Liang Cheng,Yang Zhang,Zhihui Han,Yi Deng,Xiaoshan Sun,Dengguo Feng

DOI: https://doi.org/10.1016/j.cose.2014.05.001

IF: 5.105

2014-01-01

Computers & Security

Abstract:Access control mechanisms (ACMs) have been widely used by operating systems (OSes) to protect information security. However, it is often challenging to evaluate and compare the quality of protection (QoP) of ACMs, especially when they are deployed on different OS platforms. This article presents an approach to quantitatively measure and compare the quality of ACMs, which provides useful information to support OS administrators and users to choose ACMs that fit with their security needs.We introduce the notion of vulnerability profiles to capture the weakness of ACMs in protecting against malicious attacks, based on which vulnerability coefficients are computed as the numeric and platform-independent measurement of the QoP of ACMs. The approach combines the grey system theory and an independent vulnerability scoring system to infer complete vulnerability profiles and to calculate fair and objective vulnerability coefficients for ACMs. We implement a prototype called ACVAL based on the approach, and apply it to four mainstream ACMs. The results show that ACVAL is effective in evaluating and comparing ACMs across different OSes, a feature particularly useful to administrators of heterogeneous IT systems. To the best of our knowledge, our approach is the first to quantitative measurement and comparison of ACMs across OSes. (C) 2014 Elsevier Ltd. All rights reserved.

Yang Cao,Yunwei Dong,Xiaomin Wei,Xiao Wu

DOI: https://doi.org/10.1109/QRS-C.2019.00080

2019-01-01

Abstract:In the system architecture design phase, there may be flaws introduced by the access control design. The flaws make the system design vulnerable. Vulnerabilities that are not detected during the design phase will be taken to the subsequent phases of the system development. This reduces system security and leads to more repair cost. In order to detect the access control flaws in the design phase as early as possible, we propose the security analysis method using Architecture Analysis and Design Language (AADL). This method analyzes the access control policies between components. It can analyze and detect the access control flaws in the AADL architecture model. For describing the access control policies, vulnerability model annex is created. We use a case study, based on a module from an aircraft intelligent information system, to introduce the application of modeling and analysis methods.

LI Hong-jiao,LI Jian-hua,ZHU Hong-wen

DOI: https://doi.org/10.3321/j.issn:1006-2467.2005.08.021

2005-01-01

Abstract:A new access control method,called Multi-policy Access Control Model(MACM),was proposed by analyzing the limitations of single security model and the security requirements of electronic government applications.The new method makes use of virtues of single security model,and at the same time the system's reliability and availability are taken into account. The formal description of the new method was given and its implementation on Linux kernel was investigated.The performance tests show that there is little overhead introduced by the method.

LI Bo,HUANG Dong-jun

DOI: https://doi.org/10.3969/j.issn.1006-8937-B.2006.04.001

2006-01-01

Abstract:The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.

Yongzheng Zhang,Binxing Fang,Xiaochun Yun

DOI: https://doi.org/10.3321/j.issn:1002-0470.2007.04.001

2007-01-01

Abstract:On the basis of the previous research work, this paper combines the index-based micro-analysis with the risk sum based macro-analysis to propose an integrated method for quantitative assessment of mainstream operating systems security vulnerabilities, and evaluates 1081 vulnerabilities related to six versions of three mainstream operating systems Windows NT, RedHat Linux and Solaris. This method can be used to effectively analyze the influences of the evolution of the operating systems on their security and compare the security status of the systems from various aspects on various levels.

Jun Zhu,Bill Chu,Heather Richter Lipford,Tyler Thomas

DOI: https://doi.org/10.1145/2752952.2752976

2015-01-01

Abstract:ABSTRACTAccess control vulnerabilities due to programming errors have consistently ranked amongst top software vulnerabilities. Previous research efforts have concentrated on using automatic program analysis techniques to detect access control vulnerabilities in applications. We report a comparative study of six open source PHP applications, and find that implicit assumptions of previous research techniques can significantly limit their effectiveness. We propose a more effective hybrid approach to mitigate access control vulnerabilities. Developers are reminded in-situ of potential access control vulnerabilities, where self-review of code can help them discover mistakes. Additionally, developers are prompted for application-specific access control knowledge, providing samples of code that could be thought of as static analysis by example. These examples are turned into code patterns that can be used in performing static analysis to detect additional access control vulnerabilities and alert the developer to take corrective actions. Our evaluation of six open source applications detected 20 zero-day access control vulnerabilities in addition to finding all access control vulnerabilities detected in previous works.

JeeHyun Hwang,Tao Xie,Vincent Hu,Mine Altunay

DOI: https://doi.org/10.1109/POLICY.2010.22

2010-01-01

Abstract:Access control mechanisms are a widely adopted technology for information security. Since access decisions (i.e., permit or deny) on requests are dependent on access control policies, ensuring the correct modeling and implementation of access control policies is crucial for adopting access control mechanisms. To address this issue, we develop a tool, called ACPT (Access Control Policy Testing), that helps to model and implement policies correctly during policy modeling, implementation, and verification.

Jin Shi,Guangwei Hu,Mingxin Lu,Li Xie

DOI: https://doi.org/10.1109/ISME.2010.156

2010-01-01

Abstract:Traditional network security assessment technologies are usually qualitative analyses from large variation of security factors. It is difficult to guide security managers to configure network security mechanisms. A new network security quantitative analysis method called ACRL is presented in this paper. It assesses attack sequences from credibility, risk and the loss of system and provides the assessment values to security managers. It can assess the network security mechanisms and measures in position and can help security managers adjust the corresponding security mechanisms and choose the response methods against attacks in detail. An experiment of our method shows favorable and promising results.

DING Hongda,ZENG Qingkai,BAO Bixian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.01.056

2007-01-01

Abstract:Test and validation of access control is a crucial part of the security evaluation of the system.A testing approach by extending GFAC is proposed,automatically to test the access control service according to requirements of security evaluation based on common criteria.The implementation of testing on Linux+RSBAC demonstrates the approach available.

高亮,张斌,蔡力钢,刘向军

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.08.035

2004-01-01

Abstract:Effective control of access for resource is key to make users work collaboratively.It is also important to ensure information security.Having analyzed traditional access control technologies,a new access control model,eXtensible Access Control Model (XACM),is proposed in this paper.An extensible access control system based on XACM is successfully implemented for control of access to information in Tongda Group's workflow-based office automation system.It proves the characteristics of XACM such as flexibility and generalization.

Nuo Li,JeeHyun Hwang,Tao Xie

DOI: https://doi.org/10.1145/1390832.1390837

2008-01-01

Abstract:ABSTRACTMany Web applications enhance their security via access-control systems. XACML is a standardized policy language, which has been widely used in access-control systems. In an XACML-based access-control system, policies, requests, and responses are written in XACML. An XACML implementation implements XACML functionalities to validate XACML requests against XACML policies. To ensure the quality of an XACML-based access-control system, we need an effective means to test whether the XACML implementation correctly implements XACML functionalities. The test inputs of an XACML implementation are XACML policies and requests. The test outputs are XACML responses. This paper proposes an approach to detect defects in XACML implementations via observing the behaviors of different XACML implementations for the same test inputs. As XACML has been widely used, we can collect different XACML implementations, and test them with the same XACML polices and requests to observe whether the different implementations produce different responses. Based on the analysis of different responses, we can detect defects in different XACML implementations. We show the feasibility of the proposed approach with a preliminary study on three XACML implementations.

CHEN Hui,ZHOU Xue-Hai,CHEN Xiang-Lan

DOI: https://doi.org/10.3969/j.issn.1003-3254.2010.12.003

2010-01-01

Abstract:Security is always a hot topic with the development of computer technologies.Currently,mechanisms like active defense,detection and anti-detection are proposed.They could be implemented on different levels such as application-level and kernel-level in the system.We manage to go to the system-level.Linux owns mature security-enhanced version SELinux.For Windows,we focus on mandatory access control and propose a mechanism with improved efficiency,compatibility and stability.

Lianshan Sun,Gang Huang

DOI: https://doi.org/10.1016/j.sysarc.2010.11.001

IF: 5.836

2011-01-01

Journal of Systems Architecture

Abstract:Access control is a common concern in most software applications. In component-based systems, although developers can implement access control requirements (ACRs) by simply declaring role-based access control configurations (ACCs) of components, it is still difficult for them to define and evolve ACCs accurately implementing ACRs due to the gap between the complex high-level ACRs and the voluminous ACCs enforced by underlying middleware platforms, and the ad hoc mistakes of human. This paper introduces and clarifies the concept of accuracy of ACCs relative to ACRs, and presents a set of metrics and algorithms which can be used to automatically evaluate and improve accuracy of ACCs by evaluating and reconfiguring the software architecture with ACCs. We apply our achievements in a composed e-shop application.

Alan Raveling,Yanzhen Qu

DOI: https://doi.org/10.24018/ejece.2023.7.4.546

2023-07-12

European Journal of Electrical Engineering and Computer Science

Abstract:This paper has examined the application of the Common Vulnerability Scoring System applied to operational technology or industrial control system-based cybersecurity controls and demonstrated that the unique considerations and aspects of these environments are more accurately captured when compared against a traditional IT based evaluation. Multiple business drivers are compelling consumer goods manufacturers to augment and connect their manufacturing systems bringing with it increases in potential for experiencing a cybersecurity incident [1]. While other business verticals are able to utilize cybersecurity standards and control documents tailored for their industry, manufacturers do not have a set of materials that directly correlate to the operational technology environments in which their systems reside [2]. Cybersecurity practitioners face additional challenges in developing an understanding of the severity of the risks within these environments due to the lack of current quantifiable methods of evaluating the risks. The findings from this research provide cybersecurity practitioners with a repeatable and extensible method to derive the operational risk present to an organization due to the technologies and business strategies employed in the pursuit of business objectives.

Chen,Weili Han,Jianming Yong

DOI: https://doi.org/10.1109/cscwd.2010.5471991

2010-01-01

Abstract:XACML and its reference implementation can not directly support quantified risk adaptive access control, because there are several special requirements to specify and enforce the policies in risk adaptive access control: the elements in these policies, such as risk, risk level, are not covered; and risk in quantified risk adaptive access control would be mutable, accumulated and required to be continuously controlled. This paper, therefore, extends XACML and its reference implementation to support quantified risk adaptive access control. This paper makes two contributions: design a risk adaptive policy language extended from XACML; and propose a framework to enforce the policies. To the best of our knowledge, this paper is the first research work to discuss this topic.

Michael D. Iannacone,Robert A. Bridges

DOI: https://doi.org/10.48550/arXiv.1902.00053

2019-10-25

Abstract:Metrics and frameworks to quantifiably assess security measures have arisen from needs of three distinct research communities - statistical measures from the intrusion detection and prevention literature, evaluation of cyber exercises, e.g.,red-team and capture-the-flag competitions, and economic analyses addressing cost-versus-security tradeoffs. In this paper we provide two primary contributions to the security evaluation literature - a representative survey, and a novel framework for evaluating security that is flexible, applicable to all three use cases, and readily interpretable. In our survey of the literature we identify the distinct themes from each community's evaluation procedures side by side and flesh out the drawbacks and benefits of each. The evaluation framework we propose includes comprehensively modeling the resource, labor, and attack costs in dollars incurred based on expected resource usage, accuracy metrics, and time. This framework provides a unified approach in that it incorporates the accuracy and performance metrics, which dominate intrusion detection evaluation, the time to detection and impact to data and resources of an attack, favored by educational competitions' metrics, and the monetary cost of many essential security components used in financial analysis. Moreover, it is flexible enough to accommodate each use case, easily interpretable and comparable, and comprehensive in terms of costs <a class="link-external link-http" href="http://considered.Finally" rel="external noopener nofollow">this http URL</a>, we provide two examples of the framework applied to real-world use cases. Overall, we provide a survey and a grounded, flexible framework with multiple concrete examples for evaluating security which can address the needs of three currently distinct communities.

Cryptography and Security

Zhiyong Shan,Qiuyue Wang,Xiaofeng Meng

DOI: https://doi.org/10.1007/978-3-540-77086-2_3

2007-01-01

Abstract:Security threats to operating systems today largely come from network. Traditional discretionary access control mechanism alone can hardly defeat them. Although traditional mandatory access control models can effectively protect the security of OS, they have problems of application incompatibility and administration complexity. In this paper, we propose a new model, Suspicious-Taint-Based Access Control (STBAC) model, for defeating network attacks while maintaining good compatibility, simplicity and system performance. STBAC regards processes using Non-Trustable-Communications as starting points of suspicious taint, traces activities of the suspiciously tainted processes by taint rules, and forbids the suspiciously tainted processes to illegally access vital resources by protection rules. Even in the cases when some privileged processes are subverted, STBAC can still protect vital resources from being compromised by the intruder. We implemented the model in the Linux kernel and evaluated it through experiments. The evaluation showed that STBAC could protect vital resources effectively without significant impact on compatibility and performance.

H. T. Tian,Liusheng Huang,Z. Zhou,Yonglong Luo

DOI: https://doi.org/10.1109/ISPAN.2004.1300542

2004-01-01

Abstract:With the continuous flood of vulnerabilities of computers, vulnerability management is a very important task for administrators to keep systems as secure as possible. Facing numerous attackers armed with complicated, automated tools, current manual vulnerability management by administrators is so time-consuming, error-prone. Administrators also do need automated defensive tools. This paper proposes an open framework of automated vulnerability management that dramatically alleviates the burden of administrators and improves the security of systems. In this framework, we present three XML based markup languages, Common Vulnerability Markup Language (CVML), System Information Markup Language (SIML), Network System Markup Language (NSML) to express crucial information related to systems and vulnerabilities to facilitate automated exchange and processing. Host Vulnerability Managers (HVMs) running on the target host maintain the crucial system information in SIML, receive vulnerability advisories in CVML from various sources, decide what vulnerabilities exist, and try to fix vulnerabilities automatically if possible. Domain vulnerability managers (DVMs) are responsible for the vulnerability management in NSML of the local network. DVMs correlate reports from HVMs and scan for network-based vulnerabilities in this domain. We have implemented a prototype of the framework that shows the effectiveness and efficiency of our solution.

Vincent C. Hu,Evan Martin,JeeHyun Hwang,Tao Xie

DOI: https://doi.org/10.1109/compsac.2007.96

2007-01-01

Abstract:Access control is one of the most fundamental and widely used security mechanisms. Access control mechanisms control which principals such as users or processes have access to which resources in a system. To facilitate managing and maintaining access control, access control policies are increasingly written in specification languages such as XACML. The specification of access control policies itself is often a challenging problem. Furthermore, XACML is intentionally designed to be generic: it provides the freedom in describing access control policies, which are well-known or invented ones. But the flexibility and expressiveness provided by XACML come at the cost of complexity, verbosity, and lack of desirable-property enforcement. Often common properties for specific access control policies may not be satisfied when these policies are specified in XACML, causing the discrepancy between what the policy authors intend to specify and what the actually specified XACML policies reflect. In this position paper, we propose an approach for conducting conformance checking of access control policies specified in XACML based on existing verification and testing tools for XACML policies.

Evan Martin,Tao Xie

2006-01-01

Abstract:To facilitate managing access control in a system, access control policies are increasingly written in specification languages such as XACML. A dedicated software component called a Policy Decision Point (PDP) interprets the specified policies, receives access requests, and returns responses to inform whether access should be permitted or denied. To increase confidence in the correctness of specified policies, policy developers can conduct policy testing by supplying typical test inputs (requests) to the PDP and subsequently checking test outputs (responses) against expected ones. Unfortunately, manual testing is tedious and few tools exist for automated testing of XACML policies.In this paper, we present our work toward a framework for systematic testing of access control policies. The framework includes components for policy coverage definition and measurement, request generation, request evaluation, request set minimization, policy property inference, and mutation testing. This framework allows us to evaluate various criteria for test generation and selection, investigate mutation operators, and determine a relationship between structural coverage and fault-detection capability. We have implemented the framework and applied it to various XACML policies. Our experimental results offer valuable insights into choosing mutation operators in mutation testing and choosing coverage criteria in test generation and selection.