• Title/Summary/Keyword: MAC(Mandatory Access Control)

Search Result 23, Processing Time 0.026 seconds

Mandatory Access Control Protection Profile for Secure Operating System (보안 운영체제를 위한 강제적 접근 제어 보호 프로파일)

  • Ko Young Woong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.1 s.33
    • /
    • pp.141-148
    • /
    • 2005
  • Nowadays, it is possible to access sharing data from unauthorized People. Access control prevents unauthorized access to computing resource, information resources, and communication resources. It is very important to defend the critical system resources from the unauthorized. The importance of this study is to develop Protection Profile for Mandatory Access Control (MAC) that satisfies TCSEC assurance level B2. protection profile for MAC will help developers to use reference for the development of requirements and formulating security specification.

  • PDF

Access Control Mechanism based on MAC for Cloud Convergence (클라우드 융합을 위한 MAC 정책 기반 접근통제 메커니즘)

  • Choi, Eun-Bok;Lee, Sang-Joon
    • Journal of the Korea Convergence Society
    • /
    • v.7 no.1
    • /
    • pp.1-8
    • /
    • 2016
  • Cloud computing technology offers function that share each other computer resource, software and infra structure based on network. Virtualization is a very useful technology for operation efficiency of enterprise's server and reducing cost, but it can be target of new security threat when it is used without considering security. This paper proposes access control mechanism based on MAC(Mandatory Access Control) for cloud convergence that solve various problem that can occur in cloud environment. This mechanism is composed of set of state rules, security characteristics and algorithm. Also, we prove that the machine system with access control mechanism and an initial secure state is a secure system. This policy module of mechanism is expected to not only provide the maintenance but also provide secure resource sharing between virtual machines.

Access Control for Secure Access Path (안전한 접근 경로를 보장하기 위한 접근 제어)

  • Kim, Hyun-Bae
    • Journal of The Korean Association of Information Education
    • /
    • v.1 no.2
    • /
    • pp.57-66
    • /
    • 1997
  • The primary purpose of security mechanisms in a computer systems is to control the access to information. There are two types of access control mechanisms to be used typically. One is discretionary access control(DAC) and another is mandatory access control(MAC). In this study an access control mechanism is introduced for secure access path in security system. The security policy of this access control is that no disclosure of information and no unauthorized modification of information. To make this access control correspond to security policy, we introduce three properties; read, write and create.

  • PDF

The Design of a Log Manager for Mandatory Access Control Mechanism of Secure Operating System (보안운영체제의 강제적 접근통제(MAC)를 위한 로그 관리자 설계)

  • Park, Chun-Goo;Shin, Wook;Kang, Jung-Min;Lee, Hyung-Hyo;Lee, Dong-Ik
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2001.04a
    • /
    • pp.805-807
    • /
    • 2001
  • 안전한 컴퓨터 시스템 평가기준인 TCSEC(Trusted Computer System Evaluation Criteria)[1] B1급 이상 시스템의 안전한 운영체제들은 강제접근통제(Mandatory Access Control : MAC) 메커니즘을 이용하여 정보의 흐름을 제어하고 있다. 하지만 아무리 정확하게 설계된 접근통제 메커니즘이라고 하더라도 시스템 관리자 또는 보안 관리자가 어떻게 시스템이 접근통제 메커니즘을 관리.운영하느냐에 따라 그 시스템의 안전성과 보안에 대한 신뢰도가 결정된다고 할 수 있다. 지금까지 연구되고 있는 대부분의 MAC을 적용한 안전한 운영체제는 접근통제메커니즘의 적용 및 관리.운영상의 보안문제점을 관리할 적당한 방법을 제시하고 있지 않다[4][5][6][7]. 본 논문은 MAC을 적용한 안전한 운영체제의 안전하고 효율적인 관리.운영을 위한 방법으로 LMACM(Log Manager for Access Control Mechanism)을 제안한다.

  • PDF

The design and implementation of security kernel assured trusted path (신뢰경로가 보장되는 보안커널 설계 및 구현)

  • 이해균;김재명;조인준
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2001.11a
    • /
    • pp.340-347
    • /
    • 2001
  • Security operating system applied to MAC(Mandatory Access Control) or to MLS(Multi Level Security) gives both subject and object both Security Level and value of Category, and it restrict access to object from subject. But it violates Security policy of system and could be a circulated course of illegal information. This is correctly IPC(Interprocess Communication)mechanism and Covert Channel. In this thesis, I tried to design and implementation as OS kernel in order not only to give confidence of information circulation in the Security system, but also to defend from Covert Channel by Storage and IPC mechanism used as a circulated course of illegal information. For removing a illegal information flow by IPC mechanism. I applied IPC mechanism to MLS Security policy, and I made Storage Covert Channel analyze system call Spec. and than distinguish Storage Covert Channel. By appling auditing and delaying, I dealt with making low bandwidth.

  • PDF

Access Control System for Trusted FreeBSD Operating system (안전한 FreeBSD 운영체제를 위한 접근 제어 시스템)

  • Ko, Jong-Gook;Doo, So-Young;Un, Sung-Kyung;Kim, Jeong-Nyeo
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2001.10b
    • /
    • pp.847-850
    • /
    • 2001
  • 본 논문에서는 최근에 많은 관심이 증가하고 있는 보안 운영체제를 위한 접근제어에 대해 기술하고 이 접근제어를 FreeBSD 에 구현한 것에 대해 설명한다. 강제적 접근제어(MAC), 신분 기반 접근제어(DAC), 그리고 역할기반 접근제어(RBAC) 과 같은 접근제어 정책들을 안전한 FreeBSD 운영체제를 위해 접근제어 정책으로 사용하였다. MAC 과 ACL 의 구현은 POSIX1003.le 의 표준에 기준 하였고 RBAC 의 구현은 NIST의 표준을 기준으로 하였다. 강제적 접근제어는 군기관이나 정부 기관의 보안 요구사항들을 만족시켜주지만 보안관리 측면에서는 유동적이지 못한 면이 있다. 반면에 역할기반 접근제어는 상업적 접근제어 정책 요구 사항들을 만족시켜주는 정책으로 유동적이고 다양한 보안 관리 정책의 요구사항들을 만족 시켜준다.

  • PDF

Mandatory Access Control for Android Application Security (안드로이드 애플리케이션 보안 강화를 위한 강제적 접근 제어 기법)

  • Na, June-sung;Kim, Do-Yun;Pak, Wooguil;Choi, Young-June
    • Journal of KIISE
    • /
    • v.43 no.3
    • /
    • pp.275-288
    • /
    • 2016
  • In this paper, we investigate the security issues of the Android platform which dominates the global market of smart mobile devices. The current permission model for Android security is not powerful and has two problems. One is the coarse-grained relationship between permissions and methods which require them. The other is that mobile users do not have rights to control the permissions of the application. To solve these problems, we propose MacDroid which can control the platform's resources for accessing installed applications. Users can control the application's behavior via MacDroid's policy. We have divided the permission set into method units. The results of the performance test using a pure Android platform show that our proposed scheme can improve security within a short time.

Security Improvement of File System Filter Driver in Windows Embedded OS

  • Seong, Yeon Sang;Cho, Chaeho;Jun, Young Pyo;Won, Yoojae
    • Journal of Information Processing Systems
    • /
    • v.17 no.4
    • /
    • pp.834-850
    • /
    • 2021
  • IT security companies have been releasing file system filter driver security solutions based on the whitelist, which are being used by several enterprises in the relevant industries. However, in February 2019, a whitelist vulnerability was discovered in Microsoft Edge browser, which allows malicious code to be executed unknown to users. If a hacker had inserted a program that executed malicious code into the whitelist, it would have resulted in considerable damage. File system filter driver security solutions based on the whitelist are discretionary access control (DAC) models. Hence, the whitelist is vulnerable because it only considers the target subject to be accessed, without taking into account the access rights of the file target object. In this study, we propose an industrial device security system for Windows to address this vulnerability, which improves the security of the security policy by determining not only the access rights of the subject but also those of the object through the application of the mandatory access control (MAC) policy in the Windows industrial operating system. The access control method does not base the security policy on the whitelist; instead, by investigating the setting of the security policy not only for the subject but also the object, we propose a method that provides improved stability, compared to the conventional whitelist method.

A Role-Based Access Control Model ensuring Confidentiality and Integrity (비밀성과 무결성을 보장하는 역할기반 접근제어모델)

  • Byun Chang-Woo;Park Seog
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.3
    • /
    • pp.13-29
    • /
    • 2005
  • An important characteristic of role-based access control model(RBAC) is that by itself it is policy neutral. This means RBAC articulates security policy without embodying particular security policy. Because of this reason, there are several researches to configure RBAC to enforce traditional mandatory access control(MAC) policy and discretionary access control(DAC) policy. Specifically, to simulate MAC using RBAC several researches configure a few RBAC components(user, role, role-hierarchy, user-role assignment and session) for keeping no-read-up rule and no-write-down rule ensuring one-direction information flow from low security level to high security level. We show these researches does not ensure confidentiality. In addition, we show the fact that these researches overlook violation of integrity due to some constraints of keeping confidentiality. In this paper we propose a RBAC model satisfying both confidentiality and integrity. We reexamine a few RBAC components and constructs additional constraints.

Security Model Design based on MAC and RBAC Graph (강제적 접근방식과 역할기반 접근제어 그래프를 기반으로 한 보안모델 설계)

  • Park, Ki-Hong;Kim, Ung-Mo
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2001.04a
    • /
    • pp.27-30
    • /
    • 2001
  • 일반적인 운영체제의 보안과 마찬가지로 데이터베이스에서도 보안의 중요성은 강조되고 있다. 다중등급을 가지고 있는 데이터베이스에서 상위등급의 사용자가 사용하는 상위등급 데이터가 하위등급의 사용자가 사용하는 하위등급 데이터로 유입된다면 데이터의 무결성(integrity)이 깨지게 되어 데이터베이스뿐만 아니라 시스템 전체의 보안도 위협받게 된다. 본 연구에서는 대량의 데이터베이스 환경에서 다양한 보안등급을 가지고 있는 사용자가 다양한 등급을 가지고 있는 데이터베이스에 접근할 때 이를 강제적 접근제어(MAC:Mandatory Access Control)와 역할기반 접근제어(RBAC:Role-Based Access Control) 그래프를 이용해 사용자 보안등급에 따른 접근과 상위등급의 데이터가 하위등급으로 유출되지 않도록 이를 효율적으로 관리하고 제어할 수 있는 보안 모델을 제시하는데 중점을 두었다.

  • PDF