Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2005.12C.7.999

Efficient Techniques to Secure User Data in the Secure OS for a Multi-user Environment  

Ahn, Sun-Il (한국과학기술정보)
Han, Sang-Yong (서울대학교 컴퓨터공학부)
Publication Information
The KIPS Transactions:PartC / v.12C, no.7, 2005 , pp. 999-1006 More about this Journal
Abstract
The Secure OS is an operating system which adds security functions to the existing operating system, in order to secure a system from sorority problems originated from inherent frailty of applications or operating systems. With the existing Secure Oses for it is difficult to set an effective security policy securing personal resources in a multi-user environment system. To solve this problem in this paper we present two Techniques to secure user data efficiently in the RBAC-based Secure OS for a multi-user environment. Firstly we utilizes object's owner information in addition to object's filename. Secondly we make use of meta symbol('$\ast$'), which is able to describe multiple access targets. In addition this paper gives some examples to show advantages from these techniques. And these features are implemented in an solaris-based Secure OS called Secusys.
Keywords
RBAC; Secure OS; Multi-user;
Citations & Related Records
연도 인용수 순위
  • Reference
1 D. E. DENNING, 'A lattice model of secure information flow', Commun. ACM. 19, 2, 236-243. 1976   DOI   ScienceOn
2 R. SANDHU, P. SAMARATI, 'Access control; Principles and practice', IEEE Commun. Mag. 32, 9, 40-48. 1994   DOI   ScienceOn
3 Abrams, M. D., Eggers, K. W., La Padula, L. J., Olson, I. M., 'A Generalized Framework for Access Control: An Informal Description', Proceedings of the 13th National Computer Security Conference, Oktober, 1990
4 SEBSD, 'http://www.trustedbsd.org/sebsd.htmI'
5 A. Ott, 'The Role Compatibility Security Model,' Nordic Workshop on Secure IT Systems 2002, 2002
6 L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker, and S. A. Haghighat, 'Practical Domain and Type Enforcement for UNIX', Proceedings of the 1995 IEEE Symposium on Security and Privacy, 66-77, May, 1995   DOI
7 D. E. Bell and L. J. La PaduIa, 'Secure Computer Systems: Mathematical Foundations and Model', Technical Report M74-244, The MITRE Corporation, Bedford, MA, May, 1973
8 R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, J. Lepreau, 'The Flask Security Architecture: System Support for Diverse Security Policies', Proceedings of the Eighth USENIX Security Symposium, 123-139, Aug., 1999
9 Tsonnet Redowl, 'http://tsonnet.co.kr/sub03/sub03_2_1.php'
10 Medusa DS9 security System, 'http://medusa.formax.sk'
11 Secuve TOS, 'http://secuve.com/eng/product/product1_1_1.htm'
12 P. Loscocco, S. Smalley, 'Integrating Flexible Support for Security Policies into the Linux Operating System', Proceedings of the FREENIX Track of the 2001 USENIX Annual Technical Conference
13 A. Ott, 'The RuIe Set Based Access Control (RSBAC) Linux Kernel Security Extension,' 8th International Linux Kongress, 2001
14 Secubrain Hizard, 'http://www.secubrain.com/product!secureos.htmI'
15 D. F. Ferraiolo, D. Richard. Kuhn, 'Role-Based Access Controls,' Proceedings of the 15th NIST-NSA National Computer Security Conference, Baltimore, Maryland, October, 13-16, 1992