A Security Architecture for Adapting Multiple Access Control Models to Operating Systems

  • Jung-Sun Kim
  • SeungYong Lee
  • Minsoo Kim
  • Jae-Hyun Seo
  • Bong-Nam Noh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3984)


In this paper, we propose a new security architecture for adapting multiple access control models to operating systems. As adding a virtual access control system to a proposed security architecture, various access control models such as MAC, DAC, and RBAC are applied to secure operating systems easily. Also, the proposed was designed to overcome the deficiencies of access control in standard operating systems, makes secure OS more available by combining access control models, and apply them to secure OS in runtime.


Access Control Control Message Request Message Kernel Module Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Morris, J., Smalley, S., Korah-Hartman, G.: Linux Security Modules: General Security Support for the Linux Kernel. In: USENIX Security Symposium (August 2002)Google Scholar
  2. 2.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed Standard for Role-Based Access Control. ACM Transactions on Information and Systems Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  3. 3.
    Ott, A.: The Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension. 8th Int. Linux Kongress, Enschede (2001)Google Scholar
  4. 4.
    Loscocco, P., Smalley, S.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: Proceedings of the FREENIX Track 2001 USENIX Annual Tec. Conference (June 2001)Google Scholar
  5. 5.
    Hallyn, S., Kearns, P.: Domain and Type Enforcement for Linux. In: Proceedings of the 4th Annual Linux Showcase and Conference (October 2000)Google Scholar
  6. 6.
    Fraser, T.: LOMAC - Low Water-Mark Integrity Protection for COTS Environments. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy (May 2000)Google Scholar
  7. 7.
    Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The Flask Security Architecture: System Support for Diverse Security Policies. In: Proceedings of the Eight USENIX Security Symposium, pp. 123–139 (August 1999)Google Scholar
  8. 8.
    Abrams, M.D., Eggers, K.W., Padula, L.J.L., Olson, I.M.: A Generalized Framework for Access Control: An Informal Description. In: Proceedings of the Thirteenth National Computer Security Conference, pp. 135–143 (October 1990)Google Scholar
  9. 9.
    Pfleeger, C.P., Pfleeger, S.L.: Security in Computing. Prentice Hall, Englewood Cliffs (2002)Google Scholar
  10. 10.
    Gollmann, D.: Computer Security. John Wiley & SONS, Chichester (1999)Google Scholar
  11. 11.
    Mcgarty, B.: SELINUX: NSA’s Open Source Security Enhanced Linux. O’REILLY, Sebastopol (2005)Google Scholar
  12. 12.
    Medusa DS9 project, http://medusa.fornax.org
  13. 13.
    The Linux Test Project, http://ltp.sourceforge.net
  14. 14.
    The LMbench Project, http://lmbench.sourceforge.net

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jung-Sun Kim
    • 1
  • SeungYong Lee
    • 2
  • Minsoo Kim
    • 3
  • Jae-Hyun Seo
    • 3
  • Bong-Nam Noh
    • 1
  1. 1.Dept. of Computer ScienceChonnam National UniversityKorea
  2. 2.Linux Security Research CenterChonnam National UniversityKorea
  3. 3.Dept. of Information SecurityMokpo National UniversityKorea

Personalised recommendations