Dissertation/Thesis Abstract

Accommodative mandatory access control
by Thomas, Jacques D., Ph.D., Purdue University, 2011, 236; 3506071
Abstract (Summary)

In operating system access control, there is a traditional divide between discretionary access control (DAC), on one side, and mandatory access control (MAC), on the other side. Compositions of MAC and DAC have been modeled and implemented as operating system access control mechanisms. With composition, two access control decisions (one for DAC and one for MAC) have to concur for an access request to be allowed. DAC is typically supported by coarse grained mechanisms, and it vulnerable to Trojan horse attacks, two limitations that are addressed by MAC. MAC mechanisms are therefore of interest to security-conscious users and application developers that want to confine applications they use or develop. MAC mechanisms, however, can only be configured by administrative users and as such can not be used by regular users. This dissertation explores how MAC mechanisms can be made available to regular users of an operating system. Our approach consists in extending the Type Enforcement MAC model with an administrative model. We call this approach accommodative mandatory access control.

Indexing (document details)
Advisor: Vitek, Jan, Eugster, Patrick
Commitee: Li, Ninghui, Spafford, Eugene
School: Purdue University
Department: Computer Sciences
School Location: United States -- Indiana
Source: DAI-B 73/09(E), Dissertation Abstracts International
Subjects: Computer science
Keywords: Access control, Administrative model, Role based access control, Selinux, Type enforcement
Publication Number: 3506071
ISBN: 978-1-267-31169-6
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy