Most of today's MAC implementations can be turned into permissive mode, where no enforcement is performed but alerts are raised instead. This behavior is very close to an anomaly IDS except that the system is configured through a MAC policy. MAC implementations such as SELinux and AppArmor come with a default policy including real life and practical rules ready to be used as is or as a basis for a custom policy. In this paper, we first propose an extension of an IDS based on information flow control. We address issues concerning programs execution and improve its expressiveness in terms of security policy. This extended model can be configured to reach a wide variety of different security goals. Particularly, it allows for information flow checking based on users and/or programs dependent policy rules. Furthermore, suspicious modification of binary programs can be detected to avoid malware execution. We also propose an algorithm for deriving an AppArmor MAC policy into an information flow policy, and thus get the advantage of having a ready to use policy offering good security. We finally show a practical example of deriving such a policy in order to configure our IDS.
A mobile phone evolves as a data repository where the pieces of data have different owners and may thus be protected by different security policies. These pieces of data are used on an open environment controlled by a non-specialist user: the owner of the mobile phone. However, previous research projects have studied dynamic monitoring of information flows in a system. We believe that the results of these projects are well adapted for protecting information on an embedded system as a mobile phone. Nevertheless the difficulties to define the information flow policy that govern the information flow monitor is an obstacle for the usability of such an approach by a wide audience. In this paper we detail step by step the construction of a precise information flow policy for the Android operating system. Our main objective is to answer the following questions: in practice, how much sensitive information can be monitored on a real system? What information it is desirable to monitor on a mobile phone? What is the induced execution overhead for applications? Can we propose a default information flow policy?
This paper relates the collaboration between industrial and academic teams for the design and the verification of a security protocol. The protocol is about trust establishment in large communities of devices where infrastructure components are not always reachable. The collaboration covers the writing of formal specifications up to their verification, using both manual and automated verification methods embedded in the AVISPA [1] and SPAN [7] tools. At each stage, the use of the visualization and protocol animation facilities of SPAN is key to the mutual understanding of working teams. As a result, we obtain much more confidence in the security of the final protocol. We also demonstrate the usefulness of some embedded countermeasures.
In this paper, we propose an extension of an intrusion detection system, implemented at the operating system level. This model is based on a flow control policy, expressed at the scale of the system objects. The extension presented here takes the execution of processes mechanisms into account and improves the expressivity of the security policy. The model thus becomes usable to restrain information flows realized by processes depending on the user and/or the code of the process. Besides, we prove that this model does not produce false negatives : all the violations of the security policy raise an alert. Index Terms-Détection d'intrusions, Contrôle de flux d'information, Politique de sécurité
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.