The functionality-based application confinement model

Z.C. Schreuders; C. Payne; T. McGill

doi:10.1007/s10207-013-0199-4

Back

The functionality-based application confinement model

Journal article

Open access

Peer reviewed

The functionality-based application confinement model

Z.C. Schreuders, C. Payne and T. McGill

International Journal of Information Security, Vol.12(5), pp.393-422

2013

DOI: https://doi.org/10.1007/s10207-013-0199-4

Files and links (2)

pdf

functionality-based_application_confinement_model.pdfDownload View

Author’s Version Open Access

url

Link to Published Version *Subscription may be requiredView

Abstract

This paper presents the functionality-based application confinement (FBAC) access control model. FBAC is an application-oriented access control model, intended to restrict processes to the behaviour that is authorised by end users, administrators, and processes, in order to limit the damage that can be caused by malicious code, due to software vulnerabilities or malware. FBAC is unique in its ability to limit applications to finely grained access control rules based on high-level easy-to-understand reusable policy abstractions, its ability to simultaneously enforce application-oriented security goals of administrators, programs, and end users, its ability to perform dynamic activation and deactivation of logically grouped portions of a process's authority, its approach to process invocation history and intersection-based privilege propagation, its suitability to policy automation techniques, and in the resulting usability benefits. Central to the model are 'functionalities', hierarchical and parameterised policy abstractions, which can represent features that applications provide; 'confinements', which can model simultaneous enforcement of multiple sets of policies to enforce a diverse range of types of application restrictions; and 'applications', which represent the processes to be confined. The paper defines the model in terms of structure (which is described in five components) and function, and serves as a culmination of our work thus far, reviewing the evaluation of the model that has been conducted to date.

Details

Title: The functionality-based application confinement model
Authors/Creators: Z.C. Schreuders (Author/Creator) - Leeds Beckett University
C. Payne (Author/Creator) - Murdoch University
T. McGill (Author/Creator) - Murdoch University
Publication Details: International Journal of Information Security, Vol.12(5), pp.393-422
Publisher: Springer Verlag
Identifiers: 991005540898907891
Murdoch Affiliation: School of Engineering and Information Technology
Language: English
Resource Type: Journal article

Metrics

220 File views/ downloads

124 Record Views

InCites Highlights

These are selected metrics from InCites Benchmarking & Analytics tool, related to this output

Collaboration types: Domestic collaboration; International collaboration
Citation topics: 4 Electrical Engineering, Electronics & Computer Science; 4.187 Security Systems; 4.187.1404 Malware Detection
Web Of Science research areas: Computer Science, Information Systems; Computer Science, Software Engineering; Computer Science, Theory & Methods
ESI research areas: Computer Science