SHEN Qing-ni,QING Si-han,HE Ye-ping,LI Li-ping

DOI: https://doi.org/10.3321/j.issn:0372-2112.2006.10.012

2006-01-01

Abstract:Least privilege mechanism can provide a reasonable degree of security assurance for secure operating systems.This paper described a framework for implementing dynamically modified least privilege security policy,which combined role's duty separation property and domain's function separation property.Under the control of its new capability mechanism based on a process's executable image,current role and current domain,it restricted the process to the minimum amount of privileges within these contexts.This paper illustrated its implementation in ANSHENG OS v4.0,a copyrighted secure operating system satisfying all the specified requirements of Criteria class 4,"Structured-Protection",in GB17859-1999(equally,the B2 level in TCSEC) in China.Thus it demonstrates that this framework can help enforcing dynamically least privilege control on a secure operating system,while still providing a flexible efficient system.

Sihan Qing,Qingni Shen,Qingguang Ji,Yeping He

DOI: https://doi.org/10.1109/iaw.2006.1652115

2006-01-01

Abstract:Trusted systems typically include trusted processes which possess special privileges. Such privileges can circumvent certain security checks but should be used in a controlled manner. This paper proposes a privilege control policy called DMPC (Dynamically Modified Privilege Control). It has two components: a hybrid privilege control model and a new POSIX (Port-able Operating System Interface) capability inheritance algorithm. The privilege control model in DMPC is a combination of Role Based Access Control (RBAC), Domain and Type Enforcement (DTE) and POSIX capability mechanism while the capability inheritance algorithm serves as an engine to effectively enforce the hybrid privilege control model on a secure operating system. The DMPC's design has given a high priority to supporting least privilege to a finer level of granularity on trusted systems. Additional (sub-) goals for the DMPC policy are: realizing separation of duties among privileged users, achieving separation of trusted functions from untrusted ones and providing a flexible and dynamically mediated capability mechanism. We show that RBAC alone is insufficient to enforce the principle of least privilege in a dynamic context, and that DTE and POSIX capability mechanism can successfully be conjugated with RBAC for this purpose. We also describe an implementation of the DMPC policy on a real system and report on experimental results.

JIANG Li,CHEN Jian,PING Ling-di,CHEN Xiao-ping

DOI: https://doi.org/10.3785/j.issn.1008-973x.2010.05.004

2010-01-01

Abstract:In multithreaded environment,sensitive information is often deliberately released by many real applications and sometimes information needs to become more confidential. In order to address this situation,a security policy was defined in the style of strong bisimulation equivalence,which can handle both information leaking and erasing. The policy controls what information is released and guarantees that attackers cannot exploit information releasing mechanisms to reveal more sensitive data than intended. Moreover,it ensures that public data after erasing cannot be abused by attackers. Then a secure transforming type system was proposed to enforce the security policy by using the cross-copying technique,which can eliminate internal timing covert channels resulting from the interplay between different threads. The transforming type system can transform an insecure program into a secure one,trying to close information leaks. The secure program has the same structure as the original program and models the same timing behavior. Finally,the soundness of the type system was proved with respect to the operational semantics. Results indicate that if a program can be transformed according to typing rules,the resulting program satisfies the security policy.

MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

Zhiqiang Lin,Chao Wang,Bing Mao,Li Xie

DOI: https://doi.org/10.1145/1075395.1075397

2005-01-01

Abstract:As the fundamental software to guarantee information security, operating system is desired to support various security policies flexibly and to control the propagation and revocation of access rights efficiently. This paper presents a design and implementation of Policy Flexible Architecture (PFA) for secure operating system to achieve the coordination, extensibility, consistency and dynamic configuration of security policies. Through a thorough analysis of all related facilities, PFA classifies policy constructions into several levels according to their effects on security status; PFA emphasizes on centralized management of security policy as well as on centralized maintainability of security attributes; for the first time PFA gives revocation rules to specify how and when to revoke permissions. PFA has been applied to our Secure Enhanced Linux Operating System, and the experiment shows that the system holds at least three advantages. First, it helps users to choose intended security policies flexibly. Besides it supports users to add new security policies according to specific security requirements easily. Finally it sets permission revocations immediately and gets no significant performance penalty.

Zhihui Han,Liang Cheng,Yang Zhang,Dengguo Feng

DOI: https://doi.org/10.1007/978-3-319-17533-1_1

2015-01-01

Abstract:An operating system relies heavily on its access control mechanism to defend against various attacks. The complexities of modern access control mechanisms and the scale of possible configurations are often overwhelming to system administrators and software developers. Therefore, misconfigurations are very common and the security consequences are serious. It is very necessary to detect and eliminate these misconfigurations. We propose an automated and systematic approach to address how to correct the misconfigurations based on capability dependency graph generating and MaxSAT solving. Given the attacker's initial capabilities, we first automatically generate a capability dependency graph to describe attacker's potential capabilities and the dependency relationships among these capabilities. Based on the capability dependency graph, we then develop a solution to automate the task of hardening operating system security policy against multi-step attacks resulting from misconfigurations. In this solution, we first represent each capability obtained by an attacker as a propositional logic formula of initial conditions, and then transfer the policy hardening problem to a MaxSAT problem. Finally, we present a notation called normal capability loss to aid an administrator to select an optimal hardening solution leading to minimum system usability loss. We apply our approach to analyze misconfigurations in Ubuntu10.04 shipped with SELinux and study an attack case to evaluate the effectiveness of our approach.

訾小超,茅兵,曾庆凯,谢立

2004-01-01

Abstract:Security requirements' diversity demands the flexibility and scalability of security policy, but traditional operating systems implement security policies in many components so that it is difficult to meet the needs. A policy-flexible system framework is brought forward through the analysis of all the facilities related to security policy in the system, and this framework is implemented based on Linux. Compared with the previous researches, the framework simplifies policies conflict mediating by centralized management of security attributes. So this framework can support users in configuring security policies flexibly, and add new security policies based on new security attributes according to security requirements in their fields.

Jiang Lan,Gu Chunhua

DOI: https://doi.org/10.1109/csa.2013.16

2013-01-01

Abstract:To protect data users stored on cloud platform, a new access control method that combines Oakley algorithm and a hierarchical scheme by privilege was proposed. CP-ABE algorithm, Oakley protocol and hierarchical management by privilege were integrated creatively to a new effective and secure access control model (OHB-model). The proposed scheme supported user dynamic topology changes. It could be used for hierarchical access control on cloud platform. Through the theoretical analysis and experimental verification, the security vulnerabilities could be solved effectively.

Zheng Wang,Yanan Jin,Shasha Yang,Jianmin Han,Jianfeng Lu

DOI: https://doi.org/10.1109/access.2021.3072635

IF: 3.9

2021-01-01

IEEE Access

Abstract:Cross-IoT infrastructure access frequently occurs when performing tasks in a distributed computing infrastructure of a cyber-physical system (CPS). The access control technology that ensure secure access cross-IoT infrastructure usually automatically establish relationships between user-attribute/role-permission. How to efficiently determine whether an automatic authorization access control state satisfies the safety and availability requirements of a system is a huge challenge. Existing work often focuses on a single aspect of safety or availability, while ignoring the differences between permissions and the differences between users. In this paper, we first propose a fine-grained personalization policy that takes into account the specificity of permissions/users and describes the safety, availability and efficiency requirements of an access control system in CPS. Second, we define a Personalization Policy Checking (PPC) Problem to determine whether a given personalization policy is satisfied in an access control state. We give the computational complexity of the PPC problem in different subcases, and show that it is NP-complete in general. Third, we design a binary genetic search algorithm, whose improvements mainly include continuous update and selection of the best chromosomes in the population for iteration, and exploring and determining the optimal crossover and mutation probabilities, thereby improving the convergence efficiency of the algorithm. Finally, simulation results show the effectiveness of our proposed algorithm, which is especially fit for the case that the computational overhead is even more important than the accuracy in a large-scale CPS system.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yutian Yang,Jinjiang Tu,Wenbo Shen,Songbo Zhu,Rui Chang,Yajin Zhou

DOI: https://doi.org/10.1109/tdsc.2023.3334268

2024-01-01

Abstract:Nowadays, code reuse attacks impose a substantial threat to the security of operating system kernels. Control-flow graph-based CFI techniques, while effective, bring considerable performance overhead, thus limiting their practical adoption in real-world products. As an alternative approach, recent research suggests safeguarding the integrity of sensitive pointers as a countermeasure against manipulation attempts. Unfortunately, existing pointer integrity protection schemes only protect sensitive pointers partially and ignore assembly code, leaving protection gaps. To fill up these protection gaps, we propose a novel security concept named full life-cycle integrity , which enforces the integrity of a sensitive pointer at every step on its value flow chain. To realize full life-cycle integrity, we propose three novel techniques, including assembly-aware sensitivity for analyzing assembly code, Merkle PAC tree for protecting interrupt context securely and efficiently, and pointer-grained authentication for defeating spatial substitution attacks. We have developed a practical implementation of comprehensive life-cycle integrity for the Linux kernel, called ”kernel Code Pointer Authentication” (kCPA), which leverages the ARM Pointer Authentication (PAuth) mechanism. This implementation has been extended to the Apple M1 architecture for real-world evaluation on PAuth hardware. Our assessment demonstrates that kCPA effectively mitigates a range of real-world attacks while incurring a minimal 2.5% performance overhead for the Phoronix Test Suite and nearly negligible performance impact for SPEC2017 benchmarks.

Cong Li,Qingni Shen,Zhikang Xie,Jisheng Dong,Xinyu Feng,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1016/j.ins.2022.08.014

IF: 8.1

2022-01-01

Information Sciences

Abstract:Hierarchical-authority attribute-based encryption (HABE) can resolve the performance bottleneck of the key generation center in the traditional attribute-based encryption (ABE) system. HABE has numerous applications, such as cloud computing and smart grid systems. Nevertheless, almost all of the existing HABE schemes are in the ciphertext-policy setting and do not support non-monotonic access structures. In this work, we propose the first key-policy hierarchical-authority ABE with non-monotonic access structures, dubbed KP-HABE-NMaCS, which supports the authority key delegation, constant size ciphertexts and the large universe simultaneously. We further define the security model of KP-HABE-NMaCS and prove the selective security of it in the standard model. Then we optimize our scheme to realize the outsourced decryption. Subsequently, we present the detailed theoretical analysis of our constructions and the existing HABE constructions in computation and storage costs, and meanwhile implement ours and conduct a series of experiments. Both results indicate that our KP-HABE-NMaCS construction makes improvements in expressiveness and features, and achieves efficiency comparable to the previous HABE constructions. Furthermore, they also show that our extension construction is suitable for resource-limited applications. Eventually, we explore how to apply our KP-HABE-NMaCS to build an ABE with equality test and time-based authorization.

Tao Ye,Yongquan Cai,Xu Zhao,Yongli Yang,Wei Wang,Yi Zhu

DOI: https://doi.org/10.1504/ijwmc.2019.097424

2019-01-01

Abstract:The CP-ABE-based access control scheme, which can better realise the access control of many-to-multi-ciphertext shared in the cloud storage architecture, is still facing the problems that the system cost is too large, and the policy attribute revocation or restore is not flexible. This paper proposes an efficient access control scheme based on CP-ABE with supporting attribute change in cloud storage system. The fine-grained access control can be achieved by re-encryption mechanism which takes the minimum shared re-encryption key for policy attribute set. And then the access structure tree is expanded by creating a corresponding virtual attribute for each leaf node attribute. The analysis results of the scheme indicate that the efficient and flexibility of the attribute change is not only improved, but also the system cost is reduced.

LI Hong-jiao,LI Jian-hua,ZHU Hong-wen

DOI: https://doi.org/10.3321/j.issn:1006-2467.2005.08.021

2005-01-01

Abstract:A new access control method,called Multi-policy Access Control Model(MACM),was proposed by analyzing the limitations of single security model and the security requirements of electronic government applications.The new method makes use of virtues of single security model,and at the same time the system's reliability and availability are taken into account. The formal description of the new method was given and its implementation on Linux kernel was investigated.The performance tests show that there is little overhead introduced by the method.

Baiyu Liu,Abhinav Palia,Shan-Ho Yang

DOI: https://doi.org/10.48550/arXiv.1804.06044

2018-04-17

Cryptography and Security

Abstract:Along with the classical problem of managing multiple identities, actions, devices, APIs etc. in different businesses, there has been an escalating need for having the capability of flexible attribute based access control~(ABAC) mechanisms. In order to fill this gap, several variations of ABAC model have been proposed such as \textit{Amazon's AWS IAM}, which uses JSON as their underlying storage data structure and adds policies/constraints as fields over the regular ABAC. However, these systems still do not provide the capability to have customized permissions and to perform various operations (such as comparison/aggregation) on them. In this paper, we introduce a string based resource naming strategy that supports the customized and conditional permissions for resource access. Further, we propose the basic architecture of our system which, along with our naming scheme, makes the system scalable, secure, efficient, flexible and customizable. Finally, we present the proof of concept for our algorithm as well as the experimental set up and the future trajectory for this work.

Yuting Zuo,Li Xu,Jiguo Li,Jie Li,Xiaoding Wang,Md. Jalil Piran

DOI: https://doi.org/10.1109/tce.2024.3486157

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:Secure data access control is widely concerned in Cyber Physical Systems (CPSs) to protect consumer rights. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is an ideal solution that supports fine-grained access control. It is a pity that they fail to consider the attribute control and the verifiable legitimacy when consumer’s attributes are updated. Additionally, the existing revocable CP-ABE schemes are unsuitable for resource-constrained consumer electronic devices due to their high computational and storage overhead. This paper proposes a blockchain-based access control scheme with attribute update. A new revocation mechanism is designed to guarantee the forward/backward security of the attribute update. The lightweight ciphertext update protocol is proposed to optimize the computation cost. To realize secure and efficient attribute management, this paper designs the on-chain/off-chain separation storage mode, and proposes the traceability-based attribute set generation and validation algorithm. This paper performs the formal security proof. The experimental results demonstrate that the scheme is efficient in terms of encryption and decryption.

JIAN Hong-wei,LEI Hang

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.09.026

2010-01-01

Abstract:When some environment of safety-critical system changes,there will be some changes in the safety policy to the certain critical equipment .This paper took the nuclear power control system as the example and studied a safety policy that based on FSM and realized it used QuO(Quality Objects).This safety policy could be used in other safety-critical system that be consisted of different safety-critical devices.

Kai Ouyang,Ting Cai,Jingli Zhou,Hengqing Wang

DOI: https://doi.org/10.3321/j.issn:1671-4512.2008.06.008

2008-01-01

Abstract:Based on the inheritance of the conditional periodic theory of conditional temporal role based access control (CT-RBAC) and constraint relations, further detailed work of role related constraints of this model was made, and the relevant role inheritance constraint semantics was formalized. Meanwhile, a mechanism to ensure the static separation of duty (SSD) policy was addressed which can perform in security on the condition of inheritance, by which means avoiding the conflicts made by the natural localization of conditional temporal SSD in inheritance. Finally an implemented prototype and its related performance testing were provided, by which proved the slight loss is receivability in the case of improving the prototype system security.

GONG Min-bin,PAN Li,QIAN Hong

DOI: https://doi.org/10.3969/j.issn.1009-8054.2013.08.030

2013-01-01

Abstract:Aiming at the integrity security risk of sharing policy between network servers,a novel network security policy mechanism based on firmware is proposed. Supporting the fast and secure policy transferring and the integrity verification of the policy,this mechanism can guarantee the integrity security of the sharing policy. Experimental results indicate that this mechanism can effectively provide security management of the policy and promote the management efficiency of network security administrators.

Hui Tian,Xiang Li,Hanyu Quan,Chin-Chen Chang,Thar Baker

DOI: https://doi.org/10.1109/jsen.2020.3030688

IF: 4.3

2021-07-15

IEEE Sensors Journal

Abstract:The Intelligent Transportation System (ITS) provides more possibilities for the realization of smart cities by integrating the Internet of Things (IoT) and cloud computing. However, how to ensure security of IoT data stored in the cloud has become one of the biggest challenges at present. As a promising solution for realizing fine-grained access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can be used to ensure data security. However, the traditional CP-ABE schemes may leak privacy of ITS users. Moreover, due to their high computational overheads, the current privacy-preserving techniques are not suitable for IoT lightweight devices. To fill this gap, this article presents ABE-FPP, a lightweight attribute-based access control scheme with full privacy protection (FPP), which can achieve full privacy protection in the three key stages (i.e., key generation, access control, and partial decryption), while reducing consumption overhead on the user side. Specifically, to protect privacy during key generation, a lightweight two-party secure computing protocol between the user and the authority is designed to generate secret keys; to protect privacy during the access control policy setting, we present an efficient policy hidden strategy, which only reveals attribute names and efficiently hides attribute values; to protect privacy during partial decryption, we propose a hybrid authentication method that does not need to submit attribute values to the cloud. Moreover, to achieve lightweight computation for IoT devices, online/offline encryption and outsourced decryption are employed in ABE-FPP. Finally, formal security proofs show that our scheme is secure in the standard model. The asymptotic complexity analyses and experimental results demonstrate that the presented scheme achieves higher computation efficiency than the state-of-the-art ones.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Kaiping Xue,Na Gai,Jianan Hong,David S. L. Wei,Peilin Hong,Nenghai Yu

DOI: https://doi.org/10.1109/tdsc.2020.2987903

2022-01-01

Abstract:Under the assumption of honest-but-curious cloud service provider, various cryptographic techniques have been used to address the issues of data access control and confidentiality in public cloud storage. Among which, attribute-based encryption (ABE) has been shown to be an attractive scheme. Although the technique of ABE brings in various benefits, its onerous overhead should not be ignored. In this article, based on an improved LSSS (linear secret sharing scheme) matrix expression integrated in CP-ABE (Ciphertext-Policy Attribute-Based Encryption) algorithm, we present an efficient and secure attribute-based access control scheme for the scenarios where multiple data are shared and encrypted with frequently used sub-policies. In the scheme, a user can store the parameters about a specific sub-policy in his/her first decryption, which can be reused in the subsequent data decryptions whose embedded access policies include the same sub-policy so as to significantly reduce the computation cost. Our proposed scheme is proved to be semantically secure under chosen plaintext attacks and can well preserve the confidentiality of the data sharing system. Our analysis and experimentation also show that our scheme does significantly reduce the decryption time and while trades in only very little storage overhead, and thus effectively promotes the efficiency.