Catalog Home Page

The functionality-based application confinement model

Schreuders, Z.C., Payne, C. and McGill, T. (2013) The functionality-based application confinement model. International Journal of Information Security, 12 (5). pp. 393-422.

PDF - Authors' Version
Download (2MB)
Link to Published Version:
*Subscription may be required


This paper presents the functionality-based application confinement (FBAC) access control model. FBAC is an application-oriented access control model, intended to restrict processes to the behaviour that is authorised by end users, administrators, and processes, in order to limit the damage that can be caused by malicious code, due to software vulnerabilities or malware. FBAC is unique in its ability to limit applications to finely grained access control rules based on high-level easy-to-understand reusable policy abstractions, its ability to simultaneously enforce application-oriented security goals of administrators, programs, and end users, its ability to perform dynamic activation and deactivation of logically grouped portions of a process's authority, its approach to process invocation history and intersection-based privilege propagation, its suitability to policy automation techniques, and in the resulting usability benefits. Central to the model are 'functionalities', hierarchical and parameterised policy abstractions, which can represent features that applications provide; 'confinements', which can model simultaneous enforcement of multiple sets of policies to enforce a diverse range of types of application restrictions; and 'applications', which represent the processes to be confined. The paper defines the model in terms of structure (which is described in five components) and function, and serves as a culmination of our work thus far, reviewing the evaluation of the model that has been conducted to date.

Publication Type: Journal Article
Murdoch Affiliation: School of Engineering and Information Technology
Publisher: Springer Verlag
Copyright: © 2013 Springer-Verlag Berlin Heidelberg
Item Control Page Item Control Page


Downloads per month over past year