Compatible and Usable Mandatory Access Control for Good-enough OS Security

Shan, Zhiyong

doi:10.1109/isecs.2009.29

Cited by 2 publications

(3 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The most important feature that values this system above DAC is the fact that MAC distinguishes between the subject and object domains and allows the usage of permissions and limitations accordingly. Thus, it is much better in terms of logical comparisons when compared with DAC [72][73][74].…”

Section: Mandatory Access Controlmentioning

confidence: 99%

“…Although the access and usage possibilities are not that good, MAC is easy to understand and use; thus, it has an intermediate level of Ease of Privilege Assignments [72][73][74]. As MAC can do certain distinctions, it has an intermediate level of Syntactic And Semantic Support For Specifying AC Rules.As the assignments are carried out by a central system, no user can transfer their rights to another user, which contributes to a low level of Delegation of Administrative Capabilities.…”

Section: Mandatory Access Controlmentioning

confidence: 99%

See 1 more Smart Citation

Survey on Access Control Mechanisms in Cloud Computing

Karataş

Akbulut

2018

JCSM

View full text Add to dashboard Cite

The benefits that Internet-based applications and services have given to the end user with today's cloud computing technology are very remarkable. The distributed services instantly scaled over the Internet provided by cloud computing can be achieved by using some mechanisms in the background. It is a critical task for end users to control access to resources because lack of control often leads to security risks. In addition, this may cause systems to fail. This paper describes seven different access control mechanisms used in cloud computing platforms for different purposes. Besides, the advantages and disadvantages of various models developed from previous service-based architectures and used for cloud computing are detailed and classified. During the assessments, NIST's metrics were taken as a reference, and in the study, 109 articles from the past decade were examined. We also compared our research with the existing survey papers.

show abstract

Section: Mandatory Access Controlmentioning

confidence: 99%

Section: Mandatory Access Controlmentioning

confidence: 99%

Survey on Access Control Mechanisms in Cloud Computing

Karataş

Akbulut

2018

JCSM

View full text Add to dashboard Cite

show abstract

“…There are some researches for improving the usability of mandatory access control. Shan proposed a kind of new mandatory access control model, named CUMAC 18) . CUMAC can improve both compatibility and usability.…”

Section: Related Workmentioning

confidence: 99%

SELinux Security Policy Configuration System with Higher Level Language

Nakamura

Sameshima

Yamauchi

2010

Journal of Information Processing

View full text Add to dashboard Cite

Creating security policy for SELinux is difficult because access rules often exceed 10,000 and elements in rules such as permissions and types are understandable only for SELinux experts. The most popular way to facilitate creating security policy is refpolicy which is composed of macros and sample configurations. However, describing and verifying refpolicy based configurations is difficult because complexities of configuration elements still exist, using macros requires expertise and there are more than 100,000 configuration lines. The memory footprint of refpolicy which is around 5 MB by default, is also a problem for resource constrained devices. We propose a system called SEEdit which facilitates creating security policy by a higher level language called SPDL and SPDL tools. SPDL reduces the number of permissions by integrated permissions and removes type configurations. SPDL tools generate security policy configurations from access logs and tool user's knowledge about applications. Experimental results on an embedded system and a PC system show that practical security policies are created by SEEdit, i.e., describing configurations is semi-automated, created security policies are composed of less than 500 lines of configurations, 100 configuration elements, and the memory footprint in the embedded system is less than 500 KB.

show abstract

Compatible and Usable Mandatory Access Control for Good-enough OS Security

Cited by 2 publications

References 19 publications

Survey on Access Control Mechanisms in Cloud Computing

Survey on Access Control Mechanisms in Cloud Computing

SELinux Security Policy Configuration System with Higher Level Language

Contact Info

Product

Resources

About