Auto-generation of least privileges access control policies for applications supported by user input recognition
January 2010
Pages 17 - 38
Abstract
Applications are typically executed in the security context of the user. Nonetheless, they do not need all the access rights granted. Executing applications with minimal rights (least privileges) is desirable. In case of an attack, only a fraction of resources can be accessed. The state-of-the-art on application-based access control policy generation has limitations: existing work does not generate least privileges policies, policies are not always complete and the process requires complex manual interaction. This paper presents an almost fully automated approach which counters these limitations. It achieves this by (1) extending a static analysis approach by user input recognition, by (2) introducing a new runtime approach on user input recognition which is based on information tracking and Aspect-Oriented Programming and by (3) combining the other two contributions with some of the existing work. The combined approaches are integrated into the software development life cycle and thus, policy generation becomes practicable. A prototype of the runtime approach is implemented which proves feasibility and scalability.
References
[1]
Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9), 1278-1308 (1975)
[2]
McGraw, G.: Software Security - Building Security. Addison-Wesley, USA (2006)
[3]
National Institute of Standards and Technology: National vulnerability database statistics, http://nvd.nist.gov/statistics.cfm (last checked: August 2010)
[4]
Koved, L., Pistoia, M., Kershenbaum, A.: Access rights analysis for java. In: OOPSLA 2002: Proceedings of the 17th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 359-372. ACM, New York (2002)
[5]
Centonze, P., Flynn, R., Pistoia, M.: Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies. In: Proceedings of the 23rd Annual Computer Security Applications Conference, ACSAC 2007, pp. 292-303 (December 2007)
[6]
Geay, E., Pistoia, M., Tateishi, T., Ryder, B.G., Dolby, J.: Modular String-Sensitive Permission Analysis with Demand-Driven Precision. In: Proceedings of the 31st International Conference on Software Engineering, pp. 177-187. IEEE, Los Alamitos (May 2009)
[7]
Provos, N.: Improving host security with system call policies. In: SSYM 2003: Proceedings of the 12th conference on USENIX Security Symposium, Berkeley, CA, USA, pp. 18-18. USENIX Association (2003)
[8]
Novell, Inc.: AppArmor, http://en.opensuse.org/AppArmor/ (last checked: August 2010)
[9]
Goldberg, A., Kay, A.: Smalltalk-72 Instruction Manual. Technical Report SSL 76-6, Learning Research Group, Xerox Palo Alto Research Center, California, USA (1976)
[10]
Eckel, B.: Thinking in Java, 3rd edn. Prentice Hall, Nwe Jersey (2003)
[11]
Gong, L., Ellison, G., Dagenforde, M.: Inside Java 2 Platform Security, 2nd edn. Addison-Wesley, Reading (2003)
[12]
Horwitz, S., Reps, T., Binkley, D.: Interprocedural Slicing Using Dependence Graphs. In: PLDI 1988: Proceedings of the ACM SIGPLAN 1988 Conference on Programming Language Design and Implementation, pp. 35-46. ACM, New York (1988)
[13]
Shivers, O.: Control flow analysis in scheme. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 164-174 (1988)
[14]
Cowan, C., Wright, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux security modules: General security support for the linux kernel. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, USA (August 2002)
[15]
Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proceedings of the 22nd IEEE Symposium on Security and Privacy, pp. 156-169 (May 2001)
[16]
Bauer, L., Ligatti, J., Walker, D.: Composing security policies with Polymer. In: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2005), Chicago, IL, USA, pp. 305-314 (2005)
[17]
Miller, M.S.: Robust Composition - Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, Johns Hopkins University, Baltimore, MD, USA (May 2006)
[18]
Xu, W., Bhatkar, E., Sekar, R.: Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In: 15th USENIX Security Symposium, pp. 121-136 (2006)
[19]
Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically hardening web applications using precise tainting. In: 20th IFIP International Information Security Conference (SEC), pp. 372-382 (2005)
[20]
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21 (2003)
[21]
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM 20(7), 504-513 (1977)
[22]
Wallach, D.S., Felten, E.W.: Understanding java stack inspection. In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 52-63 (1998)
[23]
Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C., Loingtier, J.M., Irwin, J.: Aspect-Oriented Programming. In: Liu, Y., Auletta, V. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220-242. Springer, Heidelberg (1997)
[24]
Hengst, G.: Auto-generation of access-control policies - elaboration of an information tracking approach and its prototype implementation. Bachelor's thesis, Munich University of Applied Sciences (September 2009)
[25]
Sun Microsystems Inc.: Java Technology, http://java.sun.com/ (last checked: August 2010)
[26]
Eclipse Foundation: Aspectj, http://www.eclipse.org/aspectj/ (last checked: August 2010)
[27]
Eclipse Foundation: eclipse, http://www.eclipse.org (last checked: August 2010)
[28]
Dólera Tormo, G., Martinez Perez, G.: UMU XACML-Editor, http://sourceforge.net/projects/umu-xacmleditor/ (last checked: August 2010)
[29]
S3MS project consortium: Security of Software and Services for Mobile Systems (S3MS), European research project, http://www.s3ms.org/ (last checked: August 2010)
[30]
Dragoni, N., Martinelli, F., Massacci, F., Mori, P., Schaefer, C., Walter, T., Vetillard, E.: Security-by-Contract (SxC) for Software and Services of Mobile Systems. In: Nitto, E.D., Sassen, A.M., Traverso, P., Zwegers, A. (eds.) At Your Service-Oriented Computing From an EU Perspective, pp. 429-455. MIT Press, Cambridge (2009)
[31]
Aktug, I., Naliuka, K.: ConSpec - a formal language for policy specification. In: First International Workshop on Run Time Enforcement for Mobile and Distributed Systems (REM 2007), Dresden, Germany (September 27, 2007)
Recommendations
Auto-generating access control policies for applications by static analysis with user input recognition
SESS '10: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure SystemsApplications are typically executed in the security context of the user. Nonetheless, they do not need all the access rights. Since software vulnerabilities based attacks are not rare nowadays, executing applications with minimal rights (least ...
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Self-Generation of Access Control Policies
SACMAT '18: Proceedings of the 23nd ACM on Symposium on Access Control Models and TechnologiesAccess control for information has primarily focused on access statically granted to subjects by administrators usually in the context of a specific system. Even if mechanisms are available for access revocation, revocations must still be executed ...
Comments
Information & Contributors
Information
Published In
January 2010
292 pages
ISBN:3642176968
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 01 January 2010
Qualifiers
- Chapter
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 18 Aug 2024