CHEN Hui,ZHOU Xue-Hai,CHEN Xiang-Lan

DOI: https://doi.org/10.3969/j.issn.1003-3254.2010.12.003

2010-01-01

Abstract:Security is always a hot topic with the development of computer technologies.Currently,mechanisms like active defense,detection and anti-detection are proposed.They could be implemented on different levels such as application-level and kernel-level in the system.We manage to go to the system-level.Linux owns mature security-enhanced version SELinux.For Windows,we focus on mandatory access control and propose a mechanism with improved efficiency,compatibility and stability.

MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

Yutian Yang,Jinjiang Tu,Wenbo Shen,Songbo Zhu,Rui Chang,Yajin Zhou

DOI: https://doi.org/10.1109/tdsc.2023.3334268

2024-01-01

Abstract:Nowadays, code reuse attacks impose a substantial threat to the security of operating system kernels. Control-flow graph-based CFI techniques, while effective, bring considerable performance overhead, thus limiting their practical adoption in real-world products. As an alternative approach, recent research suggests safeguarding the integrity of sensitive pointers as a countermeasure against manipulation attempts. Unfortunately, existing pointer integrity protection schemes only protect sensitive pointers partially and ignore assembly code, leaving protection gaps. To fill up these protection gaps, we propose a novel security concept named full life-cycle integrity , which enforces the integrity of a sensitive pointer at every step on its value flow chain. To realize full life-cycle integrity, we propose three novel techniques, including assembly-aware sensitivity for analyzing assembly code, Merkle PAC tree for protecting interrupt context securely and efficiently, and pointer-grained authentication for defeating spatial substitution attacks. We have developed a practical implementation of comprehensive life-cycle integrity for the Linux kernel, called ”kernel Code Pointer Authentication” (kCPA), which leverages the ARM Pointer Authentication (PAuth) mechanism. This implementation has been extended to the Apple M1 architecture for real-world evaluation on PAuth hardware. Our assessment demonstrates that kCPA effectively mitigates a range of real-world attacks while incurring a minimal 2.5% performance overhead for the Phoronix Test Suite and nearly negligible performance impact for SPEC2017 benchmarks.

YX Jiang,CC Lin,H Yin,ZX Tan

DOI: https://doi.org/10.1109/icsmc.2004.1400987

2004-01-01

Abstract:Mandatory access control (MAC) model is an important security model. Based on the lattice model of security level and Bell-LaPadula model the definition of MAC security model is formally described in detail. The equivalent MAC security model described by colored Petri nets (CPN) is proposed. According to the state reachability graph, four security properties of MAC security model, i.e. the access temporal relations, the reachability of objects when subject accesses them, hidden security holes due to the dynamic security level, the indirect reasoning of confidential information flow between different objects, are explored at length. In addition, an example of the security model is illustrated and the conclusions show that the security model based on Petri nets is not only a concise graphic analysis method, but also suited to be formally verified. This model can efficiently improve the whole security policies during the system security design and implementation.

Zhou Qiang,Li Shanping

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.10.033

2007-01-01

Abstract:A design of user mode file system based on Linux is introduced.A kernel module and a user mode daemon are adopted.The user mode file system can improve the flexibility of file system,and it is easy for redevelopment.The detailed issues about the design are presented,and the practical example and application scope are proposed.

王少平,李善平

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.041

2004-01-01

Abstract:This paper comes up with an innovative idea: Non Executable Directory in Linux/UNIX environment.It helps promoting the safety of UNIX/Linux system by preventing attackers with ordinary rights from running evil programs (exploits, etc) in the system. At the game time,ordinary users working with Non Executable Directories still can run programs already in the system to finish their works.

Diming Zhang,Liangqiang Chen,Fei Xue,Hao Wu,Hao Huang

DOI: https://doi.org/10.1007/978-3-319-69659-1_19

2017-01-01

Abstract:Mobile security has become increasingly important in mobile computing, hence mandatory access control (MAC) systems have been widely used to protect it. However, malicious code in the mobile system may have significantly impact to the integrity of these MAC systems by forcing them to make the wrong access control decision, because they are running on the same privilege level and memory address space. Therefore, for a trusted MAC system, it is desired to be isolated from the malicious mobile system at runtime. In this paper, we propose a trusted MAC isolation framework called T-MAC to solve this problem. T-Mac puts the MAC system into the enclave provided by the ARM TrustZone so as to avert the direct impact of the malicious code on the access decision process. In the meanwhile, T-MAC provides a MAC supplicant client which runs in the mobile system kernel to effectively lookup policy decisions made by the back-end MAC service in the enclave and to enforce these rules on the system with trustworthy behaviors. Moreover, to protect T-MAC components that are not in the enclave, we not only provide a protection mechanism that enables TrustZone to protect the specific memory region from the compromised system, but establish a secure communication channel between the mobile system and the enclave as well. The prototype is based on SELinux, which is the widely used MAC system, and the base of SEAndroid. The experimental results show that SELinux receives enough protection, and the performance degradation that ranges between 0.53% to 7.34% compared to the original by employing T-MAC.

ZHENG Lan,CHEN Qi

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.07.058

2005-01-01

Abstract:With the rapid growth of internet and enterprises on a global scale, the use of directories as accessible repositories providesa flexible and various solution for gathering, storage and accessing information. The design and implementation of an unified accesscontrol system supporting single-sign-on areintrodueed, whichis based on LDAPdirectory and combines access controls ofall applicationsystems to realize security access system of unified users management. The system used middleware technology to efficiently resolvethe bottleneck problem when a lot of users accesed LDAP database.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Wenhui Zhang,Trent Jaeger,Peng Liu

DOI: https://doi.org/10.48550/arXiv.2101.11611

2021-01-27

Cryptography and Security

Abstract:Over the years, the complexity of the Linux Security Module (LSM) is keeping increasing, and the count of the authorization hooks is nearly doubled. It is important to provide up-to-date measurement results of LSM for system practitioners so that they can make prudent trade-offs between security and performance. This work evaluates the overhead of LSM for file accesses on Linux v5.3.0. We build a performance evaluation framework for LSM. It has two parts, an extension of LMBench2.5 to evaluate the overhead of file operations for different security modules, and a security module with tunable latency for policy enforcement to study the impact of the latency of policy enforcement on the end-to-end latency of file operations. In our evaluation, we find opening a file would see about 87% (Linux v5.3) performance drop when the kernel is integrated with SELinux hooks (policy enforcement disabled) than without, while the figure was 27% (Linux v2.4.2). We found that performance of the above downgrade is affected by two parts, policy enforcement and hook placement. To further investigate the impact of policy enforcement and hook placement respectively, we build a Policy Testing Module, which reuses hook placements of LSM, while alternating latency of policy enforcement. With this module, we are able to quantitatively estimate the impact of the latency of policy enforcement on the end-to-end latency of file operations by using a multiple linear regression model and count policy authorization frequencies for each syscall. We then discuss and justify the evaluation results with static analysis on our enhanced syscalls' call graphs.

Yi-xin JIANG,Chuang LIN,Fu-jun FENG,Hao YIN

DOI: https://doi.org/10.3969/j.issn.1004-731X.2005.z1.019

2005-01-01

Abstract:Mandatory Access Control (MAC) Model is an important security model. Based on the lattice model of multi-level security and Bell-LaPadula model, the definition of MAC security model is formally described in detail. Subsequently, the equivalent MAC security model described by Colored Petri Nets is proposed. According to the state reachability graph, four security properties of MAC security model, i.e. the access temporal relations, the reachability of objects when subject accesses them, hidden security holes due to the dynamic security level, the indirect reasoning of confidential information flow between different objects, are explored at length. In addition, an example of the security model is illustrated and the conclusions show that the security model based on Petri Nets is not only a concise graphic analysis method, but also suited to be formally verified. This model can efficiently improve the overall security policies during the system security design and implementation.

徐辉,潘爱民

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.11.052

2004-01-01

Abstract:An enhanced security auditing mechanism for Linux is proposed.This mechanism is based on loadable kernel mo-(dule) and provides system level and application level auditing functions.System audit generates an audit record for every security sensitive system call.Application level audit abandons the traditional auditing fashion that auditing system completely depends on applications writing log file in user space.Instead,applications and system kernel will generate audit record coordinately.Examples are given for intrusion detection with this mechanism.

LI Li-ping,QING Si-han,HE Ye-ping,SHEN Qing-ni

DOI: https://doi.org/10.3321/j.issn:1000-436x.2006.02.016

2006-01-01

Abstract:In order to solve the problems of policy reusability and policy co-existence in LSM,a new security architecture ELSM is proposed.It introduced Model Combiner as main module to implement module stack management and module decision management.Module decision is based on access control space as policy specification for general support.The design of ELSM and the analysis of its implementation in Ansheng OS prove its effectiveness.

Yong Luo

2007-01-01

Abstract:Discretionary access control(DAC) is one of the basic security mechanisms of secure operating system.Traditional file permissions can not meet high level secure operating system's requirements to DAC.Design and implementation of DAC mechanism based on ACL is researched.And three important enhancements are proposed and implemented.

王凯,陆骏,茅兵

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.06.057

2004-01-01

Abstract:The paper analysises the concept of access control based on the privilege of program,and proposes a model of this access control according to the three dimension access model,then introduces it’s prototype implementation in Linux,which is a part of the security enhanced system based on Linux designed by the computer science department of Nanjing university.

Rui Chang,Liehui Jiang,Wenzhi Chen,Hong-qi He,Shuiqiao Yang,Hang Jiang,Wei Liu,Yong Liu

DOI: https://doi.org/10.1002/cpe.4180

2018-01-01

Abstract:This paper discusses security issues on the user equipment, which is the last mile of social networks. One of the main Achilles' heel of social networks is not the organization of networks themselves, but the user devices, typically Android ones. The existing system of privileges makes it easy to infiltrate the network via applications installed on users' devices. Conventional signature-based and static analysis methods are vulnerable. Access to privacy- and security-relevant parts of the application programming interface is controlled by the corresponding permission in a manifest file. While requesting access to permissions, it may offer opportunities to malicious codes, which will cause security issues. Few works among permission analysis, however, pay attention to the prevention of permission leakage on both hardware and software frameworks. In this paper we tackle the challenge of providing our multilayered permission-based security extension scheme on Android platforms. We propose a usage and access control model and an effective method of preventing permission leakage based on ARM TrustZone security extension mechanism. In contrast to previous work, the proposed security architecture provides a permission-based mandatory access control on Android middleware, Linux kernel, and hardware layers. The evaluation results demonstrate the effectiveness of the proposed scheme in mitigating permission leakage vulnerabilities.

GONG Li-min,LI Tian-ning,MAO Bing,XIE Jun-yuan

DOI: https://doi.org/10.3969/j.issn.1001-3695.2001.04.011

2001-01-01

Abstract:In this paper, we narrate the structure and implement of message queue, share memory and semaphore, and then introduce our model for mandatory access control which guarantees higher security property of Linux system.

Vincent C. Hu,D. Richard Kuhn,Tao Xie,Jeehyun Hwang

DOI: https://doi.org/10.1142/s021819401100513x

IF: 1.007

2011-01-01

International Journal of Software Engineering and Knowledge Engineering

Abstract:Mandatory access control (MAC) mechanisms control which users or processes have access to which resources in a system. MAC policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification of the policies is a very challenging problem. To formally and precisely capture the security properties that MAC should adhere to, MAC models are usually written to bridge the rather wide gap in abstraction between policies and mechanisms. In this paper, we propose a general approach for property verification for MAC models. The approach defines a standardized structure for MAC models, providing for both property verification and automated generation of test cases. The approach expresses MAC models in the specification language of a model checker and expresses generic access control properties in the property language. Then the approach uses the model checker to verify the integrity, coverage, and confinement of these properties for the MAC models and finally generates test cases via combinatorial covering array for the system implementations of the models.

Zhiyong Tan,Duo Liu,Xuejun Zhuo,Yiqi Dai,Laurence T. Yang

DOI: https://doi.org/10.1007/s11227-011-0732-z

IF: 3.3

2013-01-01

The Journal of Supercomputing

Abstract:This paper presents the design and implementation features of Centralized Pervasive Computing Environment/Multilevel Security (CPCE/MLS), a multilevel security (MLS) system in pervasive computing environment deployed in Local area network (LAN) with a Mandatory Access Control (MAC) mechanism. By introducing the server-storage terminals and implementing the multilevel security access control mechanism based on the Bell---LaPadula model, process creation supervision, and an auditing mechanism, the CPCE/MLS system is able to provide the security guarantee of the whole computing environment. As such, each terminal is controlled under an integrated security policy. The performance test results show that the CPCE/MLS system, without optimization, generates great overhead but achieves significantly better performance after the cache mechanism is added in the monitor agent and in the hook driver. The system with the hook driver cache mechanism is able to achieve the 95.9% throughput of the native system with 8 K and 16 K requested data blocksize.

Gaoshou Zhai,Jie Zeng,Miaoxia Ma,Liang Zhang

DOI: https://doi.org/10.1109/isa.2008.61

2008-01-01

Abstract:Nowadays, technologies of information security have been attached more and more importance to and it's a critical problem to take measures to ensure the reliability of related trustworthy software such as secure operating systems (SOSs). Thereafter, it's always necessary for such systems to be taken complete and rigorous security test and evaluation among development team and/or by third-party security certification organization. However, such software testing is usually time consuming, cost consuming and boresome and thus technologies of software testing automation have alluring application foreground in that field. In this paper, methods and technologies about how to test a SOS automatically are discussed in breadth and in depth at first. Then least privilege is studied and the corresponding modules of security enhancement are added to Linux based on Linux Kernel Modules (LKM). Finally, a prototype of automatic security testing as to such least privilege mechanism is implemented and the results are analyzed.