[6-26]How to make Discretionary Access Control ...
Date:2008-05-26
Title:How to make Discretionary Access Control Resistant to Trojan Horses?
Speaker:Ninghui Li (CERIS, Purdue University)
Time:3:30pm, June 26
Venue:Lecture room, Level 5 Building #5, ISCAS
Abstract:
Modern operating systems primarily use Discretionary Access Control (DAC) to protect files and other operating system resources. DAC mechanisms are more user-friendly than Mandatory Access Control (MAC) systems, but are vulnerable to trojan horse attacks and attacks exploiting buggy software. We show that it is possible to have the best of both worlds: DAC’s easy-to-use discretionary policy specification and MAC’s defense against trojan horses and buggy programs. This is made possible by a key new insight that DAC has this weakness not because it uses the discretionary principle, but because existing DAC enforcement mechanisms assume that a single principal is responsible for any request, whereas in reality a request may be influenced by multiple principals; thus these mechanisms cannot correctly identify the true origin(s) of a request and fall prey to trojan horses. We propose to solve this problem by combining DAC’s policy specification with new enforcement techniques that use ideas from MAC’s information flow tracking.
Our model, called Information Flow Enhanced Discretionary Access Control (IFEDAC), is the first DAC model that can defend against trojan horses and attacks exploiting buggy software. IFEDAC significantly strengthens end host security, while preserving to a large degree DAC’s ease of use. In this talk, we present the IFEDAC model, analyze its security properties, and
discuss our design and implementation for Linux.
About Professor Ninghui Li:
Prof. Li has worked extensively on trust management and automated trust negotiation, which are approaches to access control in decentralized, open, and distributed systems. In his Ph.D. thesis work, he designed and implemented Delegation Logic, a logic-based language for distributed authorization. While at Stanford, he has designed, together with Professors John Mitchell and Dr. Will Winsborough, the RT Role-based Trust-management framework, efficient goal-directed algorithms to do distributed credential chain discovery, logic-based semantic foundations for security policy languages, and algorithms and computational complexity characterization for analyzing properties of security policies such as safety and availability.
Professor Li’s recent research focuses on role-based access control, online privacy protection, access control policy specification and analysis, and operating system access control. He has graduated 2 Ph.D. students and are currently supervising 6 Ph.D. students. His research is currently supportted by 3 NSF projects and a project funded by IBM. In 2005, he was awarded the NSF CAREER award for proposed work on "Access Control Policy Verification Through Security Analysis And Insider Threat Assessment".
Professor Li received a Ph.D. in Computer Science from New York University in September 2000. Before joining Purdue, he was a research associate at Computer Science Department, Stanford University. He has served on the Program Committees of more than two dozen conferences and workshops in information security, including the IEEE Symposium on Security and Privacy, ACM Conference on Computer and Communications Security (CCS), the ISOC Network and Distributed System Security Symposium (NDSS), Internation Conference on Data Engineering, ACM Symposium on Access Control Models and Technologies (SACMAT), and IEEE Computer Security Foundations Workshop(CSFW).