Enforcement of Integrated Security Policy in Trusted Operating Systems

  • Hyung Chan Kim
  • R. S. Ramakrishna
  • Wook Shin
  • Kouichi Sakurai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4752)


The main focus of Trusted Operating System (TOS) research these days is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. It is desirable, therefore, to enforce an integrated security policy that includes both behavioral security and access control policies. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which is also of concern in security enforcement. This paper presents the design of the extended reference monitor for integrated policy enforcement and describes its implementation in Linux operating systems.


Access Control Policy Language Security Policy Behavior Control Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alphe One. Smashing the stack for fun and profit. Phrack Magazine 7 (49), File 14 of 16 (1996)Google Scholar
  2. 2.
    Kim, H.C., Shin, W., Ramakrishna, R.S., Sakurai, K.: Design and implementation of an extended reference monitor for trusted operating systems. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds.) ISPEC 2006. LNCS, vol. 3903, pp. 235–247. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Shin, W., Park, J.Y., Lee, D.I.: Extended role based access control with procedural constraints for trusted operating systems. IEICE Trans. Inf. & Syst. E88-D(3), 619–627 (2005)CrossRefGoogle Scholar
  4. 4.
    Lowery, J.C.: A Tour of TOCTTOUs. SANS GSEC practical v.1.4b (August 2002)Google Scholar
  5. 5.
    Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M., Haghighat, S.A.: A domain and type enforcement unix prototype. In: Proc. of the 5th USENIX UNIX Security Symposium (1995)Google Scholar
  6. 6.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Chandramouli, R.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)Google Scholar
  7. 7.
    Miller, R., Shanahan, M.: Some Alternative Formulations of the Event Calculus. In: Kakas, A.C., Sadri, F. (eds.) Computational Logic: Logic Programming and Beyond. LNCS (LNAI), vol. 2408, pp. 452–490. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Kim, H.C., et al.: On the privilege transitional attack in secure operating systems. In: CSS 2004. Proc. of Computer Security Symposium 2004, vol. II, pp. 559–564 (2004)Google Scholar
  9. 9.
    Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. In: USENIX Annual Tech. Conf. (2001)Google Scholar
  10. 10.
    Abrams, M.D., LaPadula, L.J., Eggers, K.W., Olson, I.M.: A generalized framework for access control: An informal description. In: Proc. of the 13th Nat’l Comput. Sec. Conf. pp. 135–143 (1990)Google Scholar
  11. 11.
    Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The flask security architecture: system support for diverse security policies. In: Proc. of The 8th USENIX Sec. Symp. pp. 123–139 (1999)Google Scholar
  12. 12.
    Wright, C., Cowan, C., Morris, J., Smalley, S., KroahHartman, G.: Linux Security Modules: General Security Support for the Linux Kernel. In: Proc. of USENIX Security Symposium (2002)Google Scholar
  13. 13.
    Ott, A.: The rule set based access control linux kernel security extension. In: Int’l Linux Kongress 2001 (2001),
  14. 14.
    Spengler, B.: Increasing performance and granularity in role-based access control systems (A case study in Grsecurity),
  15. 15.
    Bernaschi, M., Gabrielli, E., Mancini, L.V.: REMUS: A security-enhanced operating system. ACM Trans. on Inf. & Syst. Sec. 5(1), 36–61 (2002)CrossRefGoogle Scholar
  16. 16.
    Schneider, F.B.: Enforceable security policies. ACM Trans. on Inf. & Syst. Sec. 3(1), 30–50 (2000)CrossRefGoogle Scholar
  17. 17.
    Zimmermann, J., Mé, L., Bidan, C.: An improved reference flow control model for policy-based intrusion detection. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 291–308. Springer, Heidelberg (2003)Google Scholar
  18. 18.
    Linux intrusion detection system,
  19. 19.
    Chari, S.N., Cheng, P.: BlueBox: A policy-driven, host-based intrusion detection system. ACM Trans. on Inf. & Syst. Sec. 6(2), 173–200 (2003)CrossRefGoogle Scholar
  20. 20.
    Sekar, R., Bowen, T., Segal, M.: On preventing intrusions by process behavior monitoring. In: Proc. of Workshop on Intrusion Detection and Network Monitoring, pp. 29–40 (1999)Google Scholar
  21. 21.
    Erlingsson, U., Schenider, F.B.: SASI enforcement of security policies: a retrospective. In: Proc. of the New Security Paradigm Workshop, pp. 87–95 (1999)Google Scholar
  22. 22.
    Baker, S.: Data protection by logic programming. In: Palamidessi, C., Moniz Pereira, L., Lloyd, J.W., Dahl, V., Furbach, U., Kerber, M., Lau, K.-K., Sagiv, Y., Stuckey, P.J. (eds.) CL 2000. LNCS (LNAI), vol. 1861, pp. 1300–1314. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  23. 23.
    Efstratiou, C., Friday, A., Davies, N., Cheverst, K.: Utilising the event calculus for policy driven adaptation on mobile systems. In:(Policy 2002) Proc. of the 3rd Int’l Workshop on Policies for Distributed Systems and Networks (2002)Google Scholar
  24. 24.
    Bandara, A.K., Lupu, E.C., Russo, A.: Using event calculus to formalise policy specification and analysis. In:(Policy 2003). Proc. of the 4th Int’l Workshop on Policies for Distributed Systems and Networks (2003)Google Scholar
  25. 25.
    Tishkov, A., Kotenko, I., Sidelnikova, E.: Security checker architecture for policy-based security management. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, pp. 460–465. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  26. 26.
    Jaeger, T., Edwards, A., Zhang, X.: Consistency analysis of authorization hook placement in the linux security modules framework. ACM Trans. on Info. and Syst. Sec. 7(2), 175–205 (2004)CrossRefGoogle Scholar
  27. 27.
  28. 28.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Hyung Chan Kim
    • 1
  • R. S. Ramakrishna
    • 1
  • Wook Shin
    • 2
  • Kouichi Sakurai
    • 3
  1. 1.Department of Information and Communications, Gwangju Institute of Science and Technology, Gwangju 500-712Rep. of Korea
  2. 2.Department of Computer Science, University of Illinois at Urbana-Champaign, IL 61801USA
  3. 3.Faculty of Computer Science and Communication Engineering, Kyushu University, Fukuoka 819-0395Japan

Personalised recommendations