With PQDT Open, you can read the full text of open access dissertations and theses free of charge.
About PQDT Open
Search
In operating system access control, there is a traditional divide between discretionary access control (DAC), on one side, and mandatory access control (MAC), on the other side. Compositions of MAC and DAC have been modeled and implemented as operating system access control mechanisms. With composition, two access control decisions (one for DAC and one for MAC) have to concur for an access request to be allowed. DAC is typically supported by coarse grained mechanisms, and it vulnerable to Trojan horse attacks, two limitations that are addressed by MAC. MAC mechanisms are therefore of interest to security-conscious users and application developers that want to confine applications they use or develop. MAC mechanisms, however, can only be configured by administrative users and as such can not be used by regular users. This dissertation explores how MAC mechanisms can be made available to regular users of an operating system. Our approach consists in extending the Type Enforcement MAC model with an administrative model. We call this approach accommodative mandatory access control.
Advisor: | Vitek, Jan, Eugster, Patrick |
Commitee: | Li, Ninghui, Spafford, Eugene |
School: | Purdue University |
Department: | Computer Sciences |
School Location: | United States -- Indiana |
Source: | DAI-B 73/09(E), Dissertation Abstracts International |
Source Type: | DISSERTATION |
Subjects: | Computer science |
Keywords: | Access control, Administrative model, Role based access control, Selinux, Type enforcement |
Publication Number: | 3506071 |
ISBN: | 978-1-267-31169-6 |