research-article

Towards more usable information flow policies for contemporary operating systems

Authors:

R. SekarAuthors Info & Claims

SACMAT '14: Proceedings of the 19th ACM symposium on Access control models and technologies

Pages 75 - 84

https://doi.org/10.1145/2613087.2613110

Published: 25 June 2014 Publication History

Abstract

There has been a resurgence of interest in information flow based techniques in security. A key attraction of these techniques is that they can provide strong, principled protection against malware, regardless of its sophistication. In spite of this advantage, most advances in information flow control have not been adopted in mainstream operating systems since a strict application of information flow can limit system functionality and usability. Permitting dynamic changes to subject labels, as proposed in the low-watermark model, provides better usability. However, it suffers from the self-revocation problem, whereby read/write operations on already open files are denied because the label of the subject performing these operations has been downgraded. While most applications deal gracefully with security failures on file open operations, they are unprepared to handle security violations on subsequent reads/writes. As a result, subject downgrades may lead to crashes or malfunction. Even those applications that deal with read/write errors may still leave output files in a corrupted or inconsistent state since write permissions were taken away in the midst of producing an output file. To overcome these drawbacks, we propose a new approach for dynamic downgrading that eliminates the self-revocation problem. We show that our approach represents an optimal combination of functionality and compatibility. Our experimental evaluation shows that our approach is efficient, incurring an overhead of a few percentage points, is compatible with existing applications, and provides strong integrity protection.

References

[1]

Akari, http://akari.sourceforge.jp/.

[2]

Operation Aurora, http://en.wikipedia.org/wiki/Operation_Aurora.

[3]

Packet Storm, http://packetstormsecurity.com.

[4]

K. J. Biba. Integrity Considerations for Secure Computer Systems. In Technical Report ESD-TR-76--372, USAF Electronic Systems Division, Hanscom Air Force Base, Bedford, Massachusetts, 1977.

[5]

C. Cowan, S. Beattie, G. Kroah-Hartman, C. Pu, P. Wagle, and V. Gligor. SubDomain: Parsimonious Server Security. In LISA, 2000.

Digital Library

[6]

P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and Event Processes in the Asbestos Operating System. In SOSP, 2005.

Digital Library

[7]

N. Falliere, L. Murchu, and E. Chien. W32. Stuxnet Dossier. White paper, Symantec Corp., Security Response, 2011.

[8]

T. Fraser. LOMAC: Low Water-Mark Integrity Protection for COTS Environments. In S&P, 2000.

Digital Library

[9]

T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In NDSS, 2003.

[10]

T. Garfinkel, B. Pfaff, and M. Rosenblum. Ostia: A Delegating Architecture for Secure System Call Interposition. In NDSS, 2004.

[11]

I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker). In USENIX Security, 1996.

Digital Library

[12]

K. Jain and R. Sekar. User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement. In NDSS, 2000.

[13]

M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information Flow Control for Standard OS Abstractions. In SOSP, 2007.

Digital Library

[14]

N. Li, Z. Mao, and H. Chen. Usable Mandatory Integrity Protection for Operating Systems . In S&P, 2007.

Digital Library

[15]

Z. Liang, W. Sun, V. N. Venkatakrishnan, and R. Sekar. Alcatraz: An Isolated Environment for Experimenting with Untrusted Software. In TISSEC 12(3), 2009.

Digital Library

[16]

J. Ligatti, L. Bauer, and D. Walker. Edit Automata: Enforcement Mechanisms for Run-Time Security Policies. International Journal of Information Security, 4(1--2):2--16, 2005.

[17]

P. Loscocco and S. Smalley. Meeting Critical Security Objectives with Security-Enhanced Linux. In Ottawa Linux symposium, 2001.

[18]

Z. Mao, N. Li, H. Chen, and X. Jiang. Combining Discretionary Policy with Mandatory Information Flow in Operating Systems. In TISSEC 14(3), 2011.

Digital Library

[19]

C. Parampalli, R. Sekar, and R. Johnson. A Practical Mimicry Attack Against Powerful System-Call Monitors. In ASIACCS, 2008.

Digital Library

[20]

S. Potter and J. Nieh. Apiary: Easy-to-Use Desktop Application Fault Containment on Commodity Operating Systems. In USENIX conference on USENIX annual technical conference, 2010.

Digital Library

[21]

N. Provos. Improving Host Security with System Call Policies. In USENIX Security, 2003.

Digital Library

[22]

F. B. Schneider. Enforceable Security Policies. In TISSEC 3(1), 2000.

Digital Library

[23]

R. Sekar, V. Venkatakrishnan, S. Basu, S. Bhatkar, and D. C. DuVarney. Model-Carrying Code: A Practical Approach for Safe Execution of Untrusted Applications. In SOSP, 2003.

Digital Library

[24]

W. Sun, Z. Liang, V. N. Venkatakrishnan, and R. Sekar. One-Way Isolation: An Effective Approach for Realizing Safe Execution Environments. In NDSS, 2005.

[25]

W. Sun, R. Sekar, Z. Liang, and V. N. Venkatakrishnan. Expanding Malware Defense by Securing Software Installations. In DIMVA, 2008.

Digital Library

[26]

W. Sun, R. Sekar, G. Poothia, and T. Karandikar. Practical Proactive Integrity Preservation: A Basis for Malware Defense. In S&P, 2008.

Digital Library

[27]

W. K. Sze and B. Mital. Self-Revocation Free Downgrading (SRFD). http://www.seclab.cs.sunysb.edu/seclab/srfd.

[28]

W. K. Sze and R. Sekar. A Portable User-Level Approach for System-wide Integrity Protection. In ACSAC, 2013.

Digital Library

[29]

TrendLabs APT Research Team. Spear-Phishing Email: Most Favored APT Attack Bait. 2012.

[30]

N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making Information Flow Explicit in HiStar. In OSDI, 2006.

Digital Library

Cited By

Sun XDai JLiu PSinghal AYen J(2018)Using Bayesian Networks for Probabilistic Identification of Zero-Day Attack PathsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2018.282109513:10(2506-2521)Online publication date: Oct-2018
https://doi.org/10.1109/TIFS.2018.2821095
Uzun EParlato GAtluri VFerrara AVaidya JSural SLorenzi D(2017)Preventing Unauthorized Data FlowsData and Applications Security and Privacy XXXI10.1007/978-3-319-61176-1_3(41-62)Online publication date: 22-Jun-2017
https://doi.org/10.1007/978-3-319-61176-1_3
Sze WSekar R(2015)Provenance-based Integrity Protection for WindowsProceedings of the 31st Annual Computer Security Applications Conference10.1145/2818000.2818011(211-220)Online publication date: 7-Dec-2015
https://dl.acm.org/doi/10.1145/2818000.2818011

Index Terms

Towards more usable information flow policies for contemporary operating systems
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

Towards Usable Application-Oriented Access Controls: Qualitative Results from a Usability Study of SELinux, AppArmor and FBAC-LSM

A number of security mechanisms are available for improving the security of systems by restricting the actions of individual programs to activities that are authorised. However, configuring these systems to enforce end users' own security goals is often ...
Operating Policies in Robotic Compact Storage and Retrieval Systems

Robotic compact storage and retrieval systems RCSRS have seen many implementations over the last few years. In such a system, the inventory items are stored in bins, organized in a grid. In each cell of the grid, a certain number of bins are stored on ...
Empirical analysis of solid state disk data retention when used with contemporary operating systems

Data recovery techniques for platter-based disk drives have remained rather static due to the dominance of the hard disk for the last two decades. Solid State Disk drives have differing storage and recall functionality from platter-based disks and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '14: Proceedings of the 19th ACM symposium on Access control models and technologies

June 2014

234 pages

ISBN:9781450329392

DOI:10.1145/2613087

General Chair:
Sylvia Osborn
University of Western Ontario, Canada
,
Program Chairs:
Mahesh V. Tripunitara
University of Waterloo, Canada
,
Ian M. Molloy
IBM Research, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '14

Sponsor:

SIGSAC

SACMAT '14: 19th ACM Symposium on Access Control Models and Technologies

June 25 - 27, 2014

Ontario, London, Canada

Acceptance Rates

SACMAT '14 Paper Acceptance Rate 17 of 58 submissions, 29%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
96
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sun XDai JLiu PSinghal AYen J(2018)Using Bayesian Networks for Probabilistic Identification of Zero-Day Attack PathsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2018.282109513:10(2506-2521)Online publication date: Oct-2018
https://doi.org/10.1109/TIFS.2018.2821095
Uzun EParlato GAtluri VFerrara AVaidya JSural SLorenzi D(2017)Preventing Unauthorized Data FlowsData and Applications Security and Privacy XXXI10.1007/978-3-319-61176-1_3(41-62)Online publication date: 22-Jun-2017
https://doi.org/10.1007/978-3-319-61176-1_3
Sze WSekar R(2015)Provenance-based Integrity Protection for WindowsProceedings of the 31st Annual Computer Security Applications Conference10.1145/2818000.2818011(211-220)Online publication date: 7-Dec-2015
https://dl.acm.org/doi/10.1145/2818000.2818011

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents