Extended Role Based Access Control with Procedural Constraints for Trusted Operating Systems

Abstract: The current scheme of access control judges the legality of each access based on immediate information without considering associate information hidden in a series of accesses. Due to the deficiency, access control systems do not efficiently limit attacks consist of ordinary operations. For trusted operating system developments, we extended RBAC and added negative procedural constraints to refuse those attacks. With the procedural constraints, the access control of trusted operating systems can discriminate at… Show more

“…We have proposed an extended reference monitor [8,10] with a view to involve the behavioral dimension of security enforcement. Our monitor model attaches a behavior control component to the access control unit thereby providing both access and behavior controls in the system.…”

“…In [8], we defined the behavioral control unit as a security automata [14] which can guarantee the safety property which ensures that if a trace is not in accordance with the behavioral policy, then the execution must be terminated at the earliest. We have extended the RBAC model [10] with the procedural restriction; thus, the monitor makes access decisions based on continuous access information in RBAC enabled TOSs.…”

“…We have proposed an extended reference monitor [8,10] with a view to incorporate the behavioral dimension in security enforcement. A TOS with the extended reference monitor can enforce a security policy that manages not only a single access operation but also a sequence of consecutive operations.…”

A Policy Language for the Extended Reference Monitor in Trusted Operating Systems

“…We have proposed an extended reference monitor [8,10] with a view to involve the behavioral dimension of security enforcement. Our monitor model attaches a behavior control component to the access control unit thereby providing both access and behavior controls in the system.…”

“…In [8], we defined the behavioral control unit as a security automata [14] which can guarantee the safety property which ensures that if a trace is not in accordance with the behavioral policy, then the execution must be terminated at the earliest. We have extended the RBAC model [10] with the procedural restriction; thus, the monitor makes access decisions based on continuous access information in RBAC enabled TOSs.…”

“…We have proposed an extended reference monitor [8,10] with a view to incorporate the behavioral dimension in security enforcement. A TOS with the extended reference monitor can enforce a security policy that manages not only a single access operation but also a sequence of consecutive operations.…”

A Policy Language for the Extended Reference Monitor in Trusted Operating Systems

Design and Implementation of an Extended Reference Monitor for Trusted Operating Systems

Enforcement of Integrated Security Policy in Trusted Operating Systems