Enforcement of integrated security policy in trusted operating systems

Hyung Chan Kim; R. S. Ramakrishna; Wook Shin; Kouichi Sakurai

doi:10.1007/978-3-540-75651-4_15

Enforcement of integrated security policy in trusted operating systems

Hyung Chan Kim, R. S. Ramakrishna, Wook Shin, Kouichi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

The main focus of Trusted Operating System (TOS) research these days is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. It is desirable, therefore, to enforce an integrated security policy that includes both behavioral security and access control policies. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which is also of concern in security enforcement. This paper presents the design of the extended reference monitor for integrated policy enforcement and describes its implementation in Linux operating systems.

Original language	English
Title of host publication	Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings
Publisher	Springer Verlag
Pages	214-229
Number of pages	16
ISBN (Print)	9783540756507
DOIs	https://doi.org/10.1007/978-3-540-75651-4_15
Publication status	Published - 2007
Event	2nd International Workshop on Security, IWSEC 2007 - Nara, Japan Duration: Oct 29 2007 → Oct 31 2007

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4752 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	2nd International Workshop on Security, IWSEC 2007
Country/Territory	Japan
City	Nara
Period	10/29/07 → 10/31/07

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-540-75651-4_15

Cite this

Kim, H. C., Ramakrishna, R. S., Shin, W., & Sakurai, K. (2007). Enforcement of integrated security policy in trusted operating systems. In Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings (pp. 214-229). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4752 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-540-75651-4_15

Enforcement of integrated security policy in trusted operating systems. / Kim, Hyung Chan; Ramakrishna, R. S.; Shin, Wook et al.
Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings. Springer Verlag, 2007. p. 214-229 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4752 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kim, HC, Ramakrishna, RS, Shin, W & Sakurai, K 2007, Enforcement of integrated security policy in trusted operating systems. in Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4752 LNCS, Springer Verlag, pp. 214-229, 2nd International Workshop on Security, IWSEC 2007, Nara, Japan, 10/29/07. https://doi.org/10.1007/978-3-540-75651-4_15

Kim HC, Ramakrishna RS, Shin W, Sakurai K. Enforcement of integrated security policy in trusted operating systems. In Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings. Springer Verlag. 2007. p. 214-229. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-75651-4_15

Kim, Hyung Chan ; Ramakrishna, R. S. ; Shin, Wook et al. / Enforcement of integrated security policy in trusted operating systems. Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings. Springer Verlag, 2007. pp. 214-229 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{1217a2b1c9984c9e871b9afff8d09e46,

title = "Enforcement of integrated security policy in trusted operating systems",

abstract = "The main focus of Trusted Operating System (TOS) research these days is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. It is desirable, therefore, to enforce an integrated security policy that includes both behavioral security and access control policies. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which is also of concern in security enforcement. This paper presents the design of the extended reference monitor for integrated policy enforcement and describes its implementation in Linux operating systems.",

author = "Kim, {Hyung Chan} and Ramakrishna, {R. S.} and Wook Shin and Kouichi Sakurai",

year = "2007",

doi = "10.1007/978-3-540-75651-4_15",

language = "English",

isbn = "9783540756507",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "214--229",

booktitle = "Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings",

address = "Germany",

note = "2nd International Workshop on Security, IWSEC 2007 ; Conference date: 29-10-2007 Through 31-10-2007",

}

TY - GEN

T1 - Enforcement of integrated security policy in trusted operating systems

AU - Kim, Hyung Chan

AU - Ramakrishna, R. S.

AU - Shin, Wook

AU - Sakurai, Kouichi

PY - 2007

Y1 - 2007

N2 - The main focus of Trusted Operating System (TOS) research these days is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. It is desirable, therefore, to enforce an integrated security policy that includes both behavioral security and access control policies. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which is also of concern in security enforcement. This paper presents the design of the extended reference monitor for integrated policy enforcement and describes its implementation in Linux operating systems.

AB - The main focus of Trusted Operating System (TOS) research these days is on the enhanced access control of reference monitors which, in turn, control the individual operations on a given access instance. However, many real-life runtime attacks involve behavioral semantics. It is desirable, therefore, to enforce an integrated security policy that includes both behavioral security and access control policies. We have proposed an extended reference monitor to support both access and behavior controls. This results in a sequence of operations which is also of concern in security enforcement. This paper presents the design of the extended reference monitor for integrated policy enforcement and describes its implementation in Linux operating systems.

UR - http://www.scopus.com/inward/record.url?scp=38149127130&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=38149127130&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-75651-4_15

DO - 10.1007/978-3-540-75651-4_15

M3 - Conference contribution

AN - SCOPUS:38149127130

SN - 9783540756507

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 214

EP - 229

BT - Advances in Information and Computer Security - Second International Workshop on Security, IWSEC 2007, Proceedings

PB - Springer Verlag

T2 - 2nd International Workshop on Security, IWSEC 2007

Y2 - 29 October 2007 through 31 October 2007

ER -

Enforcement of integrated security policy in trusted operating systems

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this