SMARTCOP – A Smart Card Based Access Control for the Protection of Network Security Components

  • Joaquín García-Alfaro
  • Sergio Castillo
  • Jordi Castellà-Roca
  • Guillermo Navarro
  • Joan Borrell
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4277)


The protection of network security components, such as firewalls and Intrusion Detection Systems, is a serious problem which, if not solved, may lead a remote adversary to compromise the security of other components, and even to obtain the control of the system itself. We are actually working on the development of a kernel based access control method, which intercepts and cancels forbidden system calls potentially launched by a remote attacker. This way, even if the attacker gains administration permissions, she will not achieve her purpose. To solve the administration constraints of our approach, we use a smart card based authentication mechanism for ensuring the administrator’s identity. In this paper, we present an enhanced version of our authentication mechanism, based on a public key cryptographic protocol. Through this protocol, our protection module efficiently verifies administrator’s actions before granting her the privileges to manipulate a component.


Access Control Smart Card System Call Intrusion Detection System Authentication Mechanism 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Deswarte, Y., Blain, L., Fabre, J.C.: Intrusion tolerance in distributed computing systems. In: IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 110–121 (1991)Google Scholar
  2. 2.
    Geer, D.: Just How Secure Are Security Products? IEEE Computer 37(6), 14–16 (2004)Google Scholar
  3. 3.
    García-Alfaro, J., Autrel, F., Borrell, J., Castillo, S., Cuppens, F., Navarro, G.: Decentralized publish/subscribe system to prevent coordinated attacks via alert correlation. In: 6th Int. Conf. on Information and Communications Security, Spain, pp. 223–235 (2004)Google Scholar
  4. 4.
    García-Alfaro, J., Castillo, S., Navarro, G., Borrell, J.: ACAPS: An Access Control Mechanism to Protect the Components of an Attack Prevention System. Journal of Computer Science and Network Security 5(11), 87–94 (2005)Google Scholar
  5. 5.
    García-Alfaro, J., Castillo, S., Castellà-Roca, J., Navarro, G., Borrell, J.: Protection of Components based on a Smart-card Enhanced Security Module. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, Springer, Heidelberg (2006)Google Scholar
  6. 6.
    Hope, P.: Using Jails in FreeBSD for Fun and Profit. Login; The Magazine of Usenix & Sage 27(3), 48–55 (2002)Google Scholar
  7. 7.
    Loscocco, P., Smalley, S.: Integrating Flexible Support for Security Policies into the Linux Operating System. In: 11th FREENIX Track: 2001 USENIX Annual Technical Conference, USA (2001)Google Scholar
  8. 8.
    McVoy, L.: LMbench, Portable Tools for Performance Analysis. In: 1996 USENIX Annual Technical Conference, USA (1996)Google Scholar
  9. 9.
    Ott, A.: The Role Compatibility Security Model. In: 7th Nordic Workshop on Secure IT Systems (Nordsec 2002), Karlstad University, Sweden (2002)Google Scholar
  10. 10.
    Viega, J., McGraw, G.: Building Secure Software - How to Avoid Security Problems the Right Way. Addison-Wesley, Reading (2002)Google Scholar
  11. 11.
    Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux Security Modules: General Security Support for the Linux Kernel. In: 11th USENIX Security Symposium, USA (2002)Google Scholar
  12. 12.
    ITU-T. The Directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.509 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Joaquín García-Alfaro
    • 1
  • Sergio Castillo
    • 1
  • Jordi Castellà-Roca
    • 2
  • Guillermo Navarro
    • 1
  • Joan Borrell
    • 1
  1. 1.DEIC/UABBellaterra (Catalonia)Spain
  2. 2.DEiM-ETSE-URVTarragona (Catalonia)Spain

Personalised recommendations