security and Privacy, pp 66-77
3. Bell D, La Padula L (1975) Secure computer system: unified exposition and Multics interpretation. Technical report no MTR-2997. MITRE Corporation, Bedford, MA
4. Bernaschi M, Gabrielli E, Mancini L (2002) REMUS: a security-enhanced operating system. ACM Trans Inf Syst Secur 5(1):36-61
5. Bershad B, Savage S, Pardyak P, Sirer E, Fiuczinski M, Becker D, Eggers S, Chambers C (1995) Extensibility, safety and performance in the SPIN operating system, Proceedings of the ACM Symposium on Operating System Principles (SOSP), pp 267-283
6. Bertino E, Catania B, Ferrari E, Perlasca P (2003) A logical framework for reasoning about access control models. ACM Trans Inf Syst Secur 6(1):71-127
7. Biba K (1977) Integrity considerations for secure computer systems. Technical Report no. MTR-3153. MITRE Corporation, Bedford, MA
8. Boebert W, Kain R (1985) A practical alternative to hierarchical integrity policies, Proceedings of the National Computer Security Conference, pp 18-27
9. Brewer D, Nash M (1989) The Chinese wall security policy. Proceedings of the IEEE Symposium on Security and Privacy, pp 206-214
10. Bruneton E, Coupaye T, Leclerc M, Quema V, Stefani J-B (2006) The Fractal component model and its support in Java. Software-practice and experience (SP&E). Special issue on Experiences with Auto-adaptive and Reconfigurable Systems 36(11-12):1257-1284
11. Chess D, Palmer C, White S (2003) Security in an autonomic computing environment. IBM Syst J 42(1):107-118
12. Claudel B, De Palma N, Lachaize R, Hagimont D (2006) Self-protection for distributed component-based applications. International Symposium on Stabilization, Safety, and Security of Distributed Systems, formerly Symposium on Self-stabilizing Systems (SSS), pp 184-198
13. Damiani M, Bertino E, Catania B, Perlasca P (2007) GEO-RBAC: a spatially-aware RBAC. ACM Trans Inf Syst Secur 10(1):3-42
14. David PC, Ledoux T (2005) WildCAT: a generic framework for context-aware applications, Proceedings of the International Workshop on Middleware for Pervasive and Ad-Hoe Computing (MPAC)
15. De Capitani Di Vimercati S, Samarati P, Jajodia S (2005) Policies, models, and languages for access control. Proceedings of the International Workshop on Databases in Networked Information Systems (DNIS), pp. 225-237
16. Dennis JB, Van Horn E (1966) Programming semantics for multi-programmed computations. Commun ACM 9(3): 143-154
17. Edwards A, Jaeger T, Zhang X (2002) Runtime verification of authorization hook placement for the Linux security modules framework. Proceedings of the ACM Conference on Computer and Communications Security (CCS) pp 225-234
18. Engler D, Kaashoek M, O'Toole J (1995) Exokemel: an operating system architecture for application-level resource management. Proceedings of the ACM Symposium on Operating System Principles (SOSP) pp 251-266
19. Fassino J-P, Jarboui T, Lacoste M (2008) An access control system and method, a component-based kernel including it, and its use. US Patent Application no. 11,792,900
20. Fassino J-P, Stefani J-B, Lawall J, Muller G (2002) Think: a software framework for component-based operating system kernels. Proceedings of the USENIX Annual Technical Conference, pp 73-86
21. Ferraiolo D, Sandhu R, Gavrila S, Kuhn D, Chandramouli R (2001) Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur 4(3):224-274
22. Ganek A, Corbi T (2003) The dawning of the autonomic computing era. IBM Syst J 42(1):5-18
23. Georganopoulos N, Famham T, Burgess R, Scholer T, Sessler J, Warr P, Golubicic Z, Platbrood F, Souville B, Buljore S (2004) Terminal-centric view of software reconfigurable system architecture and enabling components and technologies. IEEE Commun Mag 42(5): 100-110
24. Gligor V, Gavrila S, Ferraiolo D (1998) On the formal definition of separation-of-duty policies and their composition. Proceedings of the IEEE Symposium on Security and Privacy, pp 172-183
25. Grimm R, Bershad B (2001) Separating access control policy enforcement and functionality in extensible systems. ACM Trans Comput Syst 19(l):36-70
26. Halfhill T (2003) ARM Dons Armor: TrustZone security extensions strengthen ARMv6 Architecture. Microprocessor Report, August 25th
27. Hardy N (1985) The KeyKOS architecture. Oper Syst Rev 19(4):8-25
28. Hewlett-Packard. Jena: a semantic web framework for Java, http:// jena.sourceforge.net/
29. Jaeger T, Liedtke J, Islam N (1998) Operating system protection for fine-grained programs. Proceedings of the USENIX Security Symposium, pp 143-157
30. Jajodia S, Samarati P, Subrahmanian V (1997) A logical language for expressing authorizations. Proceedings of the IEEE Symposium on Security and Privacy, pp 31-42
31. Jajodia S, Samarati P, Sapino M, Subrahmanian V (2001) Flexible support for multiple access control policies, ACM Trans Database Syst 26(2):214-260
32. Jarboui T, Lacoste M, Wadier P (2006) A component-based policy-neutral authorization architecture. Actes de la 5ème Conférence Française sur les Systèmes d'Exploitation (CFSE)
33. Kim A, Luo J, Kang M (2005) Security ontology for annotating resources. Proceedings of the International Conference on Ontologies, Databases, and Application of Semantics (ODBASE)
34. Kon F, Campbell R, Mickunas M, Nahrstedt K, Ballesteros F (2000) 2K: A distributed operating system for dynamic heterogeneous environments, IEEE International Symposium on High Performance Distributed Computing (HPDC), pp 201-210
35. Krieger O, Auslander M, Rosenburg B, Wisniewski R, Xenidis J, Da Silva D, Ostrowski M, Appavoo J, Butrico M, Mergen M, Waterland A, Uhlig V (2006) K42: building a complete operating system. Proceedings of the EUROSYS 2006 Conference, Operating Systems Review 40(4): 133-146
36. Krohn M, Efstathopoulos P, Frey C, Kaashoek F, Kohler E, Mazieres D, Morris R, Osborne M, Vandebogart S, Ziegler D (2005) Make least privilege a right (not a privilege). Proceedings of the Hot Topics in Operating Systems Symposium (HotOS)
37. Kuz T, Liu Y, Gorton I, Heiser G (2007) CAmkES: a component model for secure microkernel-based embedded systems. J Syst Softw 80(5):687-699
38. Lacoste M, Privat G, Ramparany F (2007) Evaluating confidence in context for context-aware security. Proceedings of the European Conference on Ambient Intelligence (AmI)
39. Levy H (1984) Capability-based computer systems. Digital Press, Bedford, MA
40. Liedtke J (1995) On micro-kernel construction. Proceedings of the ACM Symposium on Operating System Principles (SOSP)
41. Lin Z, Wang C, Mao B, Xie L (2005) A policy flexible architecture for secure operating systems. Oper Syst Rev 39(3):24-33
42. Loscocco P, Smalley S (2001) Integrating flexible support for security policies into the Linux operating system, Proceedings of the USENIX Annual Technical Conference, pp 29-42
43. Loscocco P, Smalley S, Muckelbauer P, Taylor R, Turner S, Farrell J (1998) The inevitability of failure: the flawed assumption of security in modern computing environments, Proceedings of the National Information Systems Security Conference, pp 303-314
44. Minear S (1995) Providing policy control over object operations in a Mach-based system. Proceedings of the USENIX Security Symposium, pp 141-156
45. MOTOROLA LABS. IST E2R II Project, http://e2r2.motlabs. com/
46. Ott A (2001) The rule set based access control (RSBAC) Linux kernel security extension. Proceedings of the International Linux Kongress
47. Park J, Sandhu R (2004) The UCON ABC usage control model. ACM Trans inf Syst Secur 7(1): 128-174
48. Polakovic J, Mazare S, Stefani J-B, David PC (2007) Experience with implementing safe reconfigurations in component-based embedded systems. Proceedings of the International ACM Symposium on Component-Based Software Engineering (CBSE), pp 240-255
49. Polakovic J, Ozcan AE, Stefani J-B (2006) Building reconfigurable component-based OS with Think. Proceedings of the EUROMICRO Conference on Software Engineering and Advanced Applications, pp 178-185
50. Rippert C, Stefani J-B (2002) Think: a secure distributed systems architecture. Proceedings of the ACM S1GOPS European Workshop
51. Rozier M, Abrossimov V, Armand F, Boule I, Gien M, Guillemont M, Hermann F, Kaiser C, Langlois S, Leonard P, Neuhauser W (1988) Chorus distributed operating system. Comput Syst 1 (4):305-370
52. Saltzer J, Schroeder M (1975) The protection of information in computer systems. Proceedings of the IEEE 63(9): 1278-1308
53. Saxena A, Lacoste M, Jarboui T, Lucking U, Steinke B (2007) A software framework for autonomic security in pervasive environments. Proceedings of the International Conference on Information Systems Security (ICISS)
54. Schroeder M, Saltzer J (1971) A hardware architecture for implementing protection rings. Proceedings of the ACM Symposium on Operating System Principles (SOSP)
55. Seltzer M, Endo Y, Small C, Smith K (1996) Dealing with disaster: surviving misbehaved kernel extensions, Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSD1), pp 213-228
56. Shapiro J, Hardy N (2002) EROS: a principle-driven operating system from the ground up. IEEE Softw 19(l):26-33
57. Shapiro J, Smith J, Farber D (1999) EROS: a fast capability system. Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), pp 170-185
58. Shapiro J, Weber S (2000) Verifying the EROS confinement mechanism. Proceedings of the IEEE Symposium on Security and Privacy, pp 166-176
59. Spencer R, Smalley S, Loscocco P, Hibler M, Andersen D, Lepreau J (1999) The Flask security architecture: system support for diverse security policies. Proceedings of the USENIX Security Symposium
60. Suh S (2007) Secure architecture and implementation of Xen on ARM for mobile devices. Xen Summit, April
61. Szyperski C (2002) Component software systems. Addison-Wesley, New York
62. Tanenbaum A, Mullender S, Van Renesse R (1986) Using sparse capabilities in a distributed operating system. Proceedings of the International Symposium on Distributed Computing Systems (ICDCS), pp 558-563
63. Trinpunitara M, Li N (2004) Comparing the expressive power of access control models. Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp 62-71
64. Vandebogart S, Efstathopouios P, Kohler E, Krohn M, Frey C, Ziegler D, Kaashoek F, Morris R, Mazieres D (2007) Labels and event processes in the Asbestos operating system. ACM Trans Comput Syst 25(4): 11.1-11.43
65. Wallach D, Balfanz D, Dean S, Felten E (1997) Extensible security architectures for Java. Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), pp 116-128
66. Watson R, Morrison W, Vance C, Feldman B (2003) The Trusted BSD MAC framework: extensible kernel access control for FreeBSD 5.0. Proceedings of the USENIX Annual Technical Conference, pp 285-296
67. Wright C, Cowan R, Smalley S, Morris J, Kroah-Hartman G (2002) Linux security modules: general security support for the Linux kernel. Proceedings of the USENIX Security Symposium
68. Zanin G, Mancini L (2004) Towards a formal model for security policies specification and validation in the SELinux System. Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), pp 136-145
69. Zeldovich N, Boyd-Wickizer S, Kohler E, Mazieres D (2006) Making information flow explicit in HiStar. Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI)
70. Zeldovich N, Boyd-Wickizer S, Mazieres D (2008) Securing distributed systems with information flow control. Proceedings of the Symposium on Networked Systems Design and Implementation (NSDI)