Enforcement of integrated security policy in trusted operating systems

Hyung Chan Kim, R. S. Ramakrishna, Wook Shin, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

The main focus of Trusted Operating System (TOS) research these days is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. It is desirable, therefore, to enforce an integrated security policy that includes both behavioral security and access control policies. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which is also of concern in security enforcement. This paper presents the design of the extended reference monitor for integrated policy enforcement and describes its implementation in Linux operating systems.

Original languageEnglish
Title of host publicationAdvances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings
Pages214-229
Number of pages16
Publication statusPublished - Dec 1 2007
Event2nd International Workshop on Security, IWSEC 2007 - Nara, Japan
Duration: Oct 29 2007Oct 31 2007

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4752 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other2nd International Workshop on Security, IWSEC 2007
CountryJapan
CityNara
Period10/29/0710/31/07

Fingerprint

Security Policy
Access control
Operating Systems
Monitor
Access Control
Computer operating systems
Behavior Control
Semantics
Linux
Control Policy
Attack
Research

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Kim, H. C., Ramakrishna, R. S., Shin, W., & Sakurai, K. (2007). Enforcement of integrated security policy in trusted operating systems. In Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings (pp. 214-229). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4752 LNCS).

Enforcement of integrated security policy in trusted operating systems. / Kim, Hyung Chan; Ramakrishna, R. S.; Shin, Wook; Sakurai, Kouichi.

Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings. 2007. p. 214-229 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4752 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, HC, Ramakrishna, RS, Shin, W & Sakurai, K 2007, Enforcement of integrated security policy in trusted operating systems. in Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4752 LNCS, pp. 214-229, 2nd International Workshop on Security, IWSEC 2007, Nara, Japan, 10/29/07.
Kim HC, Ramakrishna RS, Shin W, Sakurai K. Enforcement of integrated security policy in trusted operating systems. In Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings. 2007. p. 214-229. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Kim, Hyung Chan ; Ramakrishna, R. S. ; Shin, Wook ; Sakurai, Kouichi. / Enforcement of integrated security policy in trusted operating systems. Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings. 2007. pp. 214-229 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{1217a2b1c9984c9e871b9afff8d09e46,
title = "Enforcement of integrated security policy in trusted operating systems",
abstract = "The main focus of Trusted Operating System (TOS) research these days is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. It is desirable, therefore, to enforce an integrated security policy that includes both behavioral security and access control policies. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which is also of concern in security enforcement. This paper presents the design of the extended reference monitor for integrated policy enforcement and describes its implementation in Linux operating systems.",
author = "Kim, {Hyung Chan} and Ramakrishna, {R. S.} and Wook Shin and Kouichi Sakurai",
year = "2007",
month = "12",
day = "1",
language = "English",
isbn = "9783540756507",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "214--229",
booktitle = "Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings",

}

TY - GEN

T1 - Enforcement of integrated security policy in trusted operating systems

AU - Kim, Hyung Chan

AU - Ramakrishna, R. S.

AU - Shin, Wook

AU - Sakurai, Kouichi

PY - 2007/12/1

Y1 - 2007/12/1

N2 - The main focus of Trusted Operating System (TOS) research these days is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. It is desirable, therefore, to enforce an integrated security policy that includes both behavioral security and access control policies. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which is also of concern in security enforcement. This paper presents the design of the extended reference monitor for integrated policy enforcement and describes its implementation in Linux operating systems.

AB - The main focus of Trusted Operating System (TOS) research these days is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. It is desirable, therefore, to enforce an integrated security policy that includes both behavioral security and access control policies. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which is also of concern in security enforcement. This paper presents the design of the extended reference monitor for integrated policy enforcement and describes its implementation in Linux operating systems.

UR - http://www.scopus.com/inward/record.url?scp=38149127130&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=38149127130&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9783540756507

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 214

EP - 229

BT - Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings

ER -