Design and Implementation of an Extended Reference Monitor for Trusted Operating Systems

  • Hyung Chan Kim
  • Wook Shin
  • R. S. Ramakrishna
  • Kouichi Sakurai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3903)


Conventional access control schemes have supported confidentiality and integrity acknowledging the necessary organizational security policy in operating systems. However, many runtime attacks in operating systems involve behavioral semantics, indicating that attacks should be seen as a sequence of access operations. Ironically these attacks are legitimate under any access control policy. This is due to the lack of behavioral dimension in security enforcement. We propose an extended reference monitor to include this dimension. Our method is based on safety property specification on system call sequences. The reference monitor checks the trace at runtime for behavior control in Linux operating system.


Access Control Security Policy Linear Temporal Logic Access Control Policy Super User 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amoroso, E.G.: Fundamentals of computer security technology, AT & T Bell Laboratories. Prentice-Hall PTR, Englewood Cliffs (1994)MATHGoogle Scholar
  2. 2.
    Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations, MITRE Tech. Report 2547, Vol. I (1973)Google Scholar
  3. 3.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Chandramouli, R.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)Google Scholar
  4. 4.
    One, A.: Smashing the stack for fun and profit. Phrack Magazine 7(49), File 14 of 16 (1996)Google Scholar
  5. 5.
    Bishop, M., Dilger, M.: Checking for race conditions in file accesses. Comput. Syst., 9(2), 131–152 (1996)Google Scholar
  6. 6.
    Schneider, F.B.: Enforceable security policies. ACM Trans. on Inf. & Syst. Sec. 3(1), 30–50 (2000)CrossRefGoogle Scholar
  7. 7.
    Saunders, G., Hitchens, M., Varadharajan, V.: Role-based access control and the access control matrix. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 145–157. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Dist. Comput. 2, 117–126 (1987)MATHCrossRefGoogle Scholar
  9. 9.
    Naldurg, P., Campbell, R.H., Mickunas, M.D.: Developing dynamic security policies. In: Proc. of the DARPA Active Networks Conf. and Expo., pp. 204–215 (2002)Google Scholar
  10. 10.
    Simes, How to break out of a chroot() jail (2002),
  11. 11.
    Schwarz, B., et al.: Model checking an entire linux distribution for security Violations, Reserach Report, Berkely University (2004),
  12. 12.
    Abrams, M.D., LaPadula, L.J., Eggers, K.W., Olson, I.M.: A generalized framework for access control: An informal description. In: Proc. of the 13th Nat’l Comput. Sec. Conf., pp. 135–143 (1990)Google Scholar
  13. 13.
    Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The flask security architecture: system support for diverse security policies. In: Proc. of The 8th USENIX Sec. Symp., pp. 123–139 (1999)Google Scholar
  14. 14.
    Brown, A.: HBench-OS operating system benchmarks,
  15. 15.
    Shin, W., Park, J.Y., Lee, D.I.: Extended role based access control with procedural constraints for trusted operating systems. IEICE Trans. Inf. & Syst. E88-D(3), 619–627 (2005)CrossRefGoogle Scholar
  16. 16.
    Ott, A.: The rule set based access control linux kernel security extension. In: Int’l Linux Kongress 2001 (2001),
  17. 17.
    Spengler, B.: Increasing performance and granularity in role-based access control systems (A case study in Grsecurity),
  18. 18.
    Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. In: 2001 USENIX Annual Tech. Conf. (2001),
  19. 19.
    Bernaschi, M., Gabrielli, E., Mancini, L.V.: REMUS: A security-enhanced operating system. ACM Trans. on Inf. & Syst. Sec. 5(1), 36–61 (2002)CrossRefGoogle Scholar
  20. 20.
    Linux intrusion detection system,
  21. 21.
    Chari, S.N., Cheng, P.: BlueBox: A policy-driven, host-based intrusion detection system. ACM Trans. on Inf. & Syst. Sec. 6(2), 173–200 (2003)CrossRefGoogle Scholar
  22. 22.
    Sekar, R., Bowen, T., Segal, M.: On preventing intrusions by process behavior monitoring. In: Proc. of Workshop on Intrusion Detection and Network Monitoring, pp. 29–40 (1999)Google Scholar
  23. 23.
    Erlingsson, U., Schenider, F.B.: SASI enforcement of security policies: A retrospective. In: Proc. of the New Security Paradigm Workshop, pp. 87–95 (1999)Google Scholar
  24. 24.
    Havelund, K., Roşu, G.: Monitoring java programs with java PathExplorer. Electr. Notes Theor. Comput. Sci. 55(2), 200–217 (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Hyung Chan Kim
    • 1
  • Wook Shin
    • 2
  • R. S. Ramakrishna
    • 1
  • Kouichi Sakurai
    • 3
  1. 1.Department of Information and CommunicationsGwangju Institute of Science and TechnologyGwangjuRep. of Korea
  2. 2.Department of Computer ScienceUniversity of Illinois at Urbana-ChampaignUSA
  3. 3.Faculty of Computer Science and Communication EngineeringKyushu UniversityFukuokaJapan

Personalised recommendations