Reactive approaches for ensuring security, like signature based scanning and behavior monitoring, have been around for quite some time. However they have failed to provide assurances about overall system integrity, and can easily be defeated by sophisticated techniques like code obfuscation and encryption. Another class of attacks includes those that occur in multiple steps (often referred to as multi-step attacks). Information flow based approaches provide a basis for mediating and tracking dependencies between system entities, and can thus prove to be helpful in overcoming these shortcomings. However, success in applying information flow based techniques to modern COTS operating systems has been limited, since a strict application of information flow policy can break existing applications and OS services. One common case of poor usability is when an application is denied write access to a high integrity file in the middle of the write-operation as a result of reading from a low integrity file.
Our framework attempts to address this issue of loss in usability by maintaining integrity constraints for each subject (process) and object (files, sockets, IPC channels etc.) in the system, and permitting or denying access requests by ensuring that no invariant is violated. To achieve this, our approach maintains a per-process list of objects being accessed. For each new read-open request made by an application, our policy enforcer propagates integrity constraints from the objects in the application’s list to the new object that the application wishes to open. The success or failure of the request then depends on the new object’s ability to honor these constraints. This strategy restricts service denials to early failures, which the applications handle far more gracefully than read or write denials. To provide completeness to the solution, our framework enforces policies for all different types of objects (files, links, pipes, sockets, devices, IPC channels). The implementation of our framework utilizes Linux Security Module (LSM) hooks. A considerable portion of our work also deals with understanding and documenting the flow of the Linux kernel code involved in the LSM framework and mapping the abstract operations of our framework to the appropriate LSM hooks.
Some files may require a special program or browser plug-in. More Information
|Commitee:||Johnson, Robert, Stoller, Scott|
|School:||State University of New York at Stony Brook|
|School Location:||United States -- New York|
|Source:||MAI 48/06M, Masters Abstracts International|
|Keywords:||Information-flow, Integrity constraints, Kernel, LSM, Preservation|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be