Murdoch University Research Repository

Welcome to the Murdoch University Research Repository

The Murdoch University Research Repository is an open access digital collection of research
created by Murdoch University staff, researchers and postgraduate students.

Learn more

Reusability of functionality-based application confinement policy abstractions

Schreuders, Z.C. and Payne, C. (2008) Reusability of functionality-based application confinement policy abstractions. In: 10th International Conference on Information and Communications Security (ICICS 2008), 20 - 22 October, Birmingham pp. 206-221.

PDF - Authors' Version
Download (137kB)
Link to Published Version:
*Subscription may be required


Traditional access control models and mechanisms struggle to contain the threats posed by malware and software vulnerabilities as these cannot differentiate between processes acting on behalf of users and those posing threats to users’ security as every process executes with the full set of the user's privileges. Existing application confinement schemes attempt to address this by limiting the actions of particular processes. However, the management of these mechanisms requires security-specific expertise which users and administrators often do not possess. Further, these models do not scale well to confine the large number of applications found on functionality-rich contemporary systems. This paper describes how the principles of role-based access control (RBAC) can be applied to the problem of restricting an application's behaviour. This approach provides a more flexible, scalable and easier to manage confinement paradigm that requires far less in terms of user expertise than existing schemes. Known as functionality-based application confinement (FBAC), this model significantly mitigates the usability limitations of existing approaches. We present a case study of a Linux-based implementation of FBAC known as FBAC-LSM and demonstrate the flexibility and scalability of the FBAC model.

Item Type: Conference Paper
Murdoch Affiliation(s): School of Information Technology
Publisher: Springer-Verlag
Copyright: © Springer-Verlag Berlin Heidelberg 2008
Notes: Appears in: Chen, L., Ryan, M. & Wang, G. (Eds.) Lecture Notes in Computer Science, 2008, Volume 5308/2008, 206-221
Item Control Page Item Control Page


Downloads per month over past year