Catalog Home Page

Functionality-based application confinement: parameterised hierarchical application restrictions

Schreuders, Z.C. and Payne, C. (2008) Functionality-based application confinement: parameterised hierarchical application restrictions. In: International Conference on Security and Cryptography (SECRYPT 2008) , 26 - 29 July, Porto, Portugal

[img]
Preview
PDF - Published Version
Download (506kB) | Preview

    Abstract

    Traditional user-oriented access control models such as Mandatory Access Control (MAC) and Discretionary Access Control (DAC) cannot differentiate between processes acting on behalf of users and those behaving maliciously. Consequently, these models are limited in their ability to protect users from the threats posed by vulnerabilities and malicious software as all code executes with full access to all of a user's permissions. Application-oriented schemes can further restrict applications thereby limiting the damage from malicious code. However, existing application-oriented access controls construct policy using complex and inflexible rules which are difficult to administer and do not scale well to confine the large number of feature-rich applications found on modern systems. Here a new model, Functionality-Based Application Confinement (FBAC), is presented which confines applications based on policy abstractions that can flexibly represent the functional requirements of applications. FBAC policies are parameterised allowing them to be easily adapted to the needs of individual applications. Policies are also hierarchical, improving scalability and reusability while conveniently abstracting policy detail where appropriate. Furthermore the layered nature of policies provides defence in depth allowing policies from both the user and administrator to provide both discretionary and mandatory security. An implementation FBAC-LSM and its architecture are also introduced.

    Publication Type: Conference Paper
    Murdoch Affiliation: School of Information Technology
    Publisher: INSTICC Press
    Copyright: Institute for Systems and Technologies of Information
    Conference Website: http://secrypt.icete.org/SECRYPT2008/index.html
    Notes: Published by INSTICC Press http://www.insticc.org
    URI: http://researchrepository.murdoch.edu.au/id/eprint/4370
    Item Control Page

    Downloads

    Downloads per month over past year