Abstract
We have developed a privacy-aware operating system that focuses on preventing leakage of sensitive data such as personal information. The existing mandatory access control model is too restrictive for processes required to sustain the operations of user programs such as FTP, e-mail client applications, etc. In order to solve this problem, the proposed approach employs two techniques. First, the operating system kernel limits the execution of system calls only if the process could contribute to data leakage. Second, we implemented contexts; contexts are parameter or hints facilitating the evaluation of the risk of data leakage. These contexts also determine whether the kernel allows or disallows the execution of system calls. These techniques make it possible to realize a more adaptive and flexible data protection mechanism than the existing ones. This study describes the proposed approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bell, D.E., LaPadula, L.J.: Secure Computer System: Unified Exposition and Multics Interpretation. MTR-2997, MITRE Corporation; ESD-TR-75-306 (May 1976)
Organisation for Economic Co-operation and Development: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (2004), http://www.oecd.org/document/18/0,2340,en_2649_201185_1815186_1_1_1_1,00.html
Trusted Computing Group: Trusted Platform Module (TPM) Specifications. https://www.trustedcomputinggroup.org/specs/TPM/
Microsoft Corporation: Next-Generation Secure Computing Base. http://www.microsoft.com/resources/ngscb/default.mspx
Bernaschi, M., Gabrielli, E., Mancini, L.V.: REMUS: A Security-enhanced Operating System. ACM Transactions on Information and System Security 5(1), 36–61 (2002)
Edjlali, G., Acharya, A., Chaudhary, V.: History-based Access Control for Mobile Code. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, pp. 38–48 (1998)
Myers, A.C., Liskov, B.: Protecting Privacy using the Decentralized Label Model. ACM Transactions on Software Engineering and Methodology (TOSEM) 9(4), 410–442 (2000)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Suzuki, K., Mouri, K., Okubo, E. (2007). Salvia: A Privacy-Aware Operating System for Prevention of Data Leakage. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds) Advances in Information and Computer Security. IWSEC 2007. Lecture Notes in Computer Science, vol 4752. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75651-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-75651-4_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75650-7
Online ISBN: 978-3-540-75651-4
eBook Packages: Computer ScienceComputer Science (R0)