Design and Implementation of an Extended Reference Monitor for Trusted Operating Systems

“…An example is Stack Overflow attack in which each access context of the attack sequence analyzed with system call layer does not violate the DAC policy enforced in UNIX operating systems. The problem is discussed in [8,11]. …”

“…We have proposed an extended reference monitor [8,10] with a view to involve the behavioral dimension of security enforcement. Our monitor model attaches a behavior control component to the access control unit thereby providing both access and behavior controls in the system.…”

“…Our monitor model attaches a behavior control component to the access control unit thereby providing both access and behavior controls in the system. In [8], we defined the behavioral control unit as a security automata [14] which can guarantee the safety property which ensures that if a trace is not in accordance with the behavioral policy, then the execution must be terminated at the earliest. We have extended the RBAC model [10] with the procedural restriction; thus, the monitor makes access decisions based on continuous access information in RBAC enabled TOSs.…”

“…We have implemented a policy compiler and some utilities for the extended reference monitor described in [8]. The compiler has been developed in the Python version of Lex/Yacc module [25].…”

“…We have proposed an extended reference monitor [8,10] with a view to incorporate the behavioral dimension in security enforcement. A TOS with the extended reference monitor can enforce a security policy that manages not only a single access operation but also a sequence of consecutive operations.…”

A Policy Language for the Extended Reference Monitor in Trusted Operating Systems

“…An example is Stack Overflow attack in which each access context of the attack sequence analyzed with system call layer does not violate the DAC policy enforced in UNIX operating systems. The problem is discussed in [8,11]. …”

“…We have proposed an extended reference monitor [8,10] with a view to involve the behavioral dimension of security enforcement. Our monitor model attaches a behavior control component to the access control unit thereby providing both access and behavior controls in the system.…”

“…Our monitor model attaches a behavior control component to the access control unit thereby providing both access and behavior controls in the system. In [8], we defined the behavioral control unit as a security automata [14] which can guarantee the safety property which ensures that if a trace is not in accordance with the behavioral policy, then the execution must be terminated at the earliest. We have extended the RBAC model [10] with the procedural restriction; thus, the monitor makes access decisions based on continuous access information in RBAC enabled TOSs.…”

“…We have implemented a policy compiler and some utilities for the extended reference monitor described in [8]. The compiler has been developed in the Python version of Lex/Yacc module [25].…”

“…We have proposed an extended reference monitor [8,10] with a view to incorporate the behavioral dimension in security enforcement. A TOS with the extended reference monitor can enforce a security policy that manages not only a single access operation but also a sequence of consecutive operations.…”

A Policy Language for the Extended Reference Monitor in Trusted Operating Systems

Trust Extended Dynamic Security Model and Its Application in Network

Enforcement of Integrated Security Policy in Trusted Operating Systems