- In this thesis, we present a mandatory access control system that uses input from multiple stakeholders to compose policies based on runtime information. In the emerging open cell phone system environment, many devices run software whose access permissions depends on multiple stakeholders, such as the device owner, the service provider, the application owner, etc. However, current access control ad- ministration remains as either mandatory, requiring a single system administrator to know every possible permission, or discretionary, allowing possibly compromised processes to administer permissions. A key problem is that the system should limit arbitrary programs while allowing reasonable functionality. However, conflicting permissions and permission dependencies may lead to an attack, such as allowing voice-over-IP calls. In our approach, we use a "soft" sandboxing mechanism to first contain such processes, request the stakeholder to authorize operations outside the sandbox that are not prohibited by policy, and maintain a runtime execution role for the process to identify its access state to the stakeholders. Our framework was implemented by modifying the SELinux module and using a remote proxy policy server. We incur a 0.288 microsecond performance overhead only when stakeholders need to be consulted, and new permissions are cached.
- Dissertation Note:
- M.S. Pennsylvania State University 2009.
- Mode of access: World Wide Web.
Thesis advisor: Trent Jaeger.
- Reproduction Note:
- Library holds archival microfiches negative and service copy. 2 fiches. (Micrographics International, 2009)
- Technical Details:
- The full text of the dissertation is available as a Adobe Acrobat .pdf file ; Adobe Acrobat Reader required to view the file.
View MARC record | catkey: 6139703