Dynamic mandatory access control for multiple stakeholders

Vikhyath Rao, Trent Jaeger
2009 Proceedings of the 14th ACM symposium on Access control models and technologies - SACMAT '09  
In this thesis, we present a mandatory access control system that uses input from multiple stakeholders to compose policies based on runtime information. In the emerging open cell phone system environment, many devices run software whose access permissions depends on multiple stakeholders, such as the device owner, the service provider, the application owner, etc. However, current access control administration remains as either mandatory, requiring a single system administrator to know every
more » ... sible permission, or discretionary, allowing possibly compromised processes to administer permissions. A key problem is that the system should limit arbitrary programs while allowing reasonable functionality. However, conflicting permissions and permission dependencies may lead to an attack, such as allowing voice-over-IP calls. In our approach, we use a "soft" sandboxing mechanism to first contain such processes, request the stakeholder to authorize operations outside the sandbox that are not prohibited by policy, and maintain a runtime execution role for the process to identify its access state to the stakeholders. Our framework was implemented by modifying the SELinux module and using a remote proxy policy server. We incur a 0.288 µs performance overhead only when stakeholders need to be consulted, and new permissions are cached. iii
doi:10.1145/1542207.1542217 dblp:conf/sacmat/RaoJ09 fatcat:2dbpvmyxvjfnrfssxfg7xbqelq