Verifying compliance of trusted programs

Proceedings of the 17th USENIX Security Symposium

Volumn , Issue , 2008, Pages 321-334

  Rueda, Sandra ^a   King, Dave ^a   Jaeger, Trent ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL;

ACCESS CONTROL MODELS; BUILDING PROJECTS; COMPLIANCE VERIFICATION; MANDATORY ACCESS CONTROL; POLICY ENFORCEMENT; REFERENCE MONITORS; SYSTEM SECURITY; USER-LEVEL POLICIES;

COMPLIANCE CONTROL;

EID: 79955768230     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (37)

1. ANDERSON, J. P. Computer security technology planning study. Tech. Rep. ESD-TR-73-51, The Mitre Corporation, Air Force Electronic Systems Division, Hanscom AFB, Badford, MA, 1972.
2. BELL, D. E., AND LAPADULA, L. J. Secure computer systems: Unified exposition and multics interpretation. Tech. rep., MITRE MTR-2997, March 1976.
3. BERTINO, E., CATANIA, B., FERRARI, E., AND PERLASCA, P. A logical framework for reasoning about access control models. In Proceedings of SACMAT (2001).
4. BIBA, K. J. Integrity considerations for secure computer systems. Tech. Rep. MTR-3153, MITRE, April 1977.
5. BOEBERT, W. E., AND KAIN, R. Y. A practical alternative to heirarchical integrity policies. In Proceedings of the 8th National Computer Security Conference (1985).
6. CHOLVY, L., AND CUPPENS, F. Analyzing Consistency of Security Policies. In Proceedings of the 1997 IEEE Symposium on Security and Privacy (Oakland, CA, USA, May 1997), pp. 103–112.
7. CLARK, D. D., AND WILSON, D. A comparison of military and commercial security policies. In 1987 IEEE Symposium on Security and Privacy (May 1987).
8. DESMET, L., JOOSEN, W., MASSACCI, F., NALIUKA, K., PHILIPPAERTS, P., PIESSENS, F., AND VANOVERBERGHE, D. A flexible security architecture to support third-party applications on mobile devices. In Proceedings of the ACM Computer Security Architecture Workshop (2007).
9. DRAGONI, N., MASSACCI, F., NALIUKA, K., SEBASTIANI, R., SIAHAAN, I., QUILLIAN, T., MATTEUCCI, I., AND SHAEFER, C. Methodologies and tools for contract matching. Security of Software and Services for Mobile Systems.
10. GUTTMAN, J. D., HERZOG, A. L., RAMSDELL, J. D., AND SKORUPKA, C. W. Verifying information flow goals in Security-Enhanced Linux. J. Comput. Secur. 13, 1 (2005), 115–134.
11. HANSON, C. SELinux and MLS: Putting the pieces together. In Proceedings of the 2nd Annual SELinux Symposium (2006).
12. HICKS, B., KING, D., MCDANIEL, P., AND HICKS, M. Trusted declassification: High-level policy for a security-typed language. In Proceedings of the 1st ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS’06) (Ottawa, Canada, June 10 2006), ACM Press.
13. HICKS, B., RUEDA, S., JAEGER, T., AND MCDANIEL, P. From trusted to secure: Building and executing applications that enforce system security. In Proceedings of the USENIX Annual Technical Conference (2007).
14. HICKS, B., RUEDA, S., JAEGER, T., AND MCDANIEL, P. Integrating SELinux with security-typed languages. In Proceedings of the 3rd SELinux Symposium (Baltimore, MD, USA, March 2007).
15. HICKS, B., RUEDA, S., ST. CLAIR, L., JAEGER, T., AND MCDANIEL, P. A logical specification and analysis for SELinux MLS policy. In Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT) (Antipolis, France, June 2007).
16. JAEGER, T., EDWARDS, A., AND ZHANG, X. Managing access control policies using access control spaces. In SACMAT’02: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies (2002), ACM Press, pp. 3–12.
17. JAEGER, T., EDWARDS, A., AND ZHANG, X. Consistency analysis of authorization hook placement in the Linux security modules framework. ACM Transactions on Information and System Security (TISSEC) 7, 2 (May 2004), 175–205.
18. KOCK, M., MACINI, L., AND PARISI-PRESICCE, F. On the specification and evolution of access control policies. In Proceedings of SACMAT (2001).
19. LI, N., MAO, Z., AND CHEN, H. Usable mandatory integrity protection for operating systems. In IEEE Symposium on Security and Privacy (2007).
20. MAYER, F., MACMILLAN, K., AND CAPLAN, D. SELinux by Example. Prentice Hall, 2007.
21. MCDANIEL, P., AND PRAKASH, A. Methods and limitations of security policy reconciliation. ACM Transactions on Information and System Security V, N (May 2006), 1–32.
22. MCGRAW, G., AND FELTEN, E. Java Security. Wiley Computer, 1997.
23. MYERS, A. C. JFlow: Practical mostly-static information flow control. In POPL’99, pp. 228–241.
24. MYERS, A. C., AND LISKOV, B. A decentralized model for information flow control. In Proceedings of the 16th ACM Symposium on Operating System Principles (October 1997).
25. MYERS, A. C., AND LISKOV, B. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9, 4 (2000), 410–442.
26. MYERS, A. C., NYSTROM, N., ZHENG, L., AND ZDANCEWIC, S. Jif: Java + information flow. Software release. Located at http://www.cs.cornell.edu/jif, July 2001.
27. Security-enhanced Linux. Available at http://www.nsa.gov/selinux.
28. POTTIER, F., AND SIMONET, V. Information Flow Inference for ML. In Proceedings ACM Symposium on Principles of Programming Languages (Jan. 2002), pp. 319–330.
29. SARNA-STAROSTA, B., AND STOLLER, S. Policy analysis for Security-Enhanced Linux. In Proceedings of the 2004 Workshop on Issues in the Theory of Security (WITS) (April 2004), pp. 1–12. Available at http://www.cs.sunysb.edu/∼stoller/WITS2004.html.
30. SHANKAR, U., JAEGER, T., AND SAILER, R. Toward automated information-flow integrity verification for security-critical applications. In Proceedings of the 2006 ISOC Networked and Distributed Systems Security Symposium (NDSS’06) (San Diego, CA, USA, Feb. 2006).
31. SMITH, S. W. Outbound authentication for programmable secure coprocessors. In European Symposium on Research in Computer Security (ESORICS) (2002), pp. 72–89.
32. STONY BROOK UNIVERSITY. COMPUTER SCIENCE DEPARTMENT. XSB: Logic programming and deductive database system for Unix and Windows. Available at http://xsb.sourceforge.net.
33. SWAMY, N., CORCORAN, B., AND HICKS, M. Fable: A language for enforcing user-defined security policies. In In Proceedings of the IEEE Symposium on Security and Privacy (Oakland), May 2008. To appear.
34. TRESYS TECHNOLOGY. SELinux Policy Server. Available at http://www.tresys.com/selinux/selinux policy server.
35. TRESYS TECHNOLOGY. SETools - policy analysis tools for SELinux. available at http://oss.tresys.com/projects/setools.
36. WALSH, D. SELinux Mailing List. http://www.engardelinux.org/modules/index/list_ archives.cgi?list=selinu%x&page=0609. html&month=2007-12, December 2007.
37. The X Foundation: http://www.x.org.