Ninghui Li, Ziqing Mao, and Hong Chen
Abstract:
Existing mandatory access control systems for operating systems (such as
Security Enhanced Linux) are difficult to use. We identify several principles
for designing usable access control systems and introduce the Usable Mandatory
Integrity Protection (UMIP) model that adds usable mandatory access control to
operating systems. The UMIP model is designed to preserve system integrity in
the face of network-based attacks. The usability goals for UMIP are
twofold. First, configuring a UMIP system should not be more difficult than
installing and configuring an operating system. Second, existing applications
and common usage
practices can still be used under UMIP. UMIP has several novel features to
achieve these goals. For example, it introduces several concepts for expressing
partial trust in programs. Furthermore, it leverages information in the existing
discretionary access control mechanism to derive file labels for mandatory
integrity protection. We also discuss our implementation of the UMIP model for
Linux using the Linux Security Modules framework, and show that it is simple to
configure, has low overhead, and effectively defends against a number of
network-based attacks.
Reference:
In Proceedings of IEEE Symposium on Security and Privacy, Berkeley, California, May 2007, IEEE Computer Society Press, pp.164--178.
Paper: (Paper in PDF)