Functionality-based application confinement: parameterised hierarchical application restrictions

Z.C. Schreuders; C. Payne

Back

Functionality-based application confinement: parameterised hierarchical application restrictions

Conference paper

Open access

Functionality-based application confinement: parameterised hierarchical application restrictions

Z.C. Schreuders and C. Payne

INSTICC Press

International Conference on Security and Cryptography (SECRYPT 2008) (Porto, Portugal, 26/07/2008–29/07/2008)

2008

Files and links (2)

pdf

functionality_based-application.pdfDownload View

Published (Version of Record) Open Access

url

Conference WebsiteView

Abstract

Traditional user-oriented access control models such as Mandatory Access Control (MAC) and Discretionary Access Control (DAC) cannot differentiate between processes acting on behalf of users and those behaving maliciously. Consequently, these models are limited in their ability to protect users from the threats posed by vulnerabilities and malicious software as all code executes with full access to all of a user's permissions. Application-oriented schemes can further restrict applications thereby limiting the damage from malicious code. However, existing application-oriented access controls construct policy using complex and inflexible rules which are difficult to administer and do not scale well to confine the large number of feature-rich applications found on modern systems. Here a new model, Functionality-Based Application Confinement (FBAC), is presented which confines applications based on policy abstractions that can flexibly represent the functional requirements of applications. FBAC policies are parameterised allowing them to be easily adapted to the needs of individual applications. Policies are also hierarchical, improving scalability and reusability while conveniently abstracting policy detail where appropriate. Furthermore the layered nature of policies provides defence in depth allowing policies from both the user and administrator to provide both discretionary and mandatory security. An implementation FBAC-LSM and its architecture are also introduced.

Details

Title: Functionality-based application confinement: parameterised hierarchical application restrictions
Authors/Creators: Z.C. Schreuders (Author/Creator)
C. Payne (Author/Creator)
Conference: International Conference on Security and Cryptography (SECRYPT 2008) (Porto, Portugal, 26/07/2008–29/07/2008)
Publisher: INSTICC Press
Identifiers: 991005544413207891
Copyright: Institute for Systems and Technologies of Information
Murdoch Affiliation: School of Information Technology
Language: English
Resource Type: Conference paper
Note: Published by INSTICC Press http://www.insticc.org

Metrics

303 File views/ downloads

103 Record Views