research-article

An architecture for enforcing end-to-end access control over web applications

Authors:

Boniface Hicks,

Joshua Schiffman,

Yogesh Sreenivasan,

Patrick McDaniel,

Trent JaegerAuthors Info & Claims

SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

Pages 163 - 172

https://doi.org/10.1145/1809842.1809870

Published: 11 June 2010 Publication History

Abstract

The web is now being used as a general platform for hosting distributed applications like wikis, bulletin board messaging systems and collaborative editing environments. Data from multiple applications originating at multiple sources all intermix in a single web browser, making sensitive data stored in the browser subject to a broad milieu of attacks (cross-site scripting, cross-site request forgery and others). The fundamental problem is that existing web infrastructure provides no means for enforcing end-to-end security on data. To solve this we design an architecture using mandatory access control (MAC) enforcement. We overcome the limitations of traditional MAC systems, implemented solely at the operating system layer, by unifying MAC enforcement across virtual machine, operating system, networking and application layers. We implement our architecture using Xen virtual machine management, SELinux at the operating system layer, labeled IPsec for networking and our own label-enforcing web browser, called FlowwolF. We tested our implementation and find that it performs well, supporting data intermixing while still providing end-to-end security guarantees.

References

[1]

J. P. Anderson. Computer security technology planning study, volume II. Technical Report ESD-TR-73-51, Deputy for Command and Management Systems, HQ Electronics Systems Division (AFSC), October 1972.

[2]

P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In SOSP '03, pages 164--177. ACM, 2003.

Digital Library

[3]

A. Barth, C. Jackson, and J. Mitchell. Robust defenses for cross-site request forgery. In CCS '08. ACM, 228.

Digital Library

[4]

D. E. Bell and L. J. LaPadula. Secure computer system: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306, Deputy for Command and Management Systems, HQ Electronic Systems Division (AFSC), March 1976.

[5]

S. Chen, D. Ross, and Y.-M. Wang. An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism. In CCS '07. ACM, 2007.

Digital Library

[6]

R. S. Cox, S. D. Gribble, H. M. Levy, and J. G. Hansen. A safety-oriented platform for web applications. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, pages 350--364. IEEE Computer Society, 2006.

Digital Library

[7]

R. S. et al. Building a mac-based security architecture for the xen open-source hypervisor. In ACSAC '05, pages 276--285. IEEE Computer Society, 2005.

Digital Library

[8]

C. Grier, S. Tang, and S. T. King. Secure Web Browsing with the OP Web Browser. In IEEE Symposium on Security and Privacy, pages 402--416, 2008.

Digital Library

[9]

M. Harrison, W. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, Aug. 1976.

Digital Library

[10]

B. Hicks, T. Misiak, and P. McDaniel. Channels: Runtime system infrastructure for security-typed languages. In ACSAC, December 2007.

[11]

B. Hicks, S. Rueda, T. Jaeger, and P. McDaniel. From trusted to secure: Building and executing applications that enforce system security. In Proceedings of the USENIX Annual Technical Conference, 2007.

Digital Library

[12]

J. Howell, C. Jackson, H. Wang, and X. Fan. Mashupos: Operating system abstractions for client mashups. In HotOS., 2007.

Digital Library

[13]

O. Ismail, M. Etoh, Y. Kadobayashi, and S. Yamaguchi. A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability. In AINA '04. IEEE.

Digital Library

[14]

C. Jackson, A. Bortz, D. Boneh, and J. Mitchell. Protecting browser state from web privacy attacks. In WWW '06.

Digital Library

[15]

C. Jackson and H. Wang. Subspace: Secure cross-domain communication for web mashups. In WWW '07.

Digital Library

[16]

T. Jaeger, D. King, K. Butler, S. Hallyn, J. Latten, and X. Zhang. Leveraging IPsec for mandatory access control across systems. In SecureComm, 2006.

[17]

T. Jim, N. Swamy, and M. Hicks. Defeating script injection attacks with browser-enforced embedded policies. In WWW, New York, NY, USA. ACM.

Digital Library

[18]

B. W. Lampson. Protection. In 5th Princeton Conference on Information Sciences and Systems, 1971.

[19]

R. Meushaw and D. Simard. NetTop: Commercial Technology in High Assurance Applications, 2000.

[20]

MyBB Group. MyBB. http://www.mybboard.net/.

[21]

A. C. Myers, L. Zheng, S. Zdancewic, S. Chong, and N. Nystrom. Jif: Java information flow. http://www.cs.cornell.edu/jif, July 2001-2003.

[22]

Netlabel - explicit labeled networking for linux. http://netlabel.sourceforge.net/, 2007.

[23]

Security-enhanced Linux. http://www.nsa.gov/selinux.

[24]

T. Oda, G. Wurster, P. van Oorschot, and A. Somayaji. SOMA: Mutual Approval for Included Content in Web Pages. In CCS '08.

Digital Library

[25]

OWASP Foundation. Open web application security project. http://www.owasp.org/index.php/Top_10_2007.

[26]

T. L. Project. Lobo: Java Web Browser. http://lobobrowser.org/.

[27]

C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir. Browsershield: vulnerability-driven filtering of dynamic html. In OSDI. USENIX Association.

Digital Library

[28]

D. Yu, A. Chander, N. Islam, and I. Serikov. Javascript instrumentation for browser security. In POPL '07, pages 237--249, New York, NY, USA. ACM.

Digital Library

[29]

S. Zarandioon, D. Yao, and V. Ganapathy. OMOS: A Framework for Secure Communication in Mashup Applications. In ACSAC'08. IEEE.

Digital Library

[30]

N. Zeldovich, S. Boyd-Wickizer, and D. Mazieres. Securing distributed systems with information flow control. In NSDI '08.

Digital Library

Cited By

Polinsky IDatta PBates AEnck WLobo JDi Pietro RChowdhury O(2021)SCIFFS: Enabling Secure Third-Party Security Analytics using Serverless ComputingProceedings of the 26th ACM Symposium on Access Control Models and Technologies10.1145/3450569.3463567(175-186)Online publication date: 11-Jun-2021
https://dl.acm.org/doi/10.1145/3450569.3463567
Kelbert FPretschner A(2018)Data Usage Control for Distributed SystemsACM Transactions on Privacy and Security10.1145/318334221:3(1-32)Online publication date: 16-Apr-2018
https://dl.acm.org/doi/10.1145/3183342
Moyer TChadha KCunningham RSchear NSmith WBates AButler KCapobianco FJaeger TCable P(2016)Leveraging Data Provenance to Enhance Cyber Resilience2016 IEEE Cybersecurity Development (SecDev)10.1109/SecDev.2016.034(107-114)Online publication date: Nov-2016
https://doi.org/10.1109/SecDev.2016.034
Show More Cited By

Index Terms

An architecture for enforcing end-to-end access control over web applications
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

A flexible hierarchical access control mechanism enforcing extension policies

Some specific information or resources only can be accessed by authorized users. Discretionary access control DAC, mandatory access control MAC, and role-based access control RBAC are three main classes of access control policies. MAC and RBAC are more ...
A unified framework for enforcing multiple access control policies

Although several access control policies can be devised for controlling access to information, all existing authorization models, and the corresponding enforcement mechanisms, are based on a specific policy (usually the closed policy). As a consequence, ...
Enforcing access control in Web-based social networks

In this article, we propose an access control mechanism for Web-based social networks, which adopts a rule-based approach for specifying access policies on the resources owned by network participants, and where authorized users are denoted in terms of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

June 2010

212 pages

ISBN:9781450300490

DOI:10.1145/1809842

General Chair:
James Joshi
University of Pittsburgh, USA
,
Program Chair:
Barbara Carminati
University of Insubria, Italy

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT'10

Sponsor:

SIGSAC

SACMAT'10: 15th ACM Symposium on Access Control Models and Technologies

June 9 - 11, 2010

Pennsylvania, Pittsburgh, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
629
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Polinsky IDatta PBates AEnck WLobo JDi Pietro RChowdhury O(2021)SCIFFS: Enabling Secure Third-Party Security Analytics using Serverless ComputingProceedings of the 26th ACM Symposium on Access Control Models and Technologies10.1145/3450569.3463567(175-186)Online publication date: 11-Jun-2021
https://dl.acm.org/doi/10.1145/3450569.3463567
Kelbert FPretschner A(2018)Data Usage Control for Distributed SystemsACM Transactions on Privacy and Security10.1145/318334221:3(1-32)Online publication date: 16-Apr-2018
https://dl.acm.org/doi/10.1145/3183342
Moyer TChadha KCunningham RSchear NSmith WBates AButler KCapobianco FJaeger TCable P(2016)Leveraging Data Provenance to Enhance Cyber Resilience2016 IEEE Cybersecurity Development (SecDev)10.1109/SecDev.2016.034(107-114)Online publication date: Nov-2016
https://doi.org/10.1109/SecDev.2016.034
Katsikogiannis GMitropoulos SDouligeris C(2016)An Identity and Access Management approach for SOA2016 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT)10.1109/ISSPIT.2016.7886021(126-131)Online publication date: Dec-2016
https://doi.org/10.1109/ISSPIT.2016.7886021
Arshad SKharraz ARobertson W(2016)Identifying Extension-Based Ad Injection via Fine-Grained Web Content ProvenanceResearch in Attacks, Intrusions, and Defenses10.1007/978-3-319-45719-2_19(415-436)Online publication date: 7-Sep-2016
https://doi.org/10.1007/978-3-319-45719-2_19
Zeng WYang YLuo B(2014)Content-Based Access Control: Use data content to assist access control for large-scale content-centric databases2014 IEEE International Conference on Big Data (Big Data)10.1109/BigData.2014.7004294(701-710)Online publication date: Oct-2014
https://doi.org/10.1109/BigData.2014.7004294
Zohrevandi MBazzi RPayne C(2013)Auto-FBIProceedings of the 29th Annual Computer Security Applications Conference10.1145/2523649.2523683(349-358)Online publication date: 9-Dec-2013
https://dl.acm.org/doi/10.1145/2523649.2523683
Dong XChen ZSiadati HTople SSaxena PLiang ZSadeghi AGligor VYung M(2013)Protecting sensitive web content from client-side vulnerabilities with CRYPTONSProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516743(1311-1324)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516743
Blanc MBousquet ABriffaut JClevy LGros DLefray ARouzaud-Cornabas JToinard CVenelle B(2013)Mandatory Access Protection Within Cloud SystemsSecurity, Privacy and Trust in Cloud Systems10.1007/978-3-642-38586-5_5(145-173)Online publication date: 4-Sep-2013
https://doi.org/10.1007/978-3-642-38586-5_5
Caron EDesprez FRouzaud-Cornabas J(2013)Smart Resource Allocation to Improve Cloud SecuritySecurity, Privacy and Trust in Cloud Systems10.1007/978-3-642-38586-5_4(103-143)Online publication date: 4-Sep-2013
https://doi.org/10.1007/978-3-642-38586-5_4
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents