Top

Published in:

2016 | OriginalPaper | Chapter

Defect Analysis and Risk Assessment of Mainstream File Access Control Policies

Authors : Li Luo, Hongjun He, Jiao Zhu

Published in: Security, Privacy, and Anonymity in Computation, Communication, and Storage

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Traditional research about file access control does not distinguish between user layer and application layer. This paper points out that file access control should include two layers, the first layer specifies file access rights the user has, and the second layer specifies file access rights of a program at current moment. Mainstream file access control policies can’t meet the second layer requirements, and this is the very reason why current computer systems failed to against file attacking. At the same time, this paper proposes a quantitative risk assessment method, which is used to evaluate the mainstream policies, and the results show that there is no essential difference between these policies in terms of risk.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter A Privacy Preserving Friend Discovery Strategy Using Proxy Re-encryption in Mobile Social Networks

next chapter A Comprehensive Survey of Privacy-Preserving in Smart Grid

NCSC-TG-003: A guide to understanding discretionary access control in trusted systems, National Computer Security Center, 30 September 1987

Bell, D.E., LaPadula, L.J.: Secure computer systems: a mathematical model. Technical report, ESD-TR-73-278, vol. 2, ESD/AFSC (1973)

Ferraiolo, D., Kuhn, R.: Role-based access control. In: Proceedings of 15th NIST–NCSC National Computer Security Conference, Baltimore, MD, pp. 554–563, October 1992

Saltzer, J.H.: Protection and the control of information sharing in multics. Comm. ACM 17(7), 388–402 (1974)CrossRef

Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975)CrossRef

DOD: Trusted Computer System Evaluation Criteria. DOD: DOD-5200.21-STD, December 1985

Sandhu, R.S., Samarati, P.: Access control: principles and practice. IEEE Comm. Mag. 32(9), 40–48 (1994)CrossRef

Denning, D.E.: A lattice model of secure information flow. Comm. ACM 19(5), 236–243 (1976)MathSciNetCrossRefMATH

Ferraiolo, D.F., Barkley, J.F., Kuhn, R.: A role-based access control model and reference implementation within a corporate intranet. ACM Trans. Inf. Syst. Secur. 2(1), 34–64 (1999)CrossRef

10.

Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)CrossRef

11.

Sandhu, R., Coynek, E.J.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)CrossRef

12.

Jha, S., Li, N., Tripunitara, M., Wang, Q., Winsborough, W.H.: Toward formal verification of role-based access control policies. IEEE Trans. Dependable Secure Comput. 5(4), 242–255 (2008)CrossRef

13.

Li, N., Tripunitara, M.V.: Security analysis in role-based access control. ACM Trans. Inf. Syst. Secur. 9(4), 391–420 (2006)CrossRef

14.

Wei, Q., Crampton, J., Holloway, R., Beznosov, K., Ripeanu, M.: Authorization recycling in hierarchical RBAC systems. ACM Trans. Inf. Syst. Secur. 14(1), 3–29 (2011)CrossRef

15.

Sun, Y., Wang, Q., Li, N., Bertino, E., Atallah, M.J.: On the complexity of authorization in RBAC under qualification and security constraints. IEEE Trans. Dependable Secure Comput. 8(6), 883–897 (2011)CrossRef

16.

Shan, Z., Wang, X., Chiueh, T.: Enforcing mandatory access control in commodity OS to disable malware. IEEE Trans. Dependable Secure Comput. 9(4), 541–555 (2012)CrossRef

Title: Defect Analysis and Risk Assessment of Mainstream File Access Control Policies
Authors: Li Luo
Hongjun He
Jiao Zhu
Publisher: Springer International Publishing
Book: Security, Privacy, and Anonymity in Computation, Communication, and Storage
Print ISBN: 978-3-319-49147-9

Electronic ISBN: 978-3-319-49148-6

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-3-319-49148-6_18

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner