Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.2.55

An Access Control Security Architecture for Secure Operating System supporting Flexible Access Control  

Kim Jung-Sun (Dept. of Computer Science, Chonnam National University)
Kim Min-Soo (Dept. of Information Security, Mokpo National University)
No Bong-Nam (School of Electronics, Computer and Information Engineering, Chonnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.2, 2006 , pp. 55-70 More about this Journal
Abstract
In this paper, we propose a new access control security architecture for supporting flexibility in Secure Operating Systems. By adding virtual access control system layer to the proposed security architecture, various access control models such as MAC, DAC, and RBAC can be applied to Secure Operating Systems easily. The proposed security architecture is designed to overcome the problem of Linux system's base access control system. A policy manager can compose various security models flexibly and apply them to Operating Systems dynamically. Also, the proposed architecture is composed of 3 modules such as access control enforcement, access control decision, and security control. And access control models are abstracted to hierarchy structure by virtual access control system. And, we present the notation of policy conflict and its resolution method by applying various access control model.
Keywords
Secure Operating System; Operating System; Access Control; Security Architecture;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 김정녀, 손승원, 이철훈, '안전한 운영체제 접근 제어 정책에 대한 보안성 및 성능 시험', 정보처리학회논문지, 제 10-D권 제 5호, Aug. 2003
2 홍기융, 김재명, 홍기완, 'Secure OS 보안정 책 및 메커니즘', 정보보호학회지, 제 15권 제 4호, Aug. 2003
3 S. Smalley, Configuring the SELinux Policy, Technical report, NSA, Feb. 2002
4 The LMbench Project http://lmbench.sour ceforge.net
5 C. P. Pfleeger and S. Lawrence Pfleeger, Security in Computing, PRENTICE HALL, 2002
6 R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, and J. Lepreau, 'The Flask Security Architecture: System Support for Diverse Security Policies,' In Proceedings of the Eighth USENIX Security Symposium, pp. 123- 139, Aug. 1999
7 R. Sandhu, E. Coyne, H. Feinstein, and C. Youman, 'Role-Based Access Control Models,' IEEE Computer, Vol 29, No 2 , pp. 38-47, 1996
8 P. Loscocco and S. Smalley, 'Integrating Flexible Support for Security Policies into the Linux Operating System,' In Proceedings of the FREENIX Track: 2001 USENIX Annual Tec. Conference, June 2001
9 D. Gollmann, Computer Security, John Wiley & SONS, 1999
10 Medusa DS9, http://medusa.fornax.sk
11 D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, 'Proposed NIST Standard for Role-Based Access Control,' ACM Transactions on Information and Systems Security, Vol. 4, No. 3, pp. 224-274, Aug 2001   DOI
12 A. Ott, 'Rule Set Based Access Control as Proposed in the Generalized Framework for Access Control approach in Linux,' Master's thesis, University of Hamburg, pp. 157, Nov. 1997
13 S. Smalley, C. Vance, and W. Salamon, Implementing SELinux as a Linux Security Module, Technical report, NAI Labs, May 2002
14 M. D. Abrams, L. J. L. Padula, and I. M. Olson, 'Building Generalized Access Control On UNIX,' In Proceedings of the 2nd USENIX Security Workshop, pp. 65-70, Aug. 1990
15 A. Ott, 'The Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension,' 8th Int. Linux Kongress, Enschede 2001
16 The Linux Test Project http://ltp.sourceforge.net
17 L. Mcvoy and C. Staelin, 'lmbench: Portable Tools for Performance Analysis,' In Proceedings of USENIX Annual Technical Conference, Jan. 1996
18 M. D. Abrams, K. W. Eggers, L. J. L. Padula, and I. M. Olson, 'A Generalized Framework for Access Control: An Informal Description,' In Proceedings of the Thirteenth National Computer Security Conference, pp. 135-143, Oct. 1990