24,415 Hits in 8.2 sec

A control point for reducing root abuse of file-system privileges

Glenn Wurster, Paul C. van Oorschot
2010 Proceedings of the 17th ACM conference on Computer and communications security - CCS '10  
Our architecture exposes a control point available for use to enforce policies that prevent one application from modifying another's file-system objects.  ...  We explore the division of root's current ability to change arbitrary files on disk and discuss a prototype that proves out the viability of the approach for designated system-wide file-system objects.  ...  The second author acknowledges NSERC for an NSERC Discovery Grant and his Canada Research Chair in Internet Authentication and Computer Security.  ... 
doi:10.1145/1866307.1866333 dblp:conf/ccs/WursterO10 fatcat:4jzhkzfuprhrbkk7ngrpk6evdm

Distributed security storage model for large-scale data

Ming Zhang, Wei Chen, Yunpeng Cao
2017 Journal of Mathematics and Computer Science  
However, the users can not control the data access rules. So the transparent security management of Large-scale data in distributed networks is a challenge.  ...  This system allows the users manage their data and provides confidentiality protection, integrity protection, and access permission control.  ...  However, in 2010 data leak investigation report, Verizon pointed out that 49% of data leakage is caused by internal staff and privilege abuse accounted for a large part of data leakage, 48% of data leakage  ... 
doi:10.22436/jmcs.017.04.05 fatcat:2p4kgu4larg3fborijtn4zgxba

Making Secure Software Insecure without Changing Its Code: The Possibilities and Impacts of Attacks on the DevOps Pipeline [article]

Nicholas Pecka and Lotfi ben Othmane and Altaz Valani
2022 arXiv   pre-print
Then, we developed four attack scenarios against the case study environment: maliciously abusing the user's privilege of deploying containers within the K8s cluster, abusing the Jenkins instance to modify  ...  account with create, read, update, and delete (CRUD) privileges to root privileges.  ...  Abiding by the principle of least privilege and ensure lower level accounts do not have any type of admin or root access will assist in reducing the potential attack landscape and allow the security organization  ... 
arXiv:2201.12879v1 fatcat:sawbcztgvbe35gix66k3rqnsne

Idea: Usable Platforms for Secure Programming – Mining Unix for Insight and Guidelines [chapter]

Sven Türpe
2016 Lecture Notes in Computer Science  
Unix with its setuid mechanism lets us study usable security issues of programming platforms. Setuid allows certain programs to run with higher privileges than the user or process controlling them.  ...  Operating across a privilege boundary entails security obligations for the program. Obligations are known and documented, yet developers often fail to fulfill them.  ...  -Some programs need to make privileged system calls but should nevertheless be started and controlled by a regular user. The standard ports for HTTP (80) and HTTPS (443), for example, are privileged.  ... 
doi:10.1007/978-3-319-30806-7_13 fatcat:mzmplpk57rgvzglz3z4agua4eu

An Android Security Extension to Protect Personal Information against Illegal Accesses and Privilege Escalation Attacks

Yeongung Park, Chanhee Lee, Jonghwa Kim, Seong-je Cho, Jongmoo Choi
2012 Journal of Internet Services and Information Security  
An attack of obtaining root-level privilege in an Android environment can form a serious threat to users from the viewpoint of breaking down the whole security system.  ...  Our proposed scheme can detect and respond to malware that illegally acquires rootlevel privilege using pWhitelist, a list of trusted programs with root-level permission.  ...  In Android, if a process obtains root privilege, the process has full access to the file system (we refer to it as privileged).  ... 
doi:10.22667/jisis.2012.11.31.029 dblp:journals/jisis/ParkLKCC12 fatcat:7ssx3cdnpbcwjb2wdnz73ledlu

TripleMon: A multi-layer security framework for mediating inter-process communication on Android

Yiming Jing, Gail-Joon Ahn, Hongxin Hu, Haehyun Cho, Ziming Zhao
2016 Journal of Computer Security  
Android, as one the most popular smartphone operating systems, provides two core security mechanisms, application sandboxing and a permission system.  ...  In this paper, we argue for the need of designing and implementing more comprehensive security mechanisms for Android.  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not reflect the views of the funding agencies.  ... 
doi:10.3233/jcs-160552 fatcat:3fyq4wdh4nfzhfuqy657ph7txe

Using Secure Coprocessors to Protect Access to Enterprise Networks [chapter]

Haidong Xia, Jayashree Kanchana, José Carlos Brustoloni
2005 Lecture Notes in Computer Science  
In Sections 4.1 and 4.2, we propose TCB prelogging and security association root tripping for guaranteeing such consistency. Third, use of a TPM must not harm host safety.  ...  Most OSs define privileged users (e.g., root) with authority to modify the OS or its configuration at any time.  ...  Abusive applications then cannot encrypt and bind to themselves file contents, as necessary for software lock-in.  ... 
doi:10.1007/11422778_13 fatcat:fgjvi3nnmfhgvcejdxmypvlccy

Trojan horse resistant discretionary access control

Ziqing Mao, Ninghui Li, Hong Chen, Xuxian Jiang
2009 Proceedings of the 14th ACM symposium on Access control models and technologies - SACMAT '09  
Modern operating systems primarily use Discretionary Access Control (DAC) to protect files and other operating system resources.  ...  responsible for any request, whereas in reality a request may be influenced by multiple principals; thus these mechanisms cannot correctly identify the true origin(s) of a request and fall prey to trojan  ...  b All write exceptions keep the integrity level of the written files. Table 3 : 3 A sample policy of exception privileges for setuid-root program in Fedora 5.  ... 
doi:10.1145/1542207.1542244 dblp:conf/sacmat/MaoLCJ09 fatcat:ak3xj64u45ftpbn7ici6swqa4m

Practical Attacks on Security and Privacy Through a Low-Cost Android Device

Greig Paul, James Irvine
2016 Journal of Cyber Security and Mobility  
This paper highlights the practical risks of one such low-cost computing device, highlighting the ease with which a very recent (manufactured September 2015) Android-based internet tablet, designed for  ...  Nonetheless, it is important to consider the diverse use-cases for smartphones and tablets today, particularly where a user may only have access to a single connected device.  ...  In line with other Unix-based systems, root access is the highest level of privilege available to code running under the kernel.  ... 
doi:10.13052/jcsm2245-1439.422 fatcat:bcmzwlus4rat7pnwf7qkbz4aq4

Sandboxing in Linux: From Smartphone to Cloud

Imamjafar Borate, R. K.
2016 International Journal of Computer Applications  
It provides access to a tightly controlled set of resources for programs, such as memory, scratch space on the disk, network access, and input devices.  ...  A sandbox is a tightly controlled environment where programs run.  ...  It is a set of file system mount points visible to processes associated with that namespace.  ... 
doi:10.5120/ijca2016911256 fatcat:k6ux25ijv5gcvelk43jfqsym5i

Anomaly Detection on Android System

Many applications like E-commerce, Social media and games get access of user's permission to use some privileges.  ...  This malicious behavior extracts personal information like user's contact and files by using the permission access policy of particular app. This data theft may happen without the knowledge of user.  ...  The initial one is the sandbox authorization, which controls access rights that ad libraries may abuse. This sandbox is meant to control ads' privacy-related operations.  ... 
doi:10.35940/ijitee.a4951.119119 fatcat:wodnfsaxbjctrcnwgur67ofgki

Efficient Protection of Android Applications through User Authentication Using Peripheral Devices

Jinseong Kim, Im Jung
2018 Sustainability  
The proposed scheme is practical and efficient in terms of resource usage; therefore, it will be useful for Android users to improve Android application security.  ...  However, by manipulating these physical device values, an attacker can circumvent the authentication by executing a Same Identifier Attack and obtain the same application privileges as the user.  ...  Hacking Android applications using backup techniques [12] is a method for restoring the XML values of a specific application and analyzing the backup data using Android's ADB without acquiring root privileges  ... 
doi:10.3390/su10041290 fatcat:xgbepfvtkzhpfomlxhs3tobntm

A decade of OS access-control extensibility

Robert N. M. Watson
2013 Communications of the ACM  
a Decade of oS access-control extensibility movement from multiuser computing toward single-user devices with complex application models.  ...  requirements, and finally reflects on the continuing evolution of operating-system security. to DisCUss oPeratiNg-sYsteM security is to marvel at the diversity of deployed access-control models: Unix and  ...  critical, first to prevent bricking (reducing a device to a mere brick as a result of malfunction or abuse) and later to constrain malware.  ... 
doi:10.1145/2408776.2408792 fatcat:bifeu3atibdb7gzq3jjzcz7cre

Usable Mandatory Integrity Protection for Operating Systems

Ninghui Li, Ziqing Mao, Hong Chen
2007 2007 IEEE Symposium on Security and Privacy (SP '07)  
Existing mandatory access control systems for operating systems are difficult to use.  ...  Furthermore, it leverages information in the existing discretionary access control mechanism to derive file labels for mandatory integrity protection.  ...  We thank Xuxian Jiang for helpful discussions and suggestions on approaches to evaluate the UMIP implementation under Linux. We also thank the anonymous reviewers and shepherd of our paper  ... 
doi:10.1109/sp.2007.37 dblp:conf/sp/LiMC07 fatcat:pek3wy63zba4zlotpxe6iyu6eq

End-to-end Security in Telemedical Networks – A Practical Guideline

Florian Wozak, Thomas Schabetsberger, Elske Ammmenwerth
2007 International Journal of Medical Informatics  
Abuse case models can be constructed for each part mentioned above, allowing for potential security risks in communication from point of origin to point of destination to be identified and counteractive  ...  The aim of our work was to develop a model-based approach towards end-to-end security which is defined as continuous security from point of origin to point of destination in a communication process.  ...  Privilege range User or service privileges that have access permissions for medical data of interest as a minimum requirement Administrative or root permissions on compromised systems for arbitrary  ... 
doi:10.1016/j.ijmedinf.2006.09.020 pmid:17097916 fatcat:vmd46vku7vflxeeey2bo7pmxg4
« Previous Showing results 1 — 15 out of 24,415 results