Trojan Horse Resistant Discretionary Access Control

Get BibTex-formatted data

Download

PDF

Author

Ziqing Mao, Ninghui Li, Hong Chen, Xuxian Jiang

Tech report number

CERIAS TR 2008-8

Entry type

techreport

Abstract

Modern operating systems primarily use Discretionary Access Control (DAC) to protect files and other operating system resources. DAC mechanisms are more user-friendly than Mandatory Access Control (MAC) systems, but are vulnerable to trojan horse attacks and attacks exploiting buggy software. We show that it is possible to have the best of both worlds: DAC's easy-to-use discretionary policy specification and MAC's defense against trojan horses and buggy programs. This is made possible by a key new insight that DAC has this weakness not because it uses the discretionary principle, but because existing DAC enforcement mechanisms assume that a single principal is responsible for any request, whereas in reality a request may be influenced by multiple principals; thus these mechanisms cannot correctly identify the true origin(s) of a request and fall prey to trojan horses. We propose to solve this problem by combining DAC's policy specification with new enforcement techniques that use ideas from MAC's information flow tracking. Our model, called Information Flow Enhanced Discretionary Access Control (IFEDAC), is the first DAC model that can defend against trojan horses and attacks exploiting buggy software. IFEDAC significantly strengthens end host security, while preserving to a large degree DAC's ease of use. In this paper, we present the IFEDAC model, analyze its security properties, and discuss our design and implementation for Linux.

Download

PDF

Date

2008 – 04 – 08

Key alpha

LMCJ08

Affiliation

Purdue University, George Mason University

Publication Date

2008-04-08

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ LMCJ08,
	title = "Trojan Horse Resistant Discretionary Access Control",
	author = "Ziqing Mao, Ninghui Li, Hong Chen, Xuxian Jiang",
	year = "2008",
	month = "04",
	day = "08",
	abstract = "Modern operating systems primarily use Discretionary Access Control (DAC) to protect files and
other operating system resources. DAC mechanisms are more user-friendly than Mandatory Access
Control (MAC) systems, but are vulnerable to trojan horse attacks and attacks exploiting buggy
software.  We show that it is possible to have the best of both worlds: DAC's easy-to-use
discretionary policy specification and MAC's defense against trojan horses and buggy programs. This
is made possible by a key new insight that DAC has this weakness not because it uses the
discretionary principle, but because existing DAC enforcement mechanisms assume that a single
principal is responsible for any request, whereas in reality a request may be influenced by
multiple principals; thus these mechanisms cannot correctly identify the true origin(s) of a
request and fall prey to trojan horses. We propose to solve this problem by combining DAC's policy
specification with new enforcement techniques that use ideas from MAC's information flow tracking.
Our model, called Information Flow Enhanced Discretionary Access Control (IFEDAC), is the first DAC
model that can defend against trojan horses and attacks exploiting buggy software.  IFEDAC
significantly strengthens end host security, while preserving to a large degree DAC's ease of use.
In this paper, we present the IFEDAC model, analyze its security properties, and discuss our design
and implementation for Linux.
",
	affiliation = "Purdue University, George Mason University",
}