A Uniform Modeling Pattern for Operating Systems Access Control Policies with an Application to SELinux

Peter Amthor

2015

Abstract

Modern operating systems increasingly rely on enforcing mandatory access control through the use of security policies. Given the critical property of policy correctness in such systems, formal methods and models are applied for both specification and verification of these policies. Due to the heterogeneity of their respective semantics, this is an intricate and error-prone engineering process. However, diverse access control systems on the one hand and diverse formal criteria of correctness on the other hand have so far impeded a unifying framework for this task. This paper presents a step towards this goal. We propose to leverage core-based model engineering, a uniform approach to security policy formalization, and refine it by adding typical semantic abstractions of contemporary policy-controlled operating systems. This results in a simple, yet highly flexible framework for formalization, specification and analysis of operating system security policies. We substantiate this claim by applying our method to the SELinux system and practically demonstrate how to map policy semantics to an instance of the model.

References

  1. Amthor, P., Kühnhauser, W. E., and Pölck, A. (2011). Model-based Safety Analysis of SELinux Security Policies. In Samarati, P., Foresti, S., Hu, J., and Livraga, G., editors, In Proc. 5th Int. Conference on Network and System Security, pages 208-215. IEEE.
  2. Amthor, P., Kühnhauser, W. E., and Pölck, A. (2013). Heuristic Safety Analysis of Access Control Models. In Proc. 18th ACM symposium on Access control models and technologies, SACMAT 7813, pages 137-148, New York, NY, USA. ACM.
  3. Amthor, P., Kühnhauser, W. E., and Pölck, A. (2014). WorSE: A Workbench for Model-based Security Engineering. Computers & Security, 42(0):40-55.
  4. Barker, S. (2009). The Next 700 Access Control Models or a Unifying Meta-Model? In Proc. 14th ACM Symposium on Access Control Models and Technologies, SACMAT 7809, pages 187-196, New York, NY, USA. ACM.
  5. Bell, D. and LaPadula, L. (1976). Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report AD-A023 588, MITRE.
  6. Bugiel, S., Heuser, S., and Sadeghi, A.-R. (2013). Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies. In 22nd USENIX Security Symposium (USENIX Security 7813). USENIX.
  7. Conti, M., Crispo, B., Fernandes, E., and Zhauniarovich, Y. (2012). Creˆpe: A system for enforcing fine-grained context-related policies on android. Information Forensics and Security, IEEE Transactions on, 7(5):1426- 1438.
  8. Faden, G. (2007). Multilevel Filesystems in Solaris Trusted Extensions. In Proc. 12th ACM Symposium on Access Control Models and Technologies, SACMAT 7807, pages 121-126, New York, NY, USA. ACM.
  9. Ferrara, A. L., Madhusudan, P., and Parlato, G. (2013). Policy Analysis for Self-administrated Role-based Access Control. In Proc. 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS'13, pages 432-447, Berlin, Heidelberg. Springer-Verlag.
  10. Fong, P. W. and Siahaan, I. (2011). Relationship-based Access Control Policies and Their Policy Languages. In Proc. 16th ACM Symposium on Access Control Models and Technologies, SACMAT 7811, pages 51-60, New York, NY, USA. ACM.
  11. Grimes, R. A. and Johansson, J. M. (2007). Windows Vista Security: Securing Vista Against Malicious Attacks. John Wiley & Sons, Inc., New York, NY, USA.
  12. Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. (1976). Protection in operating systems. Communications of the ACM, 19(8):461-471.
  13. Kafura, D. and Gracanin, D. (2013). An Information Flow Control Meta-model. In Proc. 18th ACM Symposium on Access Control Models and Technologies, SACMAT 7813, pages 101-112, New York, NY, USA. ACM.
  14. Kuhn, D., Coyne, E., and Weil, T. (2010). Adding Attributes to Role-Based Access Control. IEEE Computer, 43(6):79-81.
  15. Kühnhauser, W. E. and Pölck, A. (2011). Towards Access Control Model Engineering. In Proc. 7th Int. Conf. on Information Systems Security, ICISS'11, pages 379-382, Berlin, Heidelberg. Springer-Verlag.
  16. Loscocco, P. A. and Smalley, S. D. (2001). Integrating Flexible Support for Security Policies into the Linux Operating System. In Cole, C., editor, 2001 USENIX Annual Technical Conference, pages 29-42.
  17. Naldurg, P. and Raghavendra, K. (2011). SEAL: A Logic Programming Framework for Specifying and Verifying Access Control Models. In Proc. 16th ACM Symposium on Access Control Models and Technologies, SACMAT 7811, pages 83-92, New York, NY, USA. ACM.
  18. Park, S. M. and Chung, S. M. (2014). Privacy-preserving Attribute-based Access Control for Grid Computing. Int. J. Grid Util. Comput., 5(4):286-296.
  19. PeBenito, C. J., Mayer, F., and MacMillan, K. (2006). Reference Policy for Security Enhanced Linux. In Proc. 3rd Annual SELinux Symposium.
  20. Pölck, A. (2014). Small TCBs of Policy-controlled Operating Systems. Universitätsverlag Ilmenau.
  21. Russello, G., Conti, M., Crispo, B., and Fernandes, E. (2012). MOSES: Supporting Operation Modes on Smartphones. In Proc. 17th ACM symposium on Access Control Models and Technologies, SACMAT 7812, pages 3- 12, New York, NY, USA. ACM.
  22. Sandhu, R., Ferraiolo, D., and Kuhn, R. (2000). The NIST Model for Role-Based Access Control: Towards a Unified Standard. In Proc. 5th ACM Workshop on RoleBased Access Control, pages 47-63, New York, NY, USA. ACM. ISBN 1-58113-259-X.
  23. Sandhu, R. S. (1992). The Typed Access Matrix Model. In Proc. 1992 IEEE Symposium on Security and Privacy, SP 7892, pages 122-136, Washington, DC, USA. IEEE Computer Society.
  24. Sarna-Starosta, B. and Stoller, S. D. (2004). Policy Analysis for Security-Enhanced Linux. In Proc. 2004 Workshop on Issues in the Theory of Security (WITS).
  25. Shebaro, B., Oluwatimi, O., and Bertino, E. (2014). Context-based Access Control Systems for Mobile Devices. IEEE Transactions on Dependable and Secure Computing, PP(99):1-1.
  26. Shen, H. (2009). A Semantic-Aware Attribute-Based Access Control Model for Web Services. In Proc. 9th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 7809, pages 693-703, Berlin, Heidelberg. Springer-Verlag.
  27. Smalley, S. and Craig, R. (2013). Security Enhanced (SE) Android: Bringing Flexible MAC to Android. In 20th Annual Network & Distributed System Security Symposium (NDSS).
  28. Smalley, S. D. (2005). Configuring the SELinux Policy. Technical Report 02-007, NAI Labs.
  29. Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., and Lepreau, J. (1999). The Flask Security Architecture: System Support for Diverse Security Policies. In Proc. 8th USENIX Security Symposium.
  30. Stoller, S. D., Yang, P., Gofman, M., and Ramakrishnan, C. R. (2011). Symbolic Reachability Analysis for Parameterized Administrative Role Based Access Control. Computers & Security, 30(2-3):148-164.
  31. Watson, R. and Vance, C. (2003). Security-Enhanced BSD. Technical report, Network Associates Laboratories, Rockville, MD, USA.
  32. Watson, R. N. M. (2013). A Decade of OS Access-control Extensibility. ACM Queue, 11(1):20:20-20:41.
  33. Xu, W., Shehab, M., and Ahn, G.-J. (2013). Visualizationbased policy analysis for SELinux: framework and user study. International Journal of Information Security, 12(3):155-171.
  34. Yuan, E. and Tong, J. (2005). Attributed Based Access Control (ABAC) for Web Services. In ICWS 7805: Proc. IEEE International Conference on Web Services, pages 561- 569, Washington, DC, USA. IEEE Press.
  35. Zanin, G. and Mancini, L. V. (2004). Towards a Formal Model for Security Policies Specification and Validation in the SELinux System. In Proc. of the 9th ACM Symposium on Access Control Models and Technologies, pages 136-145. ACM.
  36. Zhang, X., Li, Y., and Nalla, D. (2005). An Attribute-based Access Matrix Model. In Proc. 2005 ACM Symposium on Applied Computing, SAC 7805, pages 359-363, New York, NY, USA. ACM.
Download


Paper Citation


in Harvard Style

Amthor P. (2015). A Uniform Modeling Pattern for Operating Systems Access Control Policies with an Application to SELinux . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 88-99. DOI: 10.5220/0005551000880099


in Bibtex Style

@conference{secrypt15,
author={Peter Amthor},
title={A Uniform Modeling Pattern for Operating Systems Access Control Policies with an Application to SELinux},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={88-99},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005551000880099},
isbn={978-989-758-117-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - A Uniform Modeling Pattern for Operating Systems Access Control Policies with an Application to SELinux
SN - 978-989-758-117-5
AU - Amthor P.
PY - 2015
SP - 88
EP - 99
DO - 10.5220/0005551000880099