A cryptographic access control architecture secure against privileged attackers
Payne, C. (2007) A cryptographic access control architecture secure against privileged attackers. In: CCS 2007 - 14th ACM Computer and Communications Security Conference, October 29 - November 2, 2007, Alexandria, VA, USA pp. 70-76.
*Subscription may be required
The overwhelming majority of existing access control schemes use active protection mechanisms where a security kernel enforces policy based upon an identity label assigned to each process. However, this design is fragile as a result of widely-used but flawed privilege architectures where all special privileges are assigned to a single identity. As a result, this account is required for all administrative tasks and, in practice, is often compromised leading to system-wide security failure. This paper describes an alternative, 'locks and keys' based access control architecture which leverages the passive nature of cryptography as a protection mechanism to limit the impact of this problem. This is more flexible than existing cryptographic file systems since it provides the same features as conventional access control schemes. Furthermore, it achieves its specified security objectives of confidentiality and verifiable integrity even in the face of an attacker who can bypass the security kernel and directly modify objects on the disk. This addresses the need for stronger security architectures in contemporary operating systems while presenting the user with the simple and well-understood interface of an access control scheme.
|Publication Type:||Conference Paper|
|Murdoch Affiliation:||School of Information Technology|
|Publisher:||Association for Computing Machinery (ACM)|
|Copyright:||© 2007 ACM.|
|Item Control Page|